Encrypted traffic inspection

Daryald · June 17, 2022, 11:33am

There are two ways of detecting SSL/TLS traffic using Suricata:

Ja3 Hash- Good article is here
Decrypting traffic using proxy- This is what I was talking about - using Polar Proxy. PolarProxy is capable to decrypt and re-encrypt TLS traffic in real time and also it has feature pcapoverip in which you can capture decrypted traffic in Wireshark or re-play it in your network using tcpreplay. This decrypted traffic can be sent to Suricata to apply detection. This article can help you.

Topic		Replies	Views
Real-time TLS Traffic Inspection Help	2	316	October 24, 2024
Suricata with SSL Decryption Help ips	7	2691	March 20, 2023
Analyze HTTPS traffic with proxy Help suricata	5	1468	October 24, 2024
Ssl decryption monitoring Help	0	695	June 28, 2021
Suricata and reverse_https shell Help ips , rules	3	1250	December 10, 2021