Article delegate-en/4486 of [1-5169] on the server localhost:119
  upper oldest olders older1 this newer1 newers latest
search
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
[Reference:<_A4458@delegate-en.ML_>]
Newsgroups: mail-lists.delegate-en

[DeleGate-En] Re: STLS=-mitm parameter and HTTPS sniffing
05 Jun 2009 10:00:21 GMT feedback@delegate.org (Yutaka Sato)
The DeleGate Project


Hi,

In message <_A4458@delegate-en.ML_> on 05/21/09(07:47:23)
you =?ISO-8859-1?Q?Guilherme_V=EAnere?= <pniiqbdyi-kp76qhuvkelr.ml@ml.delegate.org> wrote:
 |. Second problem: I'm setting up this firewall as a monitoring machine
 |to study malware related traffic. So I want to do HTTPS sniffing for
 |the connections above. I tried using the parameter STLS=-mitm, but
 |delegated complain with this message in stdout.log: ##
 |beManInTheMiddle: Not Available in the Source Distribution"

STLS=mitm is available only in the binary distribution of DeleGate.
<URL:ftp://ftp.delegate.org/pub/DeleGate/beta/bin-latest9/>

 |So i tried running with the parameters below:
 |
 |./delegated -P8080 SERVER=http STLS=-fcl,-fsv LOGDIR=/tmp
 |FTOCL=-tee-a/tmp/tocl.log FTOSV=-tee-a/tmp/tosv.log
 |
 |It seems it does not work as I expected. It's logging the traffic, but
 |on HTTPS connections it's logging the encrypted data. How can I log
 |the unencrypted data? Is this possible with delegate?

STLS=mitm does more than decryption/encryption of SSL.  Acting as
an explicit HTTP proxy (or SSL-tunnel in this case), it interprets
CONNECT request (not encrypted in SS) from a HTTP client to
establish a connection to the target HTTPS/SSL server.  After the
connection is established, it start SSL relay like STLS="fcl,fsv".

Note that you need do proxy-authentication with a user name "mitm"
to use STLS=mitm.  You can change the authentication by adding
an AUTHORIZER for MITM option like:

  AUTHORIZER="-list{userName:passWord}:mitm:*:*"

Cheers,
Yutaka
--
  9 9   Yutaka Sato <y.sato@delegate.org> http://delegate.org/y.sato/
 ( ~ )  National Institute of Advanced Industrial Science and Technology
_<   >_ 1-1-4 Umezono, Tsukuba, Ibaraki, 305-8568 Japan
Do the more with the less -- B. Fuller

  admin search upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
@_@V