The more https becomes popular the more I need to find a product like shark tap that will act as ...

[G+_Jason Perry]

The more https becomes popular the more I need to find a product like shark tap that will act as a middle man.

 

Anyone have suggestions?

[G+_Black Merc]

As long as you stay under gigabit... Diy build!

[G+_Jason Perry]

I have thought about it. My issue with that is it has to work. I don't have enough experience with encryption. Wireshark no problem, decrypting the traffic and then reencrypting the traffic is the part that is making me want to look for a prepackaged solution like shark tap.

[G+_Black Merc]

Raspberry with two nic?

Mini pc with two nic?

Both could work.

Also hak5 lan turtle...

[G+_Ben Reese]

Yeah, intercepting the traffic isn't a problem. Decrypting all TLS traffic, inspecting, and repackaging with your own certs takes a bit more more. I've got no suggestions, but good luck!

[G+_Jason Perry]

I really don't think I am going to find what I want. Want I really want is a version of shark tap that will decrypt the traffic.

[G+_Black Merc]

Jason Perry shark tap is just a tap (an agragated tap). That's all it does. The smarts is in the device that you attach to the monitor port(rj-45).

[G+_Jason Perry]

Black Merc here is the question then how do you decrypt, inspect, and repackage without causing issues on your network?

 

If I am using shark tap I guess I don't need to repackage but I feel like doing the decryption on the device attached to the monitoring port would be impossible.

[G+_David Wiggins]

If you have a managed switch, you could mirror traffic (just don't try to do more than one at a time, it can be a problem).

 

As Ben Reese? said decrypt and repackage can be tricky. I've been playing with invisible proxy with SSL spoofing on pfS, and it's not exactly a walk in the park.

 

With an invisible proxy, you could save the traffic until later, and use your proxy key to decrypt at leisure, or in real-time.

 

This method requires control over either the gateway or the client devices. PAC and WPAD can be used for automatic proxy, but isn't always a good idea.

[G+_Dan Hockey]

Would this work

hakshop.com - Packet Squirrel

[G+_Jason Perry]

Haven't looked at it yet. It is a new product. From what I have seen so far, or how I understand it is, your packet capture is limited by the size of the USB drive you have in it, when it is full its full. I don't think you can keep the most recent 'X' number of Gb of traffic.

[G+_Dan Hockey]

After watching Hak5 2309 I decided to get one.

[G+_Jason Perry]

After you play with it for awhile let me know how well works.