Re: [sleuthkit-users] Autopsy over SSL?
Brought to you by:
carrier
Menu
▾
▴
Re: [sleuthkit-users] Autopsy over SSL?
|
From: Angus M. <an...@n-...> - 2006-08-22 14:34:41
|
In that situation, since you already have a ssh session running, I'd strongly recommend going for the simple solution using ssh port forwarding. Using Apache here seems like a hammer to crack a nut. In putty you can achieve it by going into the Putty Configuration screen and going down into Connection->SSH->Tunnels. You need to establish forwarding of a local port to the remote port. (e.g. local 1234 to remote 9999 - you can then use your local browser to connect to http://127.0.0.1:1234/autopsy and let ssh handle the encryption for you. See this URL for an example : http://www.cs.uu.nl/technical/services/ssh/putty/puttyfw.html Your Apache config probably doesn't because the config file doesn't contain the VHost for the SSL server. On Tue Aug 22 15:22 , 'Sorrelle Michael W Ctr AFOSI/DOZI' <mic...@og...> sent: > >Thanks for all the suggestions! >I tried the Apache proxy method that Prentis gave, but it didn't seem to >work. >So (as requested), here's a bit more detail on what I'm doing, and >trying to accomplish: > >1. On the local/client machine (WinXP), I'm using puTTY to open an SSH >login to the remote/server machine (Ubuntu 6.06), and in that login >window, I start Autopsy (via the supplied Perl script, with slight >modification), which generates the http string (for use in the client >browser), which I then write to a file on the remote server. > >2. I then use WinSCP to copy that file from server to client, and then >open a browser window (IE) on the client with that generated http string >(ex: http://192.168.1.101:9999/19427537547421863764/autopsy) in the >address, which displays the Autopsy main screen. (for test purposes, I >have the two machines on a standalone local network, but in actual use, >the remote machine could be anywhere in the world.) > >So from that point, the forensic analysis via Autopsy transpires over >the network via the browser. It's that communication via browser that I >need to have secure/encrypted. > >I did the Apache proxy configuration given, in the proxy.conf file, and >added the symlinks for proxy* and ssl* in the mods_enabled directory. I >also added 'Listen 443' to the ports.conf file. I then restarted >apache, and did the above steps to open Autopsy. But when I change the >url to https (with or without ':443'), it doesn't work. > >If I'm missing something simple/obvious, by all means let me know. And >I won't be insulted by any explicit instructions or steps to follow. > >- - >Mike > > >-----Original Message----- >Date: Mon, 21 Aug 2006 16:01:41 -0400 >From: "Brooks, Prentis" pre...@tw...> >Subject: Re: [sleuthkit-users] Autopsy over SSL? >To: an...@n-...>, sle...@li...> > >Here is a sample from the apache 2.2 documentation that I have modified >to reflect how I did this before. These commands have not changed since >2.0, so this will work. > >ProxyRequests Off > ># This is to control access, I highly recommend configuring apache to >require some level of authentication before # proxying the connections. > >Order deny,allow >Allow from all > > >ProxyPass /autopsy http://127.0.0.1/autopsy >ProxyPassReverse /autopsy http://127.0.0.1/autopsy > > >-----Original Message----- >From: sle...@li... on behalf of Angus >Marshall >Sent: Mon 8/21/2006 3:56 PM >To: sle...@li... >Subject: Re: [sleuthkit-users] Autopsy over SSL? > >Installing apache as a server won't help you - Autopsy is a server in >its own right and doesn't speak HTTPS itself. > >OTOH - you could probably use Apache's proxy pass through functionality >to enable it to act as a HTTPS proxy to the Autopsy process. That would >take a little bit of hacking around in the config file, but should be >possible. If you can wait a couple of days, I'll see if I can find time >to try it out. > >------------------------------------------------------------------------- >Using Tomcat but need to do more? Need to support web services, security? >Get stuff done quickly with pre-integrated technology to make your job easier >Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo >http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 >_______________________________________________ >sleuthkit-users mailing list >https://lists.sourceforge.net/lists/listinfo/sleuthkit-users >http://www.sleuthkit.org |
