SSL traffic

Question

SSL traffic

mdtmailgr opened this issue a year ago · 3 comments

mdtmailgr commented a year ago

Hello all,

First of all grate work and thank you for the work project provided

One question, how to capture SSL traffic incoming one for malicious traffic ?

e.g

nmap 192.168.235.128 -p 80 --script=vuln ==> works

nmap 192.168.235.128 -p 443 --script=vuln ==> not reporting something

[i] setting capture filter 'udp or icmp or (tcp and (tcp[tcpflags] == tcp-syn or port 80 or port 1080 or port 3128 or port 8000 or port 8080 or port 8118)) or port 443'

Thank you again

Answer 1 · 2023-05-22T10:32:41.000Z

hi. problem is that you won't be able to decrypt SSL traffic and inspect these kind of attacks. SSL traffic is encrypted per-se

Answer 2 · 2023-05-24T13:52:19.000Z

Thank you Stamparm,

You are right

Thank you for your time

Best regards,

Answer 3 · 2023-10-07T11:18:12.000Z

Considering to be resolved.