Stripping SSL on network level

I was wondering if it is possible for bro to do monitoring at network level and also strip SSL from all the machines in network and log unencrypted data?

Has something be done to achieve this or are there any plans?

Hi,

I was wondering if it is possible for bro to do monitoring at network level
and also strip SSL from all the machines in network and log unencrypted
data?

Bro itself does not support any kind of SSL/TLS decryption. If it is fed
unencrypted data (e.g. sitting behing a SSL terminator) it will happily
log it.

Has something be done to achieve this or are there any plans?

There are no plans current plans that I know of to implement this.

Johanna

Well, the design of SSL makes it impossible to strip it at the network level.

How’s that usually done is, there’s a proxy that terminates each connection and initiates a new one, generating certificates on the fly for every destination site, signed by a CA sitting on that proxy, that’s trusted by clients.

What that means - you need to configure your clients to trust that CA anyway.

Before someone mentions SSLstrip - it looks for HTTP connections before they are 302 to the SSL endpoint. If connection is SSL end to end, it won’t do anything.