Closed mimugmail closed 4 years ago
to support squid it would make sense but I would prefer to have the possibility of manipulating the plain TCP stream. For example in stream substitutions (note: I learned pentesting and reading is usually not enough - that only helps for traffic analysis engines which is also good to have).
May be of interest, it could transform the platform to a pentesting environment. Interesting as it can work on tcp level, sou it's possible to also look at other kind of traffic.
https://laskowski-tech.com/2020/03/29/opnsense-and-ssl-decryption-using-sslsplit/ https://twitter.com/jay_townsend1/status/1244595650051932162
Thanks for looking into this from Mr tweeting about it
Me*
added for build in 20.7 (https://github.com/opnsense/tools/commit/5c31793bde0ece40d383c162bedeb40ccf3fd163), it's practical indeed
@AdSchellevis do you have a stake in it or plans for plugin/integration?
@mimugmail maybe, I've tested it locally, can think of a simple use-case where it might be practical to have, but no plans to build a plugin at the moment.
May be of interest, it could transform the platform to a pentesting environment. Interesting as it can work on tcp level, sou it's possible to also look at other kind of traffic.
https://laskowski-tech.com/2020/03/29/opnsense-and-ssl-decryption-using-sslsplit/ https://twitter.com/jay_townsend1/status/1244595650051932162