Inspection of https connections

[TomBrady]

Hello all, I am new to the dpi technology so kindly bear with my
ignorance! :) Could someone throw some light on where I can find
information about inspection of https connections? Can open dpi
inspect url's?
Thanks in advance,

[Ilia Kravchenko]

HI, you want to detect https connections in traffic or you want to inspect https traffic? If second - OpenDPI not allow inspect encrypted traffic.

2012/1/23 TomBrady <pantu...@gmail.com>

[Katrin Pflugfelder]

Hi Tom,

welcome to the community.

OpenDPI can detect HTTP but does not do any further inspections within HTTP header. To get an idea what OpenDPI does, just download the source code and read the file http.c.

ipoque's commercial version of OpenDPI, PACE, extracts URLs and does further examination within the HTTP header.

Regarding HTTPS: HTTPS payload is encrypted but the header is unencrypted. So it is possible to detect HTTPS even with OpenDPI. With the commercial version PACE also certificate content is extracted.

Katrin

--

Katrin Pflugfelder | Product Manager | ipoque

Neumarkt 29-33 | 04109 Leipzig | Germany

phone + 49-341 - 59 40 3 - 0 

fax +49-341 59 40 3 - 019 | web www.ipoque.com

trade register Amtsgericht Leipzig HRB21462

Gesellschaft mit beschränkter Haftung (GmbH)

board Dr. Hendrik Schulze, Markus Ziegler

akademik bilisim 2012, Usak, 01-03 Feb 2012
ISS World MEA 2012, Dubai, 13-15 Feb 2012
Mobile World Congress 2012, Barcelona, 27 Feb - 01 March 2012

ipoque Executive Blog at http://blog.ipoque.com

[gh0st]

Inspect URLs over HTTPS connections is not possible, because all HTTP
traffic is encrypted by SSL, and the URL is part of the information
passed by the HTTP headers.

[ql li]

hi

 can ask the next packet can not be characterized asindependent like L7 

2012/1/24 gh0st <ignacio...@gmail.com>