On 05/25/2018 12:47 PM, Hugo Saavedra wrote: > is there any chance to make a copy of the actual decrypted traffic, > and send it to a kind of virtual ethernet interface?, I want to > analyze this traffic with other tools like BRO IDS or Suricata. Yes, this can be (and has been) done using ICAP or eCAP services. Those services receive decrypted traffic and can emulate a rough equivalent of the original HTTP traffic (without the encryption), directing that traffic at the external analysis tools. For those external tools, the traffic will look like ordinary plain HTTP. Alex. _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
