HTTPS Analyzer


I am quite new to Bro and need some help. I did go through some of the documentation and some source code but still not clear whether its possible to achieve what we are trying to do.

In a nutshell, we are trying to write an HTTPS analyzer for on the fly decryption of the SSL stream and then feed it to the built in HTTP Analyzer. We will use a crypto library + server keys to achieve the decryption. Is it possible at all do this in Bro?

The high level idea is to derive the HTTPS_Analyzer from the current HTTP_Analyzer, feed the stream from TCP_Analyzer into the HTTPS_Analyzer and utilize the HTTP_Analyzer calls for the remainder of the functionality.

Thanks for your help,

Hello NB. This email alias is for tracking development tickets.

Your odds of receiving help are much better if you join our mailing list: