HTTP Anti-Virus Proxy

Official HAVP Support Forum
Registration disabled, I'm tired of spambots. E-mail havp@hege.li if you have questions.
HAVP project is pretty much frozen/abandoned at this time anyway.
It is currently 22 Jun 2014 09:52

All times are UTC + 2 hours [ DST ]




Post new topic Reply to topic  [ 9 posts ] 
Author Message
 Post subject: HTTPS listener
PostPosted: 06 Apr 2006 21:44 
Offline

Joined: 06 Apr 2006 21:33
Posts: 21
why not some feature (that can be deactivated for them that dosent want it) , where the proxy act as an HTTPS-client where the data is decrypted to HTTP-level before scanning.

When the scanning has completed or something need to be delivered to the client, it can create a certificate with exact same details, except that its different keys + that it should be signed with a CA key the proxy administrator specify + that "cert name" should be same as the domain in CONNECT command, for the server, and then make a second HTTPS tunnel between client and the proxy.

The user of the proxy should not be able to bypass this feature if the administrator has activated it.

Then I as a administrator can install my own CA PUBLIC KEY on all client computers that I have physical access to, and they will never show an SSL warning again, not even when the remote side has an invalid certificate, because the certificate between the proxy and the client will always be valid.

We must remind us that hackers sometimes PAY MONEY for getting their viruses spread. This INCLUDING BUYING REAL CERTS (that don't warn in the browser). They can set up some javascript that exploit the browser thought an SSL channel and the virus would go unnoticed throught the proxy.


Top
 Profile  
 
 Post subject:
PostPosted: 06 Apr 2006 21:51 
Offline
HAVP Developer

Joined: 27 Feb 2006 18:12
Posts: 687
Location: Finland
Well this has been discussed before. It can be done, but atleast I have no interest for working on such a complex (and perhaps unnecessary) feature. In my opinion HAVP should only do the scanning and not much else.

Feel free to hack SSL-hijacking support to Squid etc, where it IMHO belongs. :)

Actually I think Squid 3 has some sort of SSL reverse proxy..

Cheers,
Henrik


Top
 Profile  
 
 Post subject:
PostPosted: 06 Apr 2006 21:54 
Offline

Joined: 06 Apr 2006 21:33
Posts: 21
have you read the bold text? have you understood that viruses can go in unnoticed by HTTPS?


Top
 Profile  
 
 Post subject:
PostPosted: 06 Apr 2006 21:56 
Offline
HAVP Developer

Joined: 27 Feb 2006 18:12
Posts: 687
Location: Finland
sebastian wrote:
have you read the bold text? have you understood that viruses can go in unnoticed by HTTPS?


Does bear **** in the forest? ;)

Did you read what I wrote? If you didn't understand: Someone else can do the SSL encrypting/decrypting, and pass it through HAVP.

Cheers,
Henrik


Top
 Profile  
 
 Post subject:
PostPosted: 06 Apr 2006 22:04 
Offline
HAVP Developer

Joined: 27 Feb 2006 18:12
Posts: 687
Location: Finland
Actually I already found something on google.. maybe worth a test.

http://www.vroyer.org/sslstripper/

Cheers,
Henrik


Top
 Profile  
 
 Post subject:
PostPosted: 06 Apr 2006 22:13 
Offline

Joined: 06 Apr 2006 21:33
Posts: 21
THANKS!!! exactly what I was searching for....
Do you have the search string you use in google to find this? (In the case SSL stripper dosent works for me)

Should install this on my IPcop machine to be able to content filter and virus scan HTTPS traffic.


Top
 Profile  
 
 Post subject:
PostPosted: 06 Apr 2006 22:16 
Offline
HAVP Developer

Joined: 27 Feb 2006 18:12
Posts: 687
Location: Finland
Google something like: ssl man-in-the-middle proxy

I did search sometime ago, didn't notice sslstripper then.. but it is not Open Source and not updated in a while, which is not that nice. But I haven't seen any other software yet.

Cheers,
Henrik


Top
 Profile  
 
 Post subject:
PostPosted: 06 Apr 2006 22:31 
Offline
HAVP Developer

Joined: 27 Feb 2006 18:12
Posts: 687
Location: Finland
Here seems to be a good pointer..

http://groups.google.com/group/n3td3v/b ... dea2b07985

Cheers,
Henrik


Top
 Profile  
 
 Post subject:
PostPosted: 06 Apr 2006 23:02 
Offline
HAVP Maintainer

Joined: 27 Feb 2006 19:08
Posts: 62
I'm a little bit late for the discussion but using a extra "man in the middle proxy" is the best way. SSL is a little bit complex and havp should not break security at the moment. We have to improve a lot of things and there is no time for SSL at the moment.

Feel free to mail your results. A modular ssl proxy version would be nice.


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 9 posts ] 

All times are UTC + 2 hours [ DST ]


Who is online

Users browsing this forum: No registered users and 0 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group