[Zeek] Decryption of HTTP traffic
Jonah Burgess
jburgess03 at qub.ac.uk
Wed Aug 28 14:22:14 PDT 2019
Hi,
When feeding PCAPs to Zeek, is there any functionality to decrypt HTTPS traffic?
I see that the SSL log contains “a record of SSL sessions, including certificates being used” - can these certificates be used to decrypt PCAPs before Zeek processes them to ensure HTTP logs are correctly populated?
Thanks,
Jonah
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/zeek/attachments/20190828/16090a61/attachment.html
More information about the Zeek
mailing list