grab https URL without import CA into PC from squid access log

Asked Jun 19 '23 at 10:10

Active Jun 19 '23 at 10:10

Viewed 20 times

1.The domain aa.com was belongs to our company and we have the public and private key of Wildcard certificate about aa.com.

2.We want to grab all of the URL from the access log which about *.aa.com, so we can use the security scanner to check these URL for vulnerability automatically.

3.We build a transparent SSL proxy by pfSense and we dont want somebody import the CA into the PC,after the testing department finish the function test, we also finish the security scan automatically.

Is it possible to hijack HTTPS requests for all subdomains under a domain with a wildcard certificate without importing a self-signed CA? I don't want to bother my colleagues.

How can I make it ?

Thanks.

asked Jun 19 '23 at 10:10

insmod

Do the domains you want to inspect are running exclusively on certain IP address(es)? That means no other domains are using those IP addresses. – Robert Jun 19 '23 at 11:18
Yes,we can get all the subdomain and the IPs, but maybe some domain use the same IP. – insmod Jun 20 '23 at 03:10

grab https URL without import CA into PC from squid access log

0 Answers0