Re: [ISSForum] Sniffing https traffic ?

Thu, 27 May 2004 10:51:40 -0700 

Yes, It is possible to sniff SSL/TLS traffic if you have your own CA and
have ability to install its certificates to clients browser. This attack is
known as "Man-In-The-Middle" (MITM) which enable you to intercept data
within the SSL tunnel.
But, as I know (please, correct me if I am mistaken), RNE isn't able to
capture SSL traffic even if target server's sertificate is on RNE machine.

Thanks.
---
Best regards, Sergey V. Soldatov.
tel/fax +7 095 745 89 50 (2663)


                                                                                       
                             
              Miguel Angel Garcia Rivas                                                
                             
              <[EMAIL PROTECTED]>           To:       [EMAIL PROTECTED]                
                           
              Sent by:                         cc:                                     
                             
              [EMAIL PROTECTED]         Subject:  [ISSForum] Sniffing https traffic ?  
                      
                                                                                       
                             
                                                                                       
                             
              26.05.2004 14:56                                                         
                             
                                                                                       
                             
                                                                                       
                             




Hello all.

Is there any way to analyze HTTPs traffic with a network sensor ?
I told to my enterprise engineers that it isnt possible, but they insist
that could be possible moving the PrivateKey from our webserver
certificate to our Network sensor machine.
I was looking for any way to do that, but im still thinking about it isnt
possible....

I know that there isnt any option in ISS realsecure Site Protector to
import certificates to decrypt https traffic.
Is there anyone who know something about this ?? am i wrong and is
possible to sniffing https traffic ??

Thanks in advance.


Un Saludo / Best Regards.

-------------------------------------------------
Miguel Angel Garc�a Rivas
[EMAIL PROTECTED]
Network Security Specialist
Phone:     91 397 9793
Mobile:    +34.609670443
-------------------------------------------------
_______________________________________________
ISSForum mailing list
[EMAIL PROTECTED]

TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to
https://atla-mm1.iss.net/mailman/listinfo/issforum

To contact the ISSForum Moderator, send email to [EMAIL PROTECTED]

The ISSForum mailing list is hosted and managed by Internet Security
Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.






_______________________________________________
ISSForum mailing list
[EMAIL PROTECTED]

TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to 
https://atla-mm1.iss.net/mailman/listinfo/issforum

To contact the ISSForum Moderator, send email to [EMAIL PROTECTED]

The ISSForum mailing list is hosted and managed by Internet Security Systems, 6303 
Barfield Road, Atlanta, Georgia, USA 30328.

Reply via email to