cancel
Showing results for 
Search instead for 
Did you mean: 
satbir
Level 7

MWG security concern related to SSL decryption

Jump to solution

Hello!

First of all i would like to wish you all a very happy new year!!!

In MWG v7.x when we decrypt SSL traffic, let's say of any banking website then is there any chance that if packet capture is taken at that time passwords of SSL websites are visible in pcap file?

I think since packet capture is taken at interface level the packet always keeps the HTTPS content in HTTPS format only. It decrypts analyzes and then re-encrpts the traffic and this re-encrypted traffic is captured on interface again. I am not sure if this is what exactly happens and need confirmation on it. I am taking in regard to only foward proxy.

My concern is HTTPS contant should not be available to anyone for analysis. It may contain user login credentials etc...

Regards,
Satbir

0 Kudos
1 Solution

Accepted Solutions
McAfee Employee

Re: MWG security concern related to SSL decryption

Jump to solution

Hi Satbir!

A packet capture would not contain the users credentials for SSL websites as it would be encrypted (as you described).

I would suggest reviewing the following disucssion, perhaps it is of interest:

https://community.mcafee.com/message/151326#151326

Best,

Jon

0 Kudos
1 Reply
McAfee Employee

Re: MWG security concern related to SSL decryption

Jump to solution

Hi Satbir!

A packet capture would not contain the users credentials for SSL websites as it would be encrypted (as you described).

I would suggest reviewing the following disucssion, perhaps it is of interest:

https://community.mcafee.com/message/151326#151326

Best,

Jon

0 Kudos