Article delegate-en/4486 of [1-5169] on the server localhost:119
  upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
Newsgroups: mail-lists.delegate-en

[DeleGate-En] Re: STLS=-mitm parameter and HTTPS sniffing
05 Jun 2009 10:00:21 GMT (Yutaka Sato)
The DeleGate Project


In message <_A4458@delegate-en.ML_> on 05/21/09(07:47:23)
you =?ISO-8859-1?Q?Guilherme_V=EAnere?= <> wrote:
 |. Second problem: I'm setting up this firewall as a monitoring machine
 |to study malware related traffic. So I want to do HTTPS sniffing for
 |the connections above. I tried using the parameter STLS=-mitm, but
 |delegated complain with this message in stdout.log: ##
 |beManInTheMiddle: Not Available in the Source Distribution"

STLS=mitm is available only in the binary distribution of DeleGate.

 |So i tried running with the parameters below:
 |./delegated -P8080 SERVER=http STLS=-fcl,-fsv LOGDIR=/tmp
 |FTOCL=-tee-a/tmp/tocl.log FTOSV=-tee-a/tmp/tosv.log
 |It seems it does not work as I expected. It's logging the traffic, but
 |on HTTPS connections it's logging the encrypted data. How can I log
 |the unencrypted data? Is this possible with delegate?

STLS=mitm does more than decryption/encryption of SSL.  Acting as
an explicit HTTP proxy (or SSL-tunnel in this case), it interprets
CONNECT request (not encrypted in SS) from a HTTP client to
establish a connection to the target HTTPS/SSL server.  After the
connection is established, it start SSL relay like STLS="fcl,fsv".

Note that you need do proxy-authentication with a user name "mitm"
to use STLS=mitm.  You can change the authentication by adding
an AUTHORIZER for MITM option like:


  9 9   Yutaka Sato <>
 ( ~ )  National Institute of Advanced Industrial Science and Technology
_<   >_ 1-1-4 Umezono, Tsukuba, Ibaraki, 305-8568 Japan
Do the more with the less -- B. Fuller

  admin search upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]