Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Questions regarding proxy/logging #10

Open
swiftbird07 opened this issue May 17, 2021 · 1 comment
Open

Questions regarding proxy/logging #10

swiftbird07 opened this issue May 17, 2021 · 1 comment

Comments

@swiftbird07
Copy link

Hello, I really like your project, especially the TLS decryption feature, but I have questions:

  1. As I understand it, it is possible to inspect decrypted TLS traffic with suricata/snort with all the rules etc. right?

1.2) is there a feature for remote logging (especially the eve.json)?

  1. Is it possible to just use SSLproxy to decrypt the traffic and mirroring the decrypted traffic to a Suricata server? In my case I just want to have an internet proxy (MyDevices <-> SSL Proxy <-> Internet) to monitor for malicious traffic and not block anything or something like that.
@sonertari
Copy link
Owner

I have developed the SSLproxy preprocessor for Snort, so that UTMFW uses Snort in active inline mode. This is not possible with Suricata yet, but there is a feature request to add SSLproxy support to Suricata.

SSLproxy can mirror decrypted traffic to a network interface, see the MirrorIf/MirrorTarget (-I/-T) options. See the man page for details. If you want to feed the decrypted traffic to a passive IDS, you can use those same options, but if that's all you need, perhaps you want to use the SSLsplit project instead (SSLsplit supports the same options).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sonertari @swiftbird07