[Oisf-users] OT: Sending unencrypted traffic with sslsplit to suricata
C.L. Martinez
carlopmart at gmail.com
Mon May 11 08:14:39 UTC 2015
On 05/06/2015 07:12 AM, C.L. Martinez wrote:
> Hi all,
>
> I have installed sslplit in my home firewall to intercept SSL/TLS
> connections and decrypt them.
>
> All is working really well without issues but I am thinking to
> redirect this unencrypted traffic to a suricata host to inspect it.
>
> Reading sslplit's man page it seems that is not possible:
>
> To actually implement an attack, you also need to redirect the traffic
> to the system running sslsplit. Your options include running sslsplit
> on a legitimate router, ARP spoofing, ND spoofing, DNS poisoning,
> deploying a rogue access point (e.g. using hostap mode), physical
> recabling, malicious VLAN reconfiguration or route injection, /etc/hosts
> modification and so on. SSLsplit does not implement the actual traffic
> redirection.
>
> Any ideas how can I accomplish this? Maybe using some type of firewall
> rule??
>
> Thanks.
Please, any tip??
Thanks.
More information about the Oisf-users
mailing list