I’m very proud to announce the release of PolarProxy today! PolarProxy is a transparent TLS proxy that decrypts and re-encrypts TLS traffic while also generating a PCAP file containing the decrypted traffic.
PolarProxy enables you to do lots of things that have previously been impossible, or at least very complex, such as:
- Analyzing HTTP/2 traffic without an SSLKEYLOGFILE
- Viewing decrypted HTTPS traffic in real-time using Wireshark
- Replaying decrypted traffic to an internal or external interface using tcpreplay
- Forwarding of decrypted traffic to a NIDS (see tcpreplay command above)
- Extracting DNS queries and replies from DNS-over-TLS (DoT) or DNS-over-HTTPS (DoH) traffic
- Extracting email traffic from SMTPS, POP3S or IMAPS
Here is an example PCAP file generated by PolarProxy:
This capture files contains HTTP, WebSocket and HTTP/2 packets to Mozilla, Google and Twitter that would otherwise have been encrypted with TLS.
Image: HTTP/2 traffic from PolarProxy opened in Wireshark
Now, head over to our PolarProxy page and try it for yourself (it’s free)!
Posted by Erik Hjelmvik on Friday, 21 June 2019 06:00:00 (UTC/GMT)