Re: [squid-users] Capturing HTTPS traffic

From: Henrik Nordström <henrik_at_henriknordstrom.net>
Date: Mon, 06 Feb 2012 00:03:11 +0100

sön 2012-02-05 klockan 14:12 -0500 skrev PS:

> Shouldn't I be able to decrypt the connection between the client and the squid server in order to see the traffic that is being sent to gmail?

Yes, if you are using ssl-bump, and you have access to the temp
certificate used by Squid.

But
a) ssldump do not handle AES encryption. There is patches to add AES,
but these have not made it into an official release yet, if there ever
will be an updated official release.
b) or a number of other more modern things such as DH exchanges

so you may need to restrict the list of supported ciphers a bit for
decryption to be possible,

You may have better luck trying the SSL decoder found in wireshark. But
it's not as easy to work with.

And remember that you can only decode
client<->squid_with_known_fake_cert traffic not squid<->server

Another option would be to use mitmproxy. It does the same SSL intercept
as Squid ssl-bump but for very different purposes. Which tool suits you
best depends on what it really is you want to accomplish.

Regards
Henrik
Received on Sun Feb 05 2012 - 23:03:52 MST

This archive was generated by hypermail 2.2.0 : Mon Feb 06 2012 - 12:00:01 MST