[squid-users] Dumping sslbump'd decrytped http using icap protocol
Amos Jeffries
squid3 at treenet.co.nz
Mon May 25 06:34:19 UTC 2020
On 25/05/20 12:56 am, Scott wrote:
> Hi,
>
> Can someone recommend an ICAP application that will allow me to dump the HTTP
> of a client-server conversation?
>
> I am doing some forensics on an app - I have sslbump configured correctly and
> I can get the traffic to c-icap (for example).
>
> I'd like to dump this to a text file.
>
> Is there a dump option for c-icap? I couldn't find one.
>
FYI; this action is illegal in a lot of places. Even answering your
question can be quite risky.
To perform traffic forensics you can use the Squid cache.log directly
and not involve any insecure third-party software or communication
dumps. See <https://wiki.squid-cache.org/KnowledgeBase/DebugSections>
for more details.
"debug_Options 11,2" is probably all you need.
Amos
More information about the squid-users
mailing list