[Oisf-users] ssl mitm decrypt without a proxy?

erik clark philosnef at gmail.com
Fri Apr 17 11:31:28 UTC 2020


I have the keys associated with ssl traffic in a feed from a tap. I want
suricata to inspect the ssl traffic obviously, but the only solutions I can
find involve wrapping a proxy like squid in the middle, forwarding the
decrypted traffic on, and capturing that interface.

How can I rewrap/decrypt the traffic straight from the pipe, and dump it
into something like a dummy interface so that it can be analyzed properly?

THanks!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20200417/3f887c57/attachment.html>


More information about the Oisf-users mailing list