[squid-users] Copying SSL decrypted traffic to virtual interface
Alex Rousskov
rousskov at measurement-factory.com
Fri May 25 20:57:46 UTC 2018
On 05/25/2018 12:47 PM, Hugo Saavedra wrote:
> is there any chance to make a copy of the actual decrypted traffic,
> and send it to a kind of virtual ethernet interface?, I want to
> analyze this traffic with other tools like BRO IDS or Suricata.
Yes, this can be (and has been) done using ICAP or eCAP services. Those
services receive decrypted traffic and can emulate a rough equivalent of
the original HTTP traffic (without the encryption), directing that
traffic at the external analysis tools. For those external tools, the
traffic will look like ordinary plain HTTP.
Alex.
More information about the squid-users
mailing list