PolarProxy Released
I’m very proud to announce the release of
PolarProxy today!
PolarProxy is a transparent TLS proxy that decrypts and re-encrypts TLS traffic
while also generating a PCAP file containing the decrypted traffic.
PolarProxy enables you to do lots of things that have previously been impossible,
or at least very complex, such as:
- Analyzing HTTP/2 traffic without an SSLKEYLOGFILE
- Viewing decrypted HTTPS traffic in real-time using WiresharkPolarProxy -p 10443,80,443 -w – | wireshark -i – -k
- Replaying decrypted traffic to an internal or external interface using
tcpreplayPolarProxy -p 10443,80,443 -w – | tcpreplay -i eth1 – - Forwarding of decrypted traffic to a NIDS (see tcpreplay command above)
- Extracting DNS queries and replies from
DNS-over-TLS (DoT) or
DNS-over-HTTPS (DoH) trafficPolarProxy -p 853,53 -p 443,80 - Extracting email traffic from SMTPS, POP3S or IMAPSPolarProxy -p 465,25 -p 995,110 -p 993,143
Here is an example PCAP file generated by PolarProxy:
https://www.netresec.com/files/polarproxy-demo.pcap
This capture files contains HTTP, WebSocket and HTTP/2 packets to Mozilla, Google and Twitter
that would otherwise have been encrypted with TLS.
Image: HTTP/2 traffic from PolarProxy opened in Wireshark
Now, head over to our PolarProxy page
and try it for yourself (it’s free)!
Share on Facebook Tweet Submit to reddit.com
*** This is a Security Bloggers Network syndicated blog from NETRESEC Network Security Blog authored by Erik Hjelmvik. Read the original post at: http://www.netresec.com/?page=Blog&month=2019-06&post=PolarProxy-Released