Decrypt HTTPS traffic for IDS and encrypt it and send it again

0

2

so I have this architecture in VirtualBox :

Client <--> IDS <--> server

where all of the machines are implemented in Kali Linux and I am currently hosting a website on the Server which is configured to use HTTPS. I have all the certificates created using OpenSSL.

Now how can I use the IDS machine to: 1- intercept And decrypt HTTPS traffics 2- pass the traffics to IDS (snort) 3- re encrypt traffic and send it to the destination

Is there any specific tool will help ?

Adam Tr.

Posted 2019-12-01T22:58:30.177

Reputation: 1

Answers

0

You can use PolarProxy to intercept, decrypt and re-encrypt the TLS traffic. PolarProxy exports the decrypted HTTP traffic as PCAP by default, which you can ingest into Snort. However, if you really want to let Snort "sniff" the traffic then I'd suggest piping the PCAP output from PolarProxy to tcpreplay in order to push the captured traffic as "live" packets on a network interface.

Disclaimer: I'm the lead developer of PolarProxy, so I'd be happy to answer any questions you might have about the tool.

ErikH

Posted 2019-12-01T22:58:30.177

Reputation: 1

Asked: 2019-12-01T22:58:30.177

Viewed: 88 times

Active: 2019-12-04T21:41:54.367