Article delegate-en/4458 of [1-5169] on the server localhost:119
  upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]

Newsgroups: mail-lists.delegate-en

[DeleGate-En] STLS=-mitm parameter and HTTPS sniffing
20 May 2009 22:47:29 GMT =?ISO-8859-1?Q?Guilherme_V=EAnere?= <>


First of all, i'd like to congratulate you for this great software.
It's really a great piece of software!

Well, here's what i'm trying to do:

. I want to use delegate as a transparent proxy for HTTP and HTTPS
protocols. I run it on port 8080 on my gateway, and do a NAT
redirection for all port 80/443 outgoing traffic to my gatewayip:8080.
This is the command I used:

./delegated -P8080 RELAY=vhost SERVER=http STLS=-fcl,-fsv

When i try to access a HTTPS site from a client, it shows me a
delegate page with info about the client. The i tried it like this:

./delegated -P8080 MOUNT="/* odst.-:-" SERVER=http STLS=-fcl,-fsv

Then it showed me a page complaining about Non-CERN proxy clients.
What parameter should I use to allow clients on my internal network to
access HTTP/HTTPS sites using my proxy transparently?

. Second problem: I'm setting up this firewall as a monitoring machine
to study malware related traffic. So I want to do HTTPS sniffing for
the connections above. I tried using the parameter STLS=-mitm, but
delegated complain with this message in stdout.log: ##
beManInTheMiddle: Not Available in the Source Distribution"

So i tried running with the parameters below:

./delegated -P8080 SERVER=http STLS=-fcl,-fsv LOGDIR=/tmp
FTOCL=-tee-a/tmp/tocl.log FTOSV=-tee-a/tmp/tosv.log

It seems it does not work as I expected. It's logging the traffic, but
on HTTPS connections it's logging the encrypted data. How can I log
the unencrypted data? Is this possible with delegate?

What parameter should I use to accomplish both necessities from above?

Thank you very much for you time.


Guilherme Venere

  admin search upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]