Squid MITM: How to retrieve decrypted data?

  • Since the whole point of MITM is to look at the data going by, I'm a bit surprised that there doesn't seem to be an obvious way to retrieve the decrypted payload. What am I missing here? Is this buried somewhere in the web GUI? (The Diagnostics->Payload capture facility does not decrypt the data.)

  • Rebel Alliance Developer Netgate

    It's decrypted for processing by squid, not for logging/dumping the content in a general way. It gets passed to things like squidGuard for URL matching or clamav for content checking.

  • That's interesting. I can definitely see the utility of URL matching and filtration. But my problem, as they say, is different. I'm trying to crack the protocol that one of my desktop apps is using to communicate with a remote server. Since the data obviously gets decrypted (to facilitate the URL matching), there must be a way to get at it somehow... Perhaps there is a pfSense package that does this?

  • Rebel Alliance Developer Netgate

    No, there is no package for that. You would have to find or make some kind of c-icap processing program to dig at the data.

  • Thanks for the info. Astounding is what this is. :-)