|
HTTPS/SSL Network
Packet Forensics Device
HTTPS/SSL Network Forensics Device
(HTTPS/SSL Interceptor) is designed specially for forensics
purpose where it is used to decrypt HTTPS/SSL traffic. It can be
used by legal enforcement bodies, police, investigation units,
forensics firms, government departments for tracking or monitoring
suspects HTTP and HTTPS activities (through Internet). HTTPS/SSL
Device has E-Detective web reconstruction function (HTTP Link and
HTTP Content) integrated into the system which allow the
administrator to see the web page content of normal and secured web
page.
HTTPS/SSL Interceptor can works in two modes: 1. Man in the
Middle Attack (MITM); and 2. Offline Method (Decrypting HTTPS raw
data with Private Key Available). In MITM method, it acts as a proxy
to the targeted PC/suspect. All traffic from the targeted PC or
suspect will be redirected to the HTTPS/SSL Interceptor.
Therefore, it can collect the genuine certificate from SSL Server if
the targeted PC access to the SSL Server. At the mean time, the
HTTPS/SSL Interceptor returns with its own generated
certificate. In this method, it allows the HTTPS/SSL Interceptor
to decrypt the HTTPS traffic. In Offline Method, with the HTTPS raw
data captured, HTTPS/SSL Interceptor is capable to decrypt
the traffic if the private key is available.
Login usernames and passwords like Google or Gmail login, Yahoo Mail
login, ebay login etc. can be captured by the HTTPS/SSL
Interceptor.
Diagram1: HTTPS/SSL
Network Packet Forensics Device MITM Implementation
More HTTPS/SSL Interceptor Product Information
|
