In message <_A4458@delegate-en.ML_> on 05/21/09(07:47:23)
you =?ISO-8859-1?Q?Guilherme_V=EAnere?= <firstname.lastname@example.org> wrote:
|. Second problem: I'm setting up this firewall as a monitoring machine
|to study malware related traffic. So I want to do HTTPS sniffing for
|the connections above. I tried using the parameter STLS=-mitm, but
|delegated complain with this message in stdout.log: ##
|beManInTheMiddle: Not Available in the Source Distribution"
STLS=mitm is available only in the binary distribution of DeleGate.
|So i tried running with the parameters below:
|./delegated -P8080 SERVER=http STLS=-fcl,-fsv LOGDIR=/tmp
|It seems it does not work as I expected. It's logging the traffic, but
|on HTTPS connections it's logging the encrypted data. How can I log
|the unencrypted data? Is this possible with delegate?
STLS=mitm does more than decryption/encryption of SSL. Acting as
an explicit HTTP proxy (or SSL-tunnel in this case), it interprets
CONNECT request (not encrypted in SS) from a HTTP client to
establish a connection to the target HTTPS/SSL server. After the
connection is established, it start SSL relay like STLS="fcl,fsv".
Note that you need do proxy-authentication with a user name "mitm"
to use STLS=mitm. You can change the authentication by adding
an AUTHORIZER for MITM option like:
9 9 Yutaka Sato <email@example.com> http://delegate.org/y.sato/
( ~ ) National Institute of Advanced Industrial Science and Technology
_< >_ 1-1-4 Umezono, Tsukuba, Ibaraki, 305-8568 Japan
Do the more with the less -- B. Fuller