Hot Topics

http2

Parameters tab in NetworkMiner

Start Menu Search Video

| | Bing, bing.com, Cortana, HTTP/2, http2, Microsoft, NetworkMiner, pcap, PCAP-over-IP, pcapoverip, PolarProxy, Privacy, Start Menu, video, videotutorial, www.bing.com
In this video I demonstrate that text typed into the Windows 10 start menu gets sent to Microsoft and how that traffic can be intercepted, decrypted and parsed. The video cannot be ...
NETRESEC Network Security Blog
PolarProxy and Arkime Logo

Capturing Decrypted TLS Traffic with Arkime

| | Arkime, decrypt, HTTP/2, http2, HTTPS, Moloch, pcap, PCAP-over-IP, pcapoverip, PolarProxy, real time, systemctl, systemd, TLS, UFW
The latest version of Arkime (The Sniffer Formerly Known As Moloch) can now be fed with a real-time stream of decrypted HTTPS traffic from PolarProxy. All that is needed to enable this ...
NETRESEC Network Security Blog
PolarProxy and Arkime Logo

Capturing Decrypted TLS Traffic with Arkime

| | Arkime, decrypt, HTTP/2, http2, HTTPS, Moloch, pcap, PCAP-over-IP, pcapoverip, PolarProxy, real time, systemctl, systemd, TLS, UFW
The latest version of Arkime (The Sniffer Formerly Known As Moloch) can now be fed with a real-time stream of decrypted HTTPS traffic from PolarProxy. All that is needed to enable this ...
NETRESEC Network Security Blog
Laptop, Raspberry Pi, PolarProxy, Internet ASCII

Discovered Artifacts in Decrypted HTTPS

| | adnxs.com, CS3, CS3Sthlm, decrypt, forensics, HTTP/2, http2, incoming.telemetry.mozilla.org, majestic, Majestik møøse, NetworkMiner, pcap, PolarProxy, reddit, telemetry, TLS, TLSI, Wireshark, x-moose, X-Proxy-Origin
We released a PCAP file earlier this year, which was recorded as part of a live TLS decryption demo at the CS3Sthlm conference. The demo setup used PolarProxy running on a Raspberry ...
NETRESEC Network Security Blog
Erik presenting PolarProxy at CS3Sthlm, photo credit: CS3Sthlm

Sharing a PCAP with Decrypted HTTPS

| | CS3, CS3Sthlm, decrypt, DoH, forensics, google, HTTP/2, http2, HTTPS, NetworkMiner, Pastebin, pcap, PolarProxy, TLS, TLS Inspection, TLS Interception, TLSI, Twitter, video, Wireshark
Modern malware and botnet C2 protocols use TLS encryption in order to blend in with 'normal' web traffic, sometimes even using legitimate services like Twitter or Instagram. I did a live demo ...
NETRESEC Network Security Blog
NetworkMiner 2.5

NetworkMiner 2.5 Released

| | CIFS, DoH, hashcat, HTTP/2, http2, HTTPS, JA3, John, KERBEROS, MS-BRWS, NBNS, NetBIOS, NetworkMiner, NetworkMinerCLI, OSINT, pcap
I am happy to announce the release of NetworkMiner 2.5 today! This new version includes new features like JA3 and parsers for the HTTP/2 and DoH protocols. We have also added support ...
NETRESEC Network Security Blog
Raspberry Pi 4 Model B running PolarProxy

Raspberry PI WiFi Access Point with TLS Inspection

| | how to, HowTo, HTTP/2, http2, HTTPS, linux-arm, pcap, PolarProxy, Raspberry Pi, ssl, TLS, wifi, Wireshark
This is a how-to guide for setting up a Raspberry Pi as a WiFi Access Point, which acts as a transparent TLS proxy and saves the decrypted traffic in PCAP files. Image: ...
NETRESEC Network Security Blog
PolarProxy flow chart

PolarProxy Released

| | DNS over HTTPS, DNS-over-TLS, DoH, DoT, HTTP/2, http2, ids, IMAPS, NIDS, pcap, PolarProxy, POP3S, SMTPS, ssl, SSLKEYLOGFILE, tcpreplay, TLS, Wireshark
I'm very proud to announce the release of PolarProxy today! PolarProxy is a transparent TLS proxy that decrypts and re-encrypts TLS traffic while also generating a PCAP file containing the decrypted traffic ...
NETRESEC Network Security Blog
march release.png

HTTP/2 Will be Automatically Enabled by Default on the Akamai Intelligent Edge Platform

| | http2, Web Performance, webperformance
HTTP, the foundation for data communication over the web, wasn't designed for delivering the rich content that is common in today's websites. HTTP/2, which represents a major update to the HTTP network ...
The Akamai Blog