Re: [Snort-users] Log HTTP(S) URLs

To:	snort-users@lists.sourceforge.net
Subject:	Re: [Snort-users] Log HTTP(S) URLs
From:	Patrik Israelsson <patrik.israelsson@sentor.se>
Date:	Thu, 15 Mar 2007 11:29:24 +0100
Delivered-to:	sp-com-lists@consult.net
Delivered-to:	snort-list@securepoint.com
In-reply-to:	<8a8d06384e480ef699c36a34cb7b64fa@localhost>
List-archive:	<http://sourceforge.net/mailarchive/forum.php?forum=snort-users>
List-help:	<mailto:snort-users-request@lists.sourceforge.net?subject=help>
List-id:	"Snort users talk about... Snort!" <snort-users.lists.sourceforge.net>
List-post:	<mailto:snort-users@lists.sourceforge.net>
List-subscribe:	<https://lists.sourceforge.net/lists/listinfo/snort-users>, <mailto:snort-users-request@lists.sourceforge.net?subject=subscribe>
List-unsubscribe:	<https://lists.sourceforge.net/lists/listinfo/snort-users>, <mailto:snort-users-request@lists.sourceforge.net?subject=unsubscribe>
Organization:	Sentor
References:	<8a8d06384e480ef699c36a34cb7b64fa@localhost>
Sender:	snort-users-bounces@lists.sourceforge.net
User-agent:	KMail/1.9.4

Huh?

I believe you've missed the very point of HTTPS, which is that it is encrypted 
by definition. The Snort FAQ indeed states that you can use Snort to log HTTP 
requests, but you will never be able to do the same for HTTPS as all its 
traffic is encrypted (well, if you knew the key for the session in question 
you could theoretically decrypt it, but that's something else).

Regards,
Patrik

On Thursday 15 March 2007 10:13, Manu wrote:
> Hi there,
>
> I am using Snort 2.6.1.3 on FreeBSD 6.2. The plan is to use snort only for
> logging HTTP(S) URLs requested from the internal network.
>
> I already read in the faq that it is possible, but I should use the dsniff
> package for that kind of work. Well, I tried it, but the urlsnarf tool only
> gets http urls.
>
> So, I am asking for help how the rule(s) must look like and hope that you
> can help me.
>
> Many thanks in advance,
>
> Manuel
>
>
>
> -------------------------------------------------------------------------
> Take Surveys. Earn Cash. Influence the Future of IT
> Join SourceForge.net's Techsay panel and you'll get the chance to share
> your opinions on IT & business topics through brief surveys-and earn cash
> http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
> _______________________________________________
> Snort-users mailing list
> Snort-users@lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users

smime.p7s
Description: S/MIME cryptographic signature

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys-and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV

_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

<Prev in Thread]	Current Thread	[Next in Thread>
[Snort-users] Log HTTP(S) URLs, Manu Re: [Snort-users] Log HTTP(S) URLs, Patrik Israelsson <= Re: [Snort-users] Log HTTP(S) URLs, Manu Re: [Snort-users] Log HTTP(S) URLs, Petersen, Mark Re: [Snort-users] Log HTTP(S) URLs, Manu Re: [Snort-users] Log HTTP(S) URLs, Jason Haar Re: [Snort-users] Log HTTP(S) URLs, Manu Re: [Snort-users] Log HTTP(S) URLs, Paul Melson

Previous by Date:	[Snort-users] Log HTTP(S) URLs, Manu
Next by Date:	Re: [Snort-users] Log HTTP(S) URLs, Manu
Previous by Thread:	[Snort-users] Log HTTP(S) URLs, Manu
Next by Thread:	Re: [Snort-users] Log HTTP(S) URLs, Manu
Indexes:	[Date] [Thread] [Top] [All Lists]