Snort ssl preprocessor

**breimer273** · 07-27-2011

Here's my issue:
I am developing a preprocessor for Snort. I am trying to use the out of the box SSL preprocessor as a base line but so far its not making a whole lot of sense. Specifically I want to store the exchange between the server and the client (i.e. the IP addresses, certificates, essentially all the information that is sent before the connection gets encrypted). From what it looks like, looking at the code for the SF_snort_packet, which is the main structure that the rest of the SSL preprocessor uses, there is no way to access all of that information that I want to. Is this true? Is there another way to access the stream directly? Thanks for the input.

**anduril462** · 07-27-2011

I doubt you'll find many snort experts here -- I'm certainly not one. Somebody else may come along later and give you the help you need, but I wouldn't hold your breath. Have you tried asking this on the snort mailing lists (http://www.snort.org/community/groups/)?

We can definitely help you if you have any specific C questions, but your general "how does snort's dynamic preprocessor work" is not well suited for this forum.

**breimer273** · 07-28-2011

No, I haven't tried that yet. I knew there was a lot of members here and thought maybe someone would come along who could help me our. I will go over to the snort group and ask there. Thanks!

Thread: Snort ssl preprocessor

Thread Tools

Search Thread

Display

Snort ssl preprocessor

Similar Threads

Preprocessor help

preprocessor help

preprocessor!!

Preprocessor

C preprocessor