[Oisf-users] Suricata SSL decryption
F.Tremblay
fcourrier at gmail.com
Mon Nov 5 02:38:42 UTC 2018
Nothing personal Coop, just seems odd when plp talks about *vendors *in an
open source project.
Like saying go to Bluecoat in a squid forum.
Michal is right, the way to do it is to send Suricata decrypted traffic.
Look at the work of Sonertari with SSLproxy, also MiTMproxy and python.
https://github.com/sonertari/SSLproxy
And if you are anywhere between NYC and Toronto, Ill set you up with an
open souce solution to inspect encrypted traffic.
No black box.
Cheers.
F.
On Thu, Nov 1, 2018 at 3:53 PM Cooper F. Nelson <cnelson at ucsd.edu> wrote:
> Not currently.
>
> Some vendors are starting to sell switched taps that have this
> functionality, however.
>
> -Coop
>
> On 11/1/2018 12:50 PM, Jordon Carpenter wrote:
>
> Is suricata able to fully decrypt SSL if it has the appropriate keys?
>
>
> *Thanks, Jordon Carpenter*
> Rook Security <https://www.rooksecurity.com/>
> *Anticipate, Manage, & Eliminate Threats*
>
> O: 888.712.9531 x734 <%28888%29%20712-9531>
> E: jordon.carpenter at rooksecurity.com
>
> [image: rookteam] <https://www.facebook.com/rookteam> [image:
> rooksecurity] <https://twitter.com/rooksecurity> [image: Rook LinkedIn]
> <https://www.linkedin.com/company/rook-security>
>
>
> This e-mail may contain confidential and privileged material for the sole
> use of the intended recipient. Any review, use, distribution or disclosure
> by others is strictly prohibited. If you are not the intended recipient (or
> authorized to receive for the recipient), please contact the sender by
> reply e-mail and delete all copies of this message.
>
>
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>
> Conference: https://suricon.net
> Trainings: https://suricata-ids.org/training/
>
>
> --
> Cooper Nelson
> Network Security Analyst
> UCSD ITS Security Teamcnelson at ucsd.edu x41042
>
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>
> Conference: https://suricon.net
> Trainings: https://suricata-ids.org/training/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20181104/aac58fee/attachment.html>
More information about the Oisf-users
mailing list