[squid-users] Dumping sslbump'd decrytped http using icap protocol

Amos Jeffries squid3 at treenet.co.nz
Mon May 25 06:34:19 UTC 2020


On 25/05/20 12:56 am, Scott wrote:
> Hi,
> 
> Can someone recommend an ICAP application that will allow me to dump the HTTP 
> of a client-server conversation?
> 
> I am doing some forensics on an app - I have sslbump configured correctly and 
> I can get the traffic to c-icap (for example).
> 
> I'd like to dump this to a text file.
> 
> Is there a dump option for c-icap?  I couldn't find one.
> 

FYI; this action is illegal in a lot of places. Even answering your
question can be quite risky.


To perform traffic forensics you can use the Squid cache.log directly
and not involve any insecure third-party software or communication
dumps. See <https://wiki.squid-cache.org/KnowledgeBase/DebugSections>
for more details.

"debug_Options 11,2" is probably all you need.


Amos


More information about the squid-users mailing list