HTTPS Analyzer

N_B · June 5, 2015, 7:16am

Hello,

I am quite new to Bro and need some help. I did go through some of the documentation and some source code but still not clear whether its possible to achieve what we are trying to do.

In a nutshell, we are trying to write an HTTPS analyzer for on the fly decryption of the SSL stream and then feed it to the built in HTTP Analyzer. We will use a crypto library + server keys to achieve the decryption. Is it possible at all do this in Bro?

The high level idea is to derive the HTTPS_Analyzer from the current HTTP_Analyzer, feed the stream from TCP_Analyzer into the HTTPS_Analyzer and utilize the HTTP_Analyzer calls for the remainder of the functionality.

Thanks for your help,
NB

Dopheide_Jeannette_M · June 5, 2015, 7:41pm

Hello NB. This email alias is for tracking development tickets.

Your odds of receiving help are much better if you join our mailing list:

http://mailman.icsi.berkeley.edu/mailman/listinfo/bro

Thanks,
Jeannette

Topic		Replies	Views
question about ssl analyzer Zeek	3	83	May 6, 2022
LDAP Analyzer Zeek	1	68	May 6, 2022
HTTPS Decryption Zeek	4	79	May 6, 2022
Developing a Bro protocol analyzer as a plugin Zeek	6	77	May 6, 2022
LDAP Analyzer Zeek	2	98	May 6, 2022

HTTPS Analyzer

Related Topics