Pathologically Eclectic Rubbish Lister | |
PerlMonks |
Re^6: Check if a scalar contains a complete HTTP requestby FloydATC (Deacon) |
on May 23, 2017 at 06:23 UTC ( [id://1190932]=note: print w/replies, xml ) | Need Help?? |
Wireshark depends on getting all the certificates handed to it in order to decrypt traffic, so that's a completely different game. Very good for inspecting inbound SSL traffic to your own servers, pretty worthless for outbound traffic. Think of this as a poor man's alternative to one specific feature found in Palo Alto, CheckPoint or F5. Those are the commercial product offerings I'm familar with that does SSL inspection really, really well. Better, obviously, than anything I could hope to achieve with a Perl hack. I'm using IO::Socket::SSL::Intercept combined with SNI sniffing to clone certificates and act as a proxy between the client and the server. I didn't find this documented anywhere so in case anyone is curious, here's the trick:
The closest non-commercial product I've found is Squid, but besides being a nightmare to configure, Squid depends on the destination IP to be intact so it can make the server connection. This means DNAT is right out, you have to use either WCCP or special routing to redirect the traffic. Unfortunately, neither one is an option in my environment since the vast majority of traffic must be completely undisturbed.
-- FloydATC
I got 99 problems, most of them have to do with printers.
In Section
Seekers of Perl Wisdom
|
|