[Bro] Capturing the SSL cert via HTTP Connect Method
John B. Althouse III
sudo.darkstar at gmail.com
Tue Oct 6 08:21:23 PDT 2015
Thanks Johanna! That's exactly what I was looking for. Any idea when this
will make it into the master repo?
On Mon, Oct 5, 2015 at 6:37 PM, Johanna Amann <johanna at icir.org> wrote:
> This actually is usually already supported in Bro. If I am not mistaken,
> the reason why this does not work in this case is the proxy-agent header
> in the response from the HTTP server.
>
> https://bro-tracker.atlassian.net/browse/BIT-1487 has the details and a
> patch that might fix your problem.
>
> I hope this helps,
> Johanna
>
> On Mon, Oct 05, 2015 at 05:59:55PM -0400, John B. Althouse III wrote:
> > Has anyone come up with a way to get Bro to capture the SSL cert details
> > when it's over a HTTP Connect tunnel? Attached is a sample PCAP.
> >
> > Thanks!
>
>
> > _______________________________________________
> > Bro mailing list
> > bro at bro-ids.org
> > http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20151006/fc05b74a/attachment.html
More information about the Bro
mailing list