[Bro-Dev] HTTPS Analyzer
Dopheide, Jeannette M
jdopheid at illinois.edu
Fri Jun 5 12:41:54 PDT 2015
Hello NB. This email alias is for tracking development tickets.
Your odds of receiving help are much better if you join our mailing list:
http://mailman.icsi.berkeley.edu/mailman/listinfo/bro
Thanks,
Jeannette
------
Jeannette Dopheide
Bro Outreach Coordinator
National Center for Supercomputing Applications
University of Illinois at Urbana-Champaign
From: N B <nb.nospam at gmail.com<mailto:nb.nospam at gmail.com>>
Date: Friday, June 5, 2015 at 2:16 AM
To: "bro-dev at bro.org<mailto:bro-dev at bro.org>" <bro-dev at bro.org<mailto:bro-dev at bro.org>>
Subject: [Bro-Dev] HTTPS Analyzer
Hello,
I am quite new to Bro and need some help. I did go through some of the documentation and some source code but still not clear whether its possible to achieve what we are trying to do.
In a nutshell, we are trying to write an HTTPS analyzer for on the fly decryption of the SSL stream and then feed it to the built in HTTP Analyzer. We will use a crypto library + server keys to achieve the decryption. Is it possible at all do this in Bro?
The high level idea is to derive the HTTPS_Analyzer from the current HTTP_Analyzer, feed the stream from TCP_Analyzer into the HTTPS_Analyzer and utilize the HTTP_Analyzer calls for the remainder of the functionality.
Thanks for your help,
NB
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.icsi.berkeley.edu/pipermail/bro-dev/attachments/20150605/ac22f7ad/attachment.html
More information about the bro-dev
mailing list