Re: [Snort-users] Log HTTP(S) URLs

[Manu <manu@yms.ath.cx>]

Hi Patrik,

that makes sense. The same with dsniff. I was able to sniff the https URLs only 
by dnsspoofing and having the webmitm running. 
Well, I had hoped that snort would provide another way to sniff the URLs. 

Anyway, thanks.

Regards,
Manuel

On Thu, 15 Mar 2007 11:29:24 +0100, Patrik Israelsson 
<patrik.israelsson@sentor.se> wrote:
> Huh?
> 
> I believe you've missed the very point of HTTPS, which is that it is
> encrypted 
> by definition. The Snort FAQ indeed states that you can use Snort to log
> HTTP 
> requests, but you will never be able to do the same for HTTPS as all its 
> traffic is encrypted (well, if you knew the key for the session in
> question 
> you could theoretically decrypt it, but that's something else).
> 
> Regards,
> Patrik
> 
> On Thursday 15 March 2007 10:13, Manu wrote:
>> Hi there,
>>
>> I am using Snort 2.6.1.3 on FreeBSD 6.2. The plan is to use snort only
> for
>> logging HTTP(S) URLs requested from the internal network.
>>
>> I already read in the faq that it is possible, but I should use the
> dsniff
>> package for that kind of work. Well, I tried it, but the urlsnarf tool
> only
>> gets http urls.
>>
>> So, I am asking for help how the rule(s) must look like and hope that
> you
>> can help me.
>>
>> Many thanks in advance,
>>
>> Manuel
>>
>>
>>
>>
> -------------------------------------------------------------------------
>> Take Surveys. Earn Cash. Influence the Future of IT
>> Join SourceForge.net's Techsay panel and you'll get the chance to share
>> your opinions on IT & business topics through brief surveys-and earn
> cash
>>
> http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
>> _______________________________________________
>> Snort-users mailing list
>> Snort-users@lists.sourceforge.net
>> Go to this URL to change user options or unsubscribe:
>> https://lists.sourceforge.net/lists/listinfo/snort-users
>> Snort-users list archive:
>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 
> 



-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys-and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users