HTTPS inspection

Hello, i use HTTP proxy with inspection and i I wonder where login and password data are stored ? Can I see them ?


  • Options

    login and password data - for what?

    If they are ones that are entered on a web site from an internal web browser, then no.
    Fireware unencrypts Inspected traffic from an internal web browser, inspects the packet & applies the specified policy parts, and then re-encrypts it and sends it to the destination.
    The only info from the unencrypted packet that you can see is what may be shown in log records.
    No data going to a web site is stored in Fireware other than domain and URL info, data amount etc., which is used for logging and reporting, if you have selected to log or log for reports on the proxy.

  • Options
    james.carsonjames.carson Moderator, WatchGuard Representative

    Websites generally do not send password data as plaintext, and the data would generally be hashed, XOR'ed, etc.

    Dimension does not log that data -- just that a connection occurred, and if you have URL paths enabled, what the URL path is.

    You can use the diagnostic tasks tool in Firebox System Manager to run a tcpdump of your traffic:

    However, even if the TLS session is decrypted, you're likely not going to see the password as it won't be plaintext.

    -James Carson
    WatchGuard Customer Support

Sign In to comment.