1 Reply Latest reply on Jan 2, 2013 2:12 PM by Jon Scholten

    MWG security concern related to SSL decryption




      First of all i would like to wish you all a very happy new year!!!


      In MWG v7.x when we decrypt SSL traffic, let's say of any banking website then is there any chance that if packet capture is taken at that time passwords of SSL websites are visible in pcap file?


      I think since packet capture is taken at interface level the packet always keeps the HTTPS content in HTTPS format only. It decrypts analyzes and then re-encrpts the traffic and this re-encrypted traffic is captured on interface again. I am not sure if this is what exactly happens and need confirmation on it. I am taking in regard to only foward proxy.


      My concern is HTTPS contant should not be available to anyone for analysis. It may contain user login credentials etc...