Liam, Looks like just what I have been looking for, thanks a million! but it will be limited to HTTPS traffic "I guess?",... no POP3s or IMAPS.
I managed yesterday to do a workaround that handled everything SSL: using SSLSplit "http://mirror.roe.ch/rel/sslsplit/sslsplit-latest.1.txt"; and iptables. After running it for few hours it works fine, will do testing for a couple of days before pushing to production. Thanks again. Sherif Eldeeb. On Thu, Jun 7, 2012 at 5:28 AM, Liam Randall <[email protected]> wrote: > squid SSl-bump might do the trick for you. > > http://wiki.squid-cache.org/Features/SslBump > > Liam Randall > > -----Original Message----- > From: [email protected] > [mailto:[email protected]] On Behalf Of Sherif > El-Deeb > Sent: Monday, June 04, 2012 12:50 AM > To: PaulDotCom Security Weekly Mailing List > Subject: [Pauldotcom] Inspecting SSL traffic for free "A.K.A IDS/IPS on > SSLconnections" > > - I would like to inspect traffic for SSL(TLS?) connections, I already > pushed our own root CA to all machines' trusted Root certificates and no > warnings shows up when a certificate that is signed by it gets served. > > - The feature I am looking for is like "Burp's invisible proxy + > generate CA-signed per-host certificates" where a certificate is > generated on the fly for each host using a pre-defined pre-trusted root > CA while being able to inspect the payload "No, ettercap is not > production friendly and it does not allow HTTPS interception in bridge > sniffing, cain is no better". > > - I know that wireshark decrypts SSL traffic when you provide it with > the private key, the tricky part is the > "on-the-fly-per-host-certificate-generation". > > - That particular subnet's gateway is a linux machine with two NICs, > simple iptable nat, 30 computers... > > - I am aware of few commercial products that does this, but I will > appreciate telling me how to do it for free. > > Thanks in advance. > Sherif Eldeeb. > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
