Hi Henrik. > So your real question is if it is possible to determine with the help of > Squid if this employee is uploading confidential information to a third > party web site.
No ! My REAL (and original) question is if it is possible to grab user and password from an url. Sorry, but I heat when one change my question because "I'm sure you intend this question and not the original one you made". I am a consultant, my customer wanna know user and password for the virtual hard drive and I have to give it him. Stop. We already know the employee is uploading confidential information to the internet. > >From the Squid logs you can easily tell what web sites the user is > visiting, and how often. Already done! This is the way I discovered the abnormal traffic. > If you think this is being done and is done in good faith then the best > action is to simply ask the employee if he is doing this or if he is aware > what the implications of doing so would be. Not technical and/or squid matters. I'm not payed for asking employees, I'm payed for discover the password. > Generally speaking, if the web site is https based then all you can see is > the amount of traffic going in both directions, but if it is http based > then everything can be seen (just dump the network traffic and analyze > it). This is not directly related to Squid but any Internet usage. Already done! HTTPS. Traffic confirm our suspect. We need user/password, remember ? :-) > In an ethical point of view stealing the users personal login details to > this third party web site by analyzing his traffic is very dubious in my > view, and probably illegal in many countries. My customer knows all. He pays me for technical things and he will pay lawers for them things. >You surely should be able to > make up better approaches in proving/disproving the claims of > Internet connection abuse. Already done with a HW keylogger (fantastic toy !). Sorry again If i was acid in this mail. Bye from Italy and Happy 2005 !!! LM