I believe that PFSense is router software so mainly works at layer 3, where as SSL inspection happens at layer 7. Maybe you could install Squid on the same system that is running PFSense and do it that way, but I haven't explored this.
Great stuff mate. Im wondering is there a step missing where we add squid proxy certificate to our trustore? We should go a step deeper and get traffic beyond tls. When an application establishes connection using something other than https
Yeah, I didn't cover adding the newly minted certificate to the browsers trust store - you will need to do this. I haven't explored inspecting other encrypted traffic but I am interested in checking that out.
Sorry I haven' been checking the comments. This was a few years ago now so I'll try and release an updated version which includes the build of the proxy.
First of all i'd like to emphasize on how professional this all looks. Smal window with speaker, largest surface takes the actual subject. Also, i like very much is getting deep into "meat" withough unneccessary mumblink. what i don't like however is this annoying looped music in background. Srsly, i'd rather prefer to play my own moody blues while consuming this kind of content ;)
Thanks for the comment. I don't do a lot of YouTubing but I may start to release more videos shortly. The background music is mainly to drain out any humming or awkward silences which is why I kept the volume low. I think it also helps make the jump cuts in the video less noticeable because the music holds it together. A lot of videos use this technique. That said I will probably experiment with different methods if I make further videos.
Clean and clear.
It would be great to see a complete video demonstrating how to build a Squid Proxy with SSL/TLS inspection and LDAP authentication.
@Satiex Any update on my request? It would be really great to see that complete setup.
Great Video mate! Thanks for sharing. Just setting up my lab too to test this very same thing. Cheers!
Great video. Can I do ssl inspection using pfsense and splunk ? Do I need a physical system to install splunk or just pfsense host is enough ?
I believe that PFSense is router software so mainly works at layer 3, where as SSL inspection happens at layer 7. Maybe you could install Squid on the same system that is running PFSense and do it that way, but I haven't explored this.
Great stuff mate. Im wondering is there a step missing where we add squid proxy certificate to our trustore?
We should go a step deeper and get traffic beyond tls. When an application establishes connection using something other than https
Yeah, I didn't cover adding the newly minted certificate to the browsers trust store - you will need to do this.
I haven't explored inspecting other encrypted traffic but I am interested in checking that out.
Hey what about this video about building proxy?
Sorry I haven' been checking the comments. This was a few years ago now so I'll try and release an updated version which includes the build of the proxy.
First of all i'd like to emphasize on how professional this all looks. Smal window with speaker, largest surface takes the actual subject.
Also, i like very much is getting deep into "meat" withough unneccessary mumblink.
what i don't like however is this annoying looped music in background. Srsly, i'd rather prefer to play my own moody blues while consuming this kind of content ;)
Thanks for the comment. I don't do a lot of YouTubing but I may start to release more videos shortly. The background music is mainly to drain out any humming or awkward silences which is why I kept the volume low. I think it also helps make the jump cuts in the video less noticeable because the music holds it together. A lot of videos use this technique. That said I will probably experiment with different methods if I make further videos.
@@Satiex you say "awkward silences or humming", i say "value-added ASMR", werenotthesame.jpg :P