Home Network Setup for Sniffing HTTPS Traffic
-
Let me start by saying that I am not computer savy, and may need things explained like I'm 5... Many thanks in advance for your help.
I am trying to set up a firewall/proxy that will enable me to log traffic on our home network. The purpose is to keep an eye on what's accessed by our children now they've reached the glorious years of finding inappropriate sites/content on the internet. Everybody in the home is, and will be aware that web traffic is being monitored. I have tried using OpenDNS, and it performs it's function well. Unfortunately I can't get as much information as needed though. For example, I want them to have access to youtube, but it would be nice to see which content on youtube is being accessed.
My hope is that a proper configuration of pfSense and Squid using WPAD should do the job. If used correctly, will I still have issues with SSL certificates? We will monitor web traffic on iPhones and I have no idea how to import certificates on an iPhone.
I'm thinking that an old laptop will be used as a proxy placed between the ISP modem and router. Is this a viable setup? Is there a simpler solution to this problem? Any advice on configuring for this? Thanks in advance for helping out this clueless dad.
-
If you setup Squid for full intercept (MITM) then you can see the full URLs being accessed. You do have to either install the CA cert for transparent mode or set the proxy manually on the device. I've never tried that on an iphone but it's probably possible.
Unfortunately that does really help much on YouTube where the full URL looks like:
https://www.youtube.com/watch?v=xm_wEezrWf4That can be the case with many sites. An old laptop can work but I would probably put it behind an existing router if you're not going to replace the router with it. You will need two interface to run pfSense like that, unless you can do some clever routing in the ISP device which is very unlikely.
Steve
-
@dirtydish been many many years since my sons were home and had to worry about what they did on the net, and the net was a much different place 20 years ago ;)
But pfsense can act as your proxy, you don't need to setup some laptop to do that.
https traffic can be difficult.. There would be a very steep learning curve sadly to say.
If they are using tablets and iphones - you might be better off using the tools meant to monitor those..
https://support.apple.com/en-us/HT201304
I do a bit of this with my grand daughters phone - she can not install any apps without it asking me for permission.. I get a notification - and she texts me ;) Pa can you approve ;) -- she lives in California..
You can also look into monitoring youtube history, etc. Such tools will most likely be easier to get going with and easier to manage and use than say some proxy log that is for sure.
