Generally, you do not “process” https traffic with Bro. Either you break it out, or you just look peripherally at the traffic (things like certificate information, conn tracking). If you truly want to do full inspection of https, you need an ssl proxy or breakout solution. Once it is broken out, there is nothing you need to do. Bro reads it exactly the same as any other http traffic.
Related Topics
| Topic | Replies | Views | Activity | |
|---|---|---|---|---|
| Bro HTTPS analyzer | 2 | 67 | May 6, 2022 | |
| HTTPS Analyzer | 4 | 94 | May 6, 2022 | |
| How does Bro decrypt https traffic? | 5 | 99 | May 6, 2022 | |
| HTTPS Analyzer | 2 | 116 | May 6, 2022 | |
| Bro HTTP/2 Decoder/Analyzer Plugin Released by MITRE | 2 | 101 | May 6, 2022 |