[Bro] HTTPS Analyzer

N B nb.nospam at gmail.com
Fri Jun 5 14:53:28 PDT 2015


I am quite new to Bro and need some help. I did go through some of the
documentation and some source code but still not clear whether its possible
to achieve what we are trying to do.

In a nutshell, we are trying to write an HTTPS analyzer for on the fly
decryption of the SSL stream and then feed it to the built in HTTP
Analyzer. We will use a crypto library + server keys to achieve the
decryption. Is it possible at all do this in Bro?

The high level idea is to derive the HTTPS_Analyzer from the current
HTTP_Analyzer, feed the stream from TCP_Analyzer into the HTTPS_Analyzer
and utilize the HTTP_Analyzer calls for the remainder of the functionality.

Thanks for your help,
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20150605/11f2f60f/attachment.html 

More information about the Bro mailing list