Open Source project that does SSL Inspection

Question

I've been assigned to research out and spec replacing our old and decrepit http content filtering system. There are several open source filtering packages available but I've not come across one that does SSL inspection.

The new system will scale to many branches of different sizes, from say 10 users to a few hundred, so purchasing an appliance for each branch isn't desirable.

When we're further along, we will do custom programming as we have a few unique needs in other aspects of filtering, so if the suggestion takes a bit of customization, it won't be a problem.

score 1 · Answer 1 · answered Sep 29 '09 at 20:34

1

I've not used it, but take a look at http://www.delegate.org/delegate/mitm/ - this in conjunction with dansguardian may provide HTTPS filtering.

answered Sep 29 '09 at 20:34

BrianEss

401
2
6

+1 Looks like this would work as well, but I could only accept one answer. – user21464 Oct 01 '09 at 21:52

score 1 · Accepted Answer · answered Sep 29 '09 at 20:47

1

Dug Song's dsniff package has a mitm tool that should be able to do this. The code, while old, is in C and available from his site and the license is attribution-only.

answered Sep 29 '09 at 20:47

adric

531
2
7

Looks like it does what I want. – user21464 Oct 01 '09 at 21:52

score 0 · Answer 3 · answered Sep 29 '09 at 00:42

0

What do you mean by content filtering? If its anything that inspects the traffic while its in transit you're going to run into SSL errors-since one of the things SSL is specifically for is to stop people from peering at your traffic while in transit.

answered Sep 29 '09 at 00:42

Josh Budde

2,378
14
7

Not necessarily true. There are commercial products from BlueCoat and ClearTunnel that inspect HTTPS egress. They are an intentional man-in-the-middle attack. One SSL is from client to proxy, the proxy inspects, and a second SSL transaction goes from the proxy to the server. – pboin Sep 29 '09 at 00:47
By content filtering I mean blocking viruses, malware, and preventing people from visiting unsavory websites while at work. And yes, it's basically a man-in-the-middle attack on your own network. Typically you add your own SSL cert to the client computer to prevent such errors. – user21464 Sep 29 '09 at 00:49

Purfideas · Answer 4 · 2009-09-29T01:14:07.983

0

short answer: Man in the middle ... that is the problem SSL was designed to solve.

longer answer: Some companies actually do accomplish this, but they force each browser and certificate store to trust their own certificate authority (CA), and the MITM can snoop on everything, quite dishonestly (albeit in accordance with your NDA).

edited Sep 29 '09 at 01:14

answered Sep 29 '09 at 01:08

Purfideas

163
5

1

That's basically what I'm looking for, an open source project that can accomplish this. We're upfront about this sort of thing to our employees to, so while people might not like it, we're quite open about it. – user21464 Sep 29 '09 at 01:40

Open Source project that does SSL Inspection

4 Answers4