Re: [sleuthkit-users] Autopsy over SSL?
Brought to you by:
carrier
Menu
▾
▴
Re: [sleuthkit-users] Autopsy over SSL?
|
From: Brooks, P. <pre...@tw...> - 2006-08-22 14:33:45
|
If you are going to do the reverse proxy, then you need to start autopsy with the -C option. It doesn't work with the cookie in the URL. Did you confirm that apache is running on port 443. I would get apache configured to respond on 443. I ran autopsy from inittab, actually with the -C option. Once that is running, test that you can reach the autopsy session via the localhost. You can try lynx to test. Then add the proxy config to join the two together. This way, you can troubleshoot one component at a time. On Tue, 2006-08-22 at 10:22 -0400, Sorrelle Michael W Ctr AFOSI/DOZI wrote: > > > Thanks for all the suggestions! > I tried the Apache proxy method that Prentis gave, but it didn't seem > to > work. > So (as requested), here's a bit more detail on what I'm doing, and > trying to accomplish: > > 1. On the local/client machine (WinXP), I'm using puTTY to open an SSH > login to the remote/server machine (Ubuntu 6.06), and in that login > window, I start Autopsy (via the supplied Perl script, with slight > modification), which generates the http string (for use in the client > browser), which I then write to a file on the remote server. > > 2. I then use WinSCP to copy that file from server to client, and then > open a browser window (IE) on the client with that generated http > string > (ex: http://192.168.1.101:9999/19427537547421863764/autopsy) in the > address, which displays the Autopsy main screen. (for test purposes, I > have the two machines on a standalone local network, but in actual > use, > the remote machine could be anywhere in the world.) > > So from that point, the forensic analysis via Autopsy transpires over > the network via the browser. It's that communication via browser that > I > need to have secure/encrypted. > > I did the Apache proxy configuration given, in the proxy.conf file, > and > added the symlinks for proxy* and ssl* in the mods_enabled directory. > I > also added 'Listen 443' to the ports.conf file. I then restarted > apache, and did the above steps to open Autopsy. But when I change > the > url to https (with or without ':443'), it doesn't work. > > If I'm missing something simple/obvious, by all means let me know. > And > I won't be insulted by any explicit instructions or steps to follow. > > - - > Mike > > > -----Original Message----- > Date: Mon, 21 Aug 2006 16:01:41 -0400 > From: "Brooks, Prentis" <pre...@tw...> > Subject: Re: [sleuthkit-users] Autopsy over SSL? > To: <an...@n-...>, <sle...@li...> > > Here is a sample from the apache 2.2 documentation that I have > modified > to reflect how I did this before. These commands have not changed > since > 2.0, so this will work. > > ProxyRequests Off > > # This is to control access, I highly recommend configuring apache to > require some level of authentication before # proxying the > connections. > <Proxy *> > Order deny,allow > Allow from all > </Proxy> > > ProxyPass /autopsy http://127.0.0.1/autopsy > ProxyPassReverse /autopsy http://127.0.0.1/autopsy > > > -----Original Message----- > From: sle...@li... on behalf of Angus > Marshall > Sent: Mon 8/21/2006 3:56 PM > To: sle...@li... > Subject: Re: [sleuthkit-users] Autopsy over SSL? > > Installing apache as a server won't help you - Autopsy is a server in > its own right and doesn't speak HTTPS itself. > > OTOH - you could probably use Apache's proxy pass through > functionality > to enable it to act as a HTTPS proxy to the Autopsy process. That > would > take a little bit of hacking around in the config file, but should be > possible. If you can wait a couple of days, I'll see if I can find > time > to try it out. > > ------------------------------------------------------------------------- > Using Tomcat but need to do more? Need to support web services, > security? > Get stuff done quickly with pre-integrated technology to make your job > easier > Download IBM WebSphere Application Server v.1.0.1 based on Apache > Geronimo > http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 > _______________________________________________ > sleuthkit-users mailing list > https://lists.sourceforge.net/lists/listinfo/sleuthkit-users > http://www.sleuthkit.org > > |
