HTTPS inspection
Hello, i use HTTP proxy with inspection and i I wonder where login and password data are stored ? Can I see them ?
0
Sign In to comment.
Hello, i use HTTP proxy with inspection and i I wonder where login and password data are stored ? Can I see them ?
Comments
login and password data - for what?
If they are ones that are entered on a web site from an internal web browser, then no.
Fireware unencrypts Inspected traffic from an internal web browser, inspects the packet & applies the specified policy parts, and then re-encrypts it and sends it to the destination.
The only info from the unencrypted packet that you can see is what may be shown in log records.
No data going to a web site is stored in Fireware other than domain and URL info, data amount etc., which is used for logging and reporting, if you have selected to log or log for reports on the proxy.
Websites generally do not send password data as plaintext, and the data would generally be hashed, XOR'ed, etc.
Dimension does not log that data -- just that a connection occurred, and if you have URL paths enabled, what the URL path is.
You can use the diagnostic tasks tool in Firebox System Manager to run a tcpdump of your traffic:
https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/fsm/log_message_learn_more_wsm.html
However, even if the TLS session is decrypted, you're likely not going to see the password as it won't be plaintext.
-James Carson
WatchGuard Customer Support