[Bro] Capturing the SSL cert via HTTP Connect Method
johanna at icir.org
Mon Oct 5 15:37:37 PDT 2015
This actually is usually already supported in Bro. If I am not mistaken,
the reason why this does not work in this case is the proxy-agent header
in the response from the HTTP server.
https://bro-tracker.atlassian.net/browse/BIT-1487 has the details and a
patch that might fix your problem.
I hope this helps,
On Mon, Oct 05, 2015 at 05:59:55PM -0400, John B. Althouse III wrote:
> Has anyone come up with a way to get Bro to capture the SSL cert details
> when it's over a HTTP Connect tunnel? Attached is a sample PCAP.
> Bro mailing list
> bro at bro-ids.org
More information about the Bro