On Mon, May 25, 2020 at 06:34:19PM +1200, Amos Jeffries wrote: > On 25/05/20 12:56 am, Scott wrote: > > Hi, > > > > Can someone recommend an ICAP application that will allow me to dump the HTTP > > of a client-server conversation? > > > > I am doing some forensics on an app - I have sslbump configured correctly and > > I can get the traffic to c-icap (for example). > > > > I'd like to dump this to a text file. > > > > Is there a dump option for c-icap? I couldn't find one. > > > > FYI; this action is illegal in a lot of places. Even answering your > question can be quite risky. > > > To perform traffic forensics you can use the Squid cache.log directly > and not involve any insecure third-party software or communication > dumps. See <https://wiki.squid-cache.org/KnowledgeBase/DebugSections> > for more details. > > "debug_Options 11,2" is probably all you need. > > > Amos > Thanks, I'm inspecting my own data between my own endpoints as part of a some proving-of-concept, so there's no illegality here, but I appreciate the caution. Using the cache.log and debug provided me with too much data. With ICAP I'm able to apply ACLs to limit the traffic sent to the ICAP server. Am I right in saying that it is possible to do, I just need the right ICAP server? I'm happy to write one myself, I'm just surprised that it's not been done before. I thought perhaps I was missing an option, say in c-icap or some other server. _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
