[Bro] Capturing the SSL cert via HTTP Connect Method
John B. Althouse III
sudo.darkstar at gmail.com
Tue Oct 6 08:21:23 PDT 2015
Thanks Johanna! That's exactly what I was looking for. Any idea when this
will make it into the master repo?
On Mon, Oct 5, 2015 at 6:37 PM, Johanna Amann <johanna at icir.org> wrote:
> This actually is usually already supported in Bro. If I am not mistaken,
> the reason why this does not work in this case is the proxy-agent header
> in the response from the HTTP server.
> https://bro-tracker.atlassian.net/browse/BIT-1487 has the details and a
> patch that might fix your problem.
> I hope this helps,
> On Mon, Oct 05, 2015 at 05:59:55PM -0400, John B. Althouse III wrote:
> > Has anyone come up with a way to get Bro to capture the SSL cert details
> > when it's over a HTTP Connect tunnel? Attached is a sample PCAP.
> > Thanks!
> > _______________________________________________
> > Bro mailing list
> > bro at bro-ids.org
> > http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Bro