| HTTP Anti-Virus Proxy http://havp.hege.li/forum/ |
|
| HTTPS listener http://havp.hege.li/forum/viewtopic.php?f=4&t=70 |
Page 1 of 1 |
| Author: | sebastian [ 06 Apr 2006 21:44 ] |
| Post subject: | HTTPS listener |
why not some feature (that can be deactivated for them that dosent want it) , where the proxy act as an HTTPS-client where the data is decrypted to HTTP-level before scanning. When the scanning has completed or something need to be delivered to the client, it can create a certificate with exact same details, except that its different keys + that it should be signed with a CA key the proxy administrator specify + that "cert name" should be same as the domain in CONNECT command, for the server, and then make a second HTTPS tunnel between client and the proxy. The user of the proxy should not be able to bypass this feature if the administrator has activated it. Then I as a administrator can install my own CA PUBLIC KEY on all client computers that I have physical access to, and they will never show an SSL warning again, not even when the remote side has an invalid certificate, because the certificate between the proxy and the client will always be valid. We must remind us that hackers sometimes PAY MONEY for getting their viruses spread. This INCLUDING BUYING REAL CERTS (that don't warn in the browser). They can set up some javascript that exploit the browser thought an SSL channel and the virus would go unnoticed throught the proxy. |
|
| Author: | hege [ 06 Apr 2006 21:51 ] |
| Post subject: | |
Well this has been discussed before. It can be done, but atleast I have no interest for working on such a complex (and perhaps unnecessary) feature. In my opinion HAVP should only do the scanning and not much else. Feel free to hack SSL-hijacking support to Squid etc, where it IMHO belongs. 
Actually I think Squid 3 has some sort of SSL reverse proxy.. Cheers, Henrik |
|
| Author: | sebastian [ 06 Apr 2006 21:54 ] |
| Post subject: | |
have you read the bold text? have you understood that viruses can go in unnoticed by HTTPS? |
|
| Author: | hege [ 06 Apr 2006 21:56 ] |
| Post subject: | |
sebastian wrote: have you read the bold text? have you understood that viruses can go in unnoticed by HTTPS?
Does bear **** in the forest? 
Did you read what I wrote? If you didn't understand: Someone else can do the SSL encrypting/decrypting, and pass it through HAVP. Cheers, Henrik |
|
| Author: | hege [ 06 Apr 2006 22:04 ] |
| Post subject: | |
Actually I already found something on google.. maybe worth a test. http://www.vroyer.org/sslstripper/ Cheers, Henrik |
|
| Author: | sebastian [ 06 Apr 2006 22:13 ] |
| Post subject: | |
THANKS!!! exactly what I was searching for.... Do you have the search string you use in google to find this? (In the case SSL stripper dosent works for me) Should install this on my IPcop machine to be able to content filter and virus scan HTTPS traffic. |
|
| Author: | hege [ 06 Apr 2006 22:16 ] |
| Post subject: | |
Google something like: ssl man-in-the-middle proxy I did search sometime ago, didn't notice sslstripper then.. but it is not Open Source and not updated in a while, which is not that nice. But I haven't seen any other software yet. Cheers, Henrik |
|
| Author: | hege [ 06 Apr 2006 22:31 ] |
| Post subject: | |
Here seems to be a good pointer.. http://groups.google.com/group/n3td3v/b ... dea2b07985 Cheers, Henrik |
|
| Author: | Christian [ 06 Apr 2006 23:02 ] |
| Post subject: | |
I'm a little bit late for the discussion but using a extra "man in the middle proxy" is the best way. SSL is a little bit complex and havp should not break security at the moment. We have to improve a lot of things and there is no time for SSL at the moment. Feel free to mail your results. A modular ssl proxy version would be nice. |
|
| Page 1 of 1 | All times are UTC + 2 hours [ DST ] |
| Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/ |
|