[Zeek] Decryption of HTTP traffic

Vlad Grigorescu vlad at es.net
Wed Aug 28 14:28:02 PDT 2019


No.

On Wed, Aug 28, 2019 at 9:25 PM Jonah Burgess <jburgess03 at qub.ac.uk> wrote:

> Hi,
>
>
>
> When feeding PCAPs to Zeek, is there any functionality to decrypt HTTPS
> traffic?
>
>
>
> I see that the SSL log contains “a record of SSL sessions, including
> certificates being used” -  can these certificates be used to decrypt PCAPs
> before Zeek processes them to ensure HTTP logs are correctly populated?
>
>
>
> Thanks,
>
> Jonah
> _______________________________________________
> Zeek mailing list
> zeek at zeek.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/zeek
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/zeek/attachments/20190828/f9a4736c/attachment.html 


More information about the Zeek mailing list