How to detect https traffic with iptables u32 module? [closed]
Clash Royale CLAN TAG#URR8PPP up vote
0
down vote
favorite
How would I detect http traffic through u32 module of iptables?
14.04 iptables https
asked May 29 at 9:37
Mystic monk
53
closed as unclear what you're asking by Kevin Bowen, waltinator, N0rbert, Eric Carvalho, K7AAY Jun 1 at 18:38
Please clarify your specific problem or add additional details to highlight exactly what you need. As it's currently written, it’s hard to tell exactly what you're asking. See the How to Ask page for help clarifying this question. If this question can be reworded to fit the rules in the help center, please edit the question.
add a comment |Â
up vote
0
down vote
favorite
How would I detect http traffic through u32 module of iptables?
14.04 iptables https
asked May 29 at 9:37
Mystic monk
53
closed as unclear what you're asking by Kevin Bowen, waltinator, N0rbert, Eric Carvalho, K7AAY Jun 1 at 18:38
Please clarify your specific problem or add additional details to highlight exactly what you need. As it's currently written, it’s hard to tell exactly what you're asking. See the How to Ask page for help clarifying this question. If this question can be reworded to fit the rules in the help center, please edit the question.
add a comment |Â
up vote
0
down vote
favorite
up vote
0
down vote
favorite
How would I detect http traffic through u32 module of iptables?
14.04 iptables https
asked May 29 at 9:37
Mystic monk
53
How would I detect http traffic through u32 module of iptables?
14.04 iptables https
asked May 29 at 9:37
Mystic monk
53
asked May 29 at 9:37
Mystic monk
53
asked May 29 at 9:37
Mystic monk
53
asked May 29 at 9:37
Mystic monk
53
53
closed as unclear what you're asking by Kevin Bowen, waltinator, N0rbert, Eric Carvalho, K7AAY Jun 1 at 18:38
Please clarify your specific problem or add additional details to highlight exactly what you need. As it's currently written, it’s hard to tell exactly what you're asking. See the How to Ask page for help clarifying this question. If this question can be reworded to fit the rules in the help center, please edit the question.
closed as unclear what you're asking by Kevin Bowen, waltinator, N0rbert, Eric Carvalho, K7AAY Jun 1 at 18:38
Please clarify your specific problem or add additional details to highlight exactly what you need. As it's currently written, it’s hard to tell exactly what you're asking. See the How to Ask page for help clarifying this question. If this question can be reworded to fit the rules in the help center, please edit the question.
add a comment |Â
add a comment |Â
1 Answer
1
active
oldest
votes
up vote
2
down vote
accepted
It's impossible to tell from outside what's going on inside a TLS connection. TLS is the Transport Layer Security protocol that wraps HTTP connections to turn them into HTTPS connection. This, i. e. privacy, is one of the three key features of TLS.
There are some methods to intercept the TLS connection and terminate it at the "connection inspector" but those require self-signed certificates in the client applications and defeat the security of TLS almost entirely.
answered May 29 at 13:53
David Foerster
25.8k1361106
David, If this is true any idea how sslh is able to do that? Look out for is_tls_protocol in this file github.com/yrutschle/sslh/blob/…
– Mystic monk
May 30 at 4:00
@Mysticmonk: If you look at the code it only detects if a data stream looks like a TLS session handshake. It cannot tell what kind of data and thus protocol type is wrapped inside the TLS session.
– David Foerster
May 30 at 11:19
add a comment |Â
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
2
down vote
accepted
It's impossible to tell from outside what's going on inside a TLS connection. TLS is the Transport Layer Security protocol that wraps HTTP connections to turn them into HTTPS connection. This, i. e. privacy, is one of the three key features of TLS.
There are some methods to intercept the TLS connection and terminate it at the "connection inspector" but those require self-signed certificates in the client applications and defeat the security of TLS almost entirely.
answered May 29 at 13:53
David Foerster
25.8k1361106
David, If this is true any idea how sslh is able to do that? Look out for is_tls_protocol in this file github.com/yrutschle/sslh/blob/…
– Mystic monk
May 30 at 4:00
@Mysticmonk: If you look at the code it only detects if a data stream looks like a TLS session handshake. It cannot tell what kind of data and thus protocol type is wrapped inside the TLS session.
– David Foerster
May 30 at 11:19
add a comment |Â
up vote
2
down vote
accepted
It's impossible to tell from outside what's going on inside a TLS connection. TLS is the Transport Layer Security protocol that wraps HTTP connections to turn them into HTTPS connection. This, i. e. privacy, is one of the three key features of TLS.
There are some methods to intercept the TLS connection and terminate it at the "connection inspector" but those require self-signed certificates in the client applications and defeat the security of TLS almost entirely.
answered May 29 at 13:53
David Foerster
25.8k1361106
David, If this is true any idea how sslh is able to do that? Look out for is_tls_protocol in this file github.com/yrutschle/sslh/blob/…
– Mystic monk
May 30 at 4:00
@Mysticmonk: If you look at the code it only detects if a data stream looks like a TLS session handshake. It cannot tell what kind of data and thus protocol type is wrapped inside the TLS session.
– David Foerster
May 30 at 11:19
add a comment |Â
up vote
2
down vote
accepted
up vote
2
down vote
accepted
It's impossible to tell from outside what's going on inside a TLS connection. TLS is the Transport Layer Security protocol that wraps HTTP connections to turn them into HTTPS connection. This, i. e. privacy, is one of the three key features of TLS.
There are some methods to intercept the TLS connection and terminate it at the "connection inspector" but those require self-signed certificates in the client applications and defeat the security of TLS almost entirely.
answered May 29 at 13:53
David Foerster
25.8k1361106
It's impossible to tell from outside what's going on inside a TLS connection. TLS is the Transport Layer Security protocol that wraps HTTP connections to turn them into HTTPS connection. This, i. e. privacy, is one of the three key features of TLS.
There are some methods to intercept the TLS connection and terminate it at the "connection inspector" but those require self-signed certificates in the client applications and defeat the security of TLS almost entirely.
answered May 29 at 13:53
David Foerster
25.8k1361106
edited May 29 at 14:00
answered May 29 at 13:53
David Foerster
25.8k1361106
answered May 29 at 13:53
David Foerster
25.8k1361106
answered May 29 at 13:53
David Foerster
25.8k1361106
25.8k1361106
David, If this is true any idea how sslh is able to do that? Look out for is_tls_protocol in this file github.com/yrutschle/sslh/blob/…
– Mystic monk
May 30 at 4:00
@Mysticmonk: If you look at the code it only detects if a data stream looks like a TLS session handshake. It cannot tell what kind of data and thus protocol type is wrapped inside the TLS session.
– David Foerster
May 30 at 11:19
add a comment |Â
David, If this is true any idea how sslh is able to do that? Look out for is_tls_protocol in this file github.com/yrutschle/sslh/blob/…
– Mystic monk
May 30 at 4:00
@Mysticmonk: If you look at the code it only detects if a data stream looks like a TLS session handshake. It cannot tell what kind of data and thus protocol type is wrapped inside the TLS session.
– David Foerster
May 30 at 11:19
David, If this is true any idea how sslh is able to do that? Look out for is_tls_protocol in this file github.com/yrutschle/sslh/blob/…
– Mystic monk
May 30 at 4:00
David, If this is true any idea how sslh is able to do that? Look out for is_tls_protocol in this file github.com/yrutschle/sslh/blob/…
– Mystic monk
May 30 at 4:00
@Mysticmonk: If you look at the code it only detects if a data stream looks like a TLS session handshake. It cannot tell what kind of data and thus protocol type is wrapped inside the TLS session.
– David Foerster
May 30 at 11:19
@Mysticmonk: If you look at the code it only detects if a data stream looks like a TLS session handshake. It cannot tell what kind of data and thus protocol type is wrapped inside the TLS session.
– David Foerster
May 30 at 11:19
add a comment |Â