ecapture feed non encrypted http to IDS suricata? #392
vincentmli
started this conversation in
Ideas
Replies: 2 comments 2 replies
-
I haven't used IDS Suricata before, but I'm planning to send unencrypted HTTPS packets to a remote socket (like Charles proxy\ brup\ etc...). I'm also looking for protocol specifications for this type of software. If you know about these, please let me know. |
Beta Was this translation helpful? Give feedback.
1 reply
-
maybe this is close to what you are looking for in regard to protocol |
Beta Was this translation helpful? Give feedback.
1 reply
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
I think IDS suricata does not have the capability to decode SSL/TLS/https, since ecapture could and could write to pcap file, so it seems already passible to run IDS suricata in offline mode to read the pcap file created by ecapture, I am wonder though ecapture could feed the decrypted data to suricata lively? or maybe suricata need to add its own ecapture like capability ?
Beta Was this translation helpful? Give feedback.
All reactions