Advertisement Β· 728 Γ— 90
#
Hashtag
#PolarProxy
Advertisement Β· 728 Γ— 90
π™½π™΄πšƒπšπ™΄πš‚π™΄π™²
π™½π™΄πšƒπšπ™΄πš‚π™΄π™²
@netresec.com
1 year ago
The command I used to run PolarProxy to decrypt my TLS traffic was: sudo polarproxy --terminate --connect 10.10.10.3 -p 443,80,80 --leafcert sign -o . -v This intercepts TLS traffic coming from port 443, decrypts it, and forwards the decrypted traffic to 10.10.10.3:80 (My Remnux VM IP), where it is caught by INetSim’s HTTP Listener and logged. It also writes a PCAP to the local directory containing the decrypted traffic as if it was directed at port 80.

The command I used to run PolarProxy to decrypt my TLS traffic was: sudo polarproxy --terminate --connect 10.10.10.3 -p 443,80,80 --leafcert sign -o . -v This intercepts TLS traffic coming from port 443, decrypts it, and forwards the decrypted traffic to 10.10.10.3:80 (My Remnux VM IP), where it is caught by INetSim’s HTTP Listener and logged. It also writes a PCAP to the local directory containing the decrypted traffic as if it was directed at port 80.

Nice malware lab setup using FLARE VM, #PolarProxy and #REMnux to decrypt and inspect TLS traffic.
www.koenmolenaar.nl/nl/write-ups...

5 4 2 0