Hot Topics
Network Security Security Bloggers Network 
SBN

PolarProxy Released

by Erik Hjelmvik on June 21, 2019

I’m very proud to announce the release of
PolarProxy today!
PolarProxy is a transparent TLS proxy that decrypts and re-encrypts TLS traffic
while also generating a PCAP file containing the decrypted traffic.

PolarProxy flow chart

PolarProxy enables you to do lots of things that have previously been impossible,
or at least very complex, such as:

  • Analyzing HTTP/2 traffic without an SSLKEYLOGFILE
  • Viewing decrypted HTTPS traffic in real-time using Wireshark

    PolarProxy -p 10443,80,443 -w – | wireshark -i – -k
  • Replaying decrypted traffic to an internal or external interface using
    tcpreplay

    PolarProxy -p 10443,80,443 -w – | tcpreplay -i eth1 –
  • Forwarding of decrypted traffic to a NIDS (see tcpreplay command above)
  • Extracting DNS queries and replies from
    DNS-over-TLS (DoT) or
    DNS-over-HTTPS (DoH) traffic

    PolarProxy -p 853,53 -p 443,80
  • Extracting email traffic from SMTPS, POP3S or IMAPS

    PolarProxy -p 465,25 -p 995,110 -p 993,143

Here is an example PCAP file generated by PolarProxy:
https://www.netresec.com/files/polarproxy-demo.pcap

This capture files contains HTTP, WebSocket and HTTP/2 packets to Mozilla, Google and Twitter
that would otherwise have been encrypted with TLS.

HTTP/2 traffic from PolarProxy opened in Wireshark
Image: HTTP/2 traffic from PolarProxy opened in Wireshark

Now, head over to our PolarProxy page
and try it for yourself (it’s free)!

Facebook Share on Facebook  Twitter Tweet  Reddit Submit to reddit.com


Recent Articles By Author
More from Erik Hjelmvik

*** This is a Security Bloggers Network syndicated blog from NETRESEC Network Security Blog authored by Erik Hjelmvik. Read the original post at: http://www.netresec.com/?page=Blog&month=2019-06&post=PolarProxy-Released

Erik Hjelmvik , , , , , , , , , , , , , , , , ,