Config advice / wireshark

Joel Parker joel.parker.gm at gmail.com
Fri Apr 21 16:05:39 UTC 2017


I guess logging would work I just need to capture the full request and
response to replay later. Is there a standard way to do this or plugin
available ?



On Fri, Apr 21, 2017 at 10:42 AM, Joel Parker <joel.parker.gm at gmail.com>
wrote:

> The only other thing I was thinking of was to double proxy through
> localhost. i.e. user -> proxy -> localhost proxy -> upstream server. Seems
> like it is pretty convoluted but is it still possible ?
>
>
> On Fri, Apr 21, 2017 at 10:30 AM, Robert Paprocki <rpaprocki@
> fearnothingproductions.net> wrote:
>
>> Is what compatible? Nginx logging? I don't think so, Nginx logs are
>> intended to be human readable. Related docs: http://nginx.org/en/docs
>> /http/ngx_http_log_module.html#log_format
>>
>> On Fri, Apr 21, 2017 at 8:25 AM, Joel Parker <joel.parker.gm at gmail.com>
>> wrote:
>>
>>> Is it compatible with something like log2pcap ? or I just need to set
>>> the format somehow to be compatible with it.
>>>
>>> Joel Parker
>>>
>>> On Fri, Apr 21, 2017 at 10:21 AM, Robert Paprocki <
>>> rpaprocki at fearnothingproductions.net> wrote:
>>>
>>>> Unless wireshark has access to the private key (and PFC isn't enabled),
>>>> you're best bet would be to log the data from nginx directly, rather than
>>>> trying to examine the raw bytes on the wire.
>>>>
>>>> > On Apr 21, 2017, at 08:10, Joel Parker <joel.parker.gm at gmail.com>
>>>> wrote:
>>>> >
>>>> > I currently have a config that allows me to terminate TLSv1.2 and
>>>> decrypt it. Then it re-encrypts the packets with a different cert before
>>>> sending to the upstream servers. I want to "look" at the decrypted packets
>>>> before they are encrypted but I am not sure the best way to accomplish this.
>>>> > _______________________________________________
>>>> > nginx mailing list
>>>> > nginx at nginx.org
>>>> > http://mailman.nginx.org/mailman/listinfo/nginx
>>>> _______________________________________________
>>>> nginx mailing list
>>>> nginx at nginx.org
>>>> http://mailman.nginx.org/mailman/listinfo/nginx
>>>>
>>>
>>>
>>> _______________________________________________
>>> nginx mailing list
>>> nginx at nginx.org
>>> http://mailman.nginx.org/mailman/listinfo/nginx
>>>
>>
>>
>> _______________________________________________
>> nginx mailing list
>> nginx at nginx.org
>> http://mailman.nginx.org/mailman/listinfo/nginx
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20170421/b1041356/attachment.html>


More information about the nginx mailing list