PolarProxy

PolarProxy 2.0.1

PolarProxy 2.0.1 Released

| | pcap, PolarProxy, proxy, TLS
Our TLS inspection proxy PolarProxy has been updated with bug fixes, improved performance and more reliable PCAP output. The recent PolarProxy 2.0 release added musl/Alpine compatibility and support for unencrypted HTTP proxy ...
NETRESEC Network Security Blog
PolarProxy 2.0

PolarProxy 2.0 Released

| | cutoff, Docker, PolarProxy, systemd
A new major release of PolarProxy is out with a self-contained single-file binary, expanded platform support (musl/ARM), and improved container and service plumbing. PolarProxy is a transparent TLS/SSL inspection proxy built for ...
NETRESEC Network Security Blog
PolarProxy 1.0.1

PolarProxy 1.0.1 Released

| | 0A000412, 0A000418, 0x0A000412, 0x0A000418, bad_certificate, decrypt_fail_errorcode, Fail Open, HUP, JA4, PolarProxy, SIGHUP, unknown_CA
The new release of PolarProxy generates JA4 fingerprints and enables ruleset to match on specific decryption errors, for example to enable fail-open in case the TLS traffic cannot be decrypted and inspected ...
NETRESEC Network Security Blog
PolarProxy block/inspect/bypass ASCII

Blocking Malicious sites with a TLS Firewall

| | ascii-art, pihole, PolarProxy, RPZ, ThreatFox, TLS Firewall
Over 90 percent of all web traffic is encrypted nowadays, which is great of course. However, as HTTP and DNS traffic gets encrypted, defenders have a more difficult time blocking malicious network ...
NETRESEC Network Security Blog
Wireshark SSLKEYLOGFILE

How to Inspect TLS Encrypted Traffic

| | decrypt, Diffie–Hellman, forward secrecy, mitmproxy, pcap, PolarProxy, rsa, SSLKEYLOGFILE, SSLsplit, TLS, TLS Inspection, Wireshark
Do you want to analyze decrypted TLS traffic in Wireshark or let an IDS, like Suricata, Snort or Zeek, inspect the application layer data of potentially malicious TLS encrypted traffic? There are ...
NETRESEC Network Security Blog
PolarProxy TLS Firewall - block malicious, inspect suspicious, bypass legitimate

PolarProxy 1.0 Released

| | ascii-art, block, bypass, EasyPrivacy, firewall, inspect, PolarProxy, rules, ruleset, ThreatFox, TLS, TLS Firewall
I am thrilled to announce the release of PolarProxy version 1.0 today! Several bugs that affected performance, stability and memory usage have now been resolved in our TLS inspection proxy. PolarProxy has ...
NETRESEC Network Security Blog
PolarProxy TLS redirect

TLS Redirection and Dynamic Decryption Bypass in PolarProxy

| | ascii-art, bypass, bypassonfail, Domain Fronting, Fail Open, PolarProxy, redirect, SNI, TLS
PolarProxy is constantly being updated with new features, enhanced performance and bug fixes, but these updates are not always communicated other than as a short mention in the ChangeLog. I would therefore ...
NETRESEC Network Security Blog
PCAP over IP

What is PCAP over IP?

| | Arkime, ncat, netcat, NetworkMiner, Packetbeat, pcap, PCAP-over-IP, PolarProxy, Suricata, tcpdump, tcpreplay, tshark, Wireshark, Zeek
PCAP-over-IP is a method for reading a PCAP stream, which contains captured network traffic, through a TCP socket instead of reading the packets from a PCAP file. A simple way to create ...
NETRESEC Network Security Blog
Manage Interfaces in Wireshark

Real-time PCAP-over-IP in Wireshark

| | pcap, PCAP-over-IP, pcapoverip, PolarProxy, Wireshark
Did you know that it is possible to stream captured packets from a remote device or application to Wireshark in real-time using PCAP-over-IP? This blog post explains how you can configure Wireshark ...
NETRESEC Network Security Blog
Images extracted from decrypted HTTP/2 traffic shown in NetworkMiner

PolarProxy in Windows Sandbox

| | HTTPS, NetworkMiner, PCAP-over-IP, pcapoverip, PolarProxy, Proxifier, proxy, sandbox, SOCKS, TLS, Windows, Windows Sandbox, WSB
In this video I demonstrate how PolarProxy can be run in a Windows Sandbox to intercept and decrypt outgoing TLS communication. This setup can be used to inspect otherwise encrypted traffic from ...
NETRESEC Network Security Blog
Load more