Luca Marchiori wrote: > Henrik Nordstrom wrote: >> So your real question is if it is possible to determine with the help of >> Squid if this employee is uploading confidential information to a third >> party web site.
> We already know the employee is uploading confidential information to the > internet. Then turn over your proof to local law enforcement, and let them deal with it - you don't need the username and password for this. >> Generally speaking, if the web site is https based then all you can see >> is the amount of traffic going in both directions > Already done! HTTPS. Traffic confirm our suspect. We need user/password Due to the design of SSL, Squid cannot see the contents of HTTPS traffic. This includes the URL, so it is not possible to get the username and password this way. >> In an ethical point of view stealing the users personal login details to >> this third party web site by analyzing his traffic is very dubious in my >> view, and probably illegal in many countries. > My customer knows all. He pays me for technical things and he will pay > lawers for them things. I would suggest YOU speak with an attorney to make sure you adequately protect yourself - it would be easy for your customer to simply say "I never asked him to do that" if this backfired on him. All your customer's money an lawyers won't do you any good if he decides to pin the blame on you to save himself. >>You surely should be able to make up better approaches in >>proving/disproving the claims of Internet connection abuse. > Already done with a HW keylogger (fantastic toy !). If you are using such a "fantastic toy", then you should already have the username and password - unless it's not quite so "fantastic". Adam
