Re: [sleuthkit-users] Autopsy over SSL?
Brought to you by:
carrier
Menu
▾
▴
Re: [sleuthkit-users] Autopsy over SSL?
|
From: Sorrelle M. W C. AFOSI/D. <mic...@og...> - 2006-08-22 14:22:22
|
=20 Thanks for all the suggestions! I tried the Apache proxy method that Prentis gave, but it didn't seem to work. So (as requested), here's a bit more detail on what I'm doing, and trying to accomplish: 1. On the local/client machine (WinXP), I'm using puTTY to open an SSH login to the remote/server machine (Ubuntu 6.06), and in that login window, I start Autopsy (via the supplied Perl script, with slight modification), which generates the http string (for use in the client browser), which I then write to a file on the remote server. 2. I then use WinSCP to copy that file from server to client, and then open a browser window (IE) on the client with that generated http string (ex: http://192.168.1.101:9999/19427537547421863764/autopsy) in the address, which displays the Autopsy main screen. (for test purposes, I have the two machines on a standalone local network, but in actual use, the remote machine could be anywhere in the world.) So from that point, the forensic analysis via Autopsy transpires over the network via the browser. It's that communication via browser that I need to have secure/encrypted. I did the Apache proxy configuration given, in the proxy.conf file, and added the symlinks for proxy* and ssl* in the mods_enabled directory. I also added 'Listen 443' to the ports.conf file. I then restarted apache, and did the above steps to open Autopsy. But when I change the url to https (with or without ':443'), it doesn't work. If I'm missing something simple/obvious, by all means let me know. And I won't be insulted by any explicit instructions or steps to follow. - - Mike=20 =20 -----Original Message----- Date: Mon, 21 Aug 2006 16:01:41 -0400 From: "Brooks, Prentis" <pre...@tw...> Subject: Re: [sleuthkit-users] Autopsy over SSL? To: <an...@n-...>, <sle...@li...> Here is a sample from the apache 2.2 documentation that I have modified to reflect how I did this before. These commands have not changed since 2.0, so this will work. ProxyRequests Off # This is to control access, I highly recommend configuring apache to require some level of authentication before # proxying the connections. <Proxy *> Order deny,allow Allow from all </Proxy> ProxyPass /autopsy http://127.0.0.1/autopsy=20 ProxyPassReverse /autopsy http://127.0.0.1/autopsy -----Original Message----- From: sle...@li... on behalf of Angus Marshall Sent: Mon 8/21/2006 3:56 PM To: sle...@li... Subject: Re: [sleuthkit-users] Autopsy over SSL? =20 Installing apache as a server won't help you - Autopsy is a server in its own right and doesn't speak HTTPS itself. OTOH - you could probably use Apache's proxy pass through functionality to enable it to act as a HTTPS proxy to the Autopsy process. That would take a little bit of hacking around in the config file, but should be possible. If you can wait a couple of days, I'll see if I can find time to try it out. |
