Faddom Help Center

Can Faddom extract information requiring deep packet inspection (i.e. URLs, Database Schema Names) from encrypted traffic?

In some cases, Faddom can decrypt SSL traffic to analyze the packet payload. This is dependent on the encryption protocol being used and will only work for RSA based key exchange.

In order to configure this, you need to supply Faddom with the private key used for encrypting the traffic.

 

The private key should be in pem format, and should be located on the same host as the sensor that captures this traffic. The private key file path should be set in the sensor configuration file, as well as the private key password, if exists. The configuration file can be found on the sensor appliance at /opt/illuminit/networksensor/NetworkSensor.cfg

ssl_analyzer_key_file

Private key files to use for ssl decryption. Format: ip port pem_file_path

[ip_address] [port] [path_to_pem_file]

 

ssl_analyzer_key_password

Passwords for private key files to use for ssl decryption. Format: ip port password

[ip_address] [port] [password]

 

 

 

If the private key is in pfx format, then you can use openssl to convert it to the required PEM format:

openssl pkcs12 -in keyStore.pfx -out keyStore.pem -nodes

After updating the configuration file, restart the sensor using 

systemctl restart networksensor

Was this article helpful?
0 out of 0 found this helpful

Comments