METHOD AND SYSTEM FOR ANALYSING AND FILTERING HTTPS TRAFFIC IN CORPORATE NETWORKS

摘要

The proxy system according to the present invention, consists of forwarding the content of the HTTPS requests in an unusual way, by automatically generating a new certificate for the requested destination server. This new certificate is faked. It is signed by a corporate internal Certificate Authority (CA). The new certificate is included in the response sent by the proxy to the client during the SSL session establishment (according to the SSL protocol, the destination server, which in this case will be the proxy server, identifies itself using a certificate). The request is then transparently forwarded to the destination server as a normal or standard HTTP Proxy server does. To prevent clients from detecting this 'man-in-the middle attack', the internal corporate Certificate Authority (CA) used to sign the 'fake' certificates, must be included in the list of Certificates Authorities recognized by the clients in the corporate network.