On 09/04/2016 08:40 AM, Wesley Whitteker wrote: > I've been doing some testing with Squid and am currently using it to > decrypt HTTPS flows (i.e. MITM Proxy). I also have the C-ICAP feature > working. > > Now, I'm trying to determine if Squid has the capabilities to send a > copy of decrypted HTTPS traffic out a particular port on the HW platform > I'm running squid on -- any ideas if this has/can be done?
This is possible using ICAP or eCAP interfaces: Folks write ICAP or eCAP adapters that reassemble TCP/IP traffic based on the adaptation messages those adapters receive from Squid and inject that TCP/IP traffic into the network. Needless to say, the injected traffic is not exactly the same as the original would have been, but the differences are usually not important for the logging and analysis tools that receive the injected TCP/IP packets. It works pretty well, actually. HTH, Alex. _______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
