Hello guys, please help me. I want to see full URL path in packet log file. As for now I am just getting domains. Examples are below:
2021-09-25,20:49:58.886,SID-USER-[L2TP]-3,SID-SECURENAT-
2,CA2FC347F2E3,5ED34E629BDC,0x0800,571,TCP_DATAv4,PSH+ACK,192.168.40.10,54828,104.16.88.20,https(443),2610412907,2187798747,WindowSize=65535 HttpMethod=SSL_Connect HttpUrl=https://cdn.jsdelivr.net/ ,-,91.190.115.253(port=1701),-
2021-09-25,20:49:59.277,SID-USER-[L2TP]-3,SID-SECURENAT-2,CA2FC347F2E3,5ED34E629BDC,0x0800,571,TCP_DATAv4,PSH+ACK,192.168.40.10,59838,31.13.82.36,https(443),850941128,961478128,WindowSize=65535 HttpMethod=SSL_Connect HttpUrl=https://www.facebook.com/ ,-,91.190.115.253(port=1701),-
I need SoftEther to log full url for every website browsed.
Thanks
How to see full URL path in logs?
-
- Posts: 286
- Joined: Wed Nov 25, 2020 9:10 am
Re: How to see full URL path in logs?
It’s impossible as full path is encrypted.
-
- Posts: 139
- Joined: Sat Feb 13, 2021 10:22 pm
Re: How to see full URL path in logs?
You can be happy you see the servername. The original https specification did not allow this. But then, as IP addresses got scarce, a method called SNI was introduced to make it possible that multiple webservers can be hosted by a single IP. Therefore submitting the hostname unencrypted.
It is of course possible to see what users do, but it is out of the scope of Softether:
You need to install a transparent proxy and force all http/https traffic trough it. Add a MITM system to it, so that the proxy itself issues certificates for every site the clients visit. However, clients will only trust this proxy if you install its root certificate into the System of every client. Typically this will make sense only in a manged company network.
It is of course possible to see what users do, but it is out of the scope of Softether:
You need to install a transparent proxy and force all http/https traffic trough it. Add a MITM system to it, so that the proxy itself issues certificates for every site the clients visit. However, clients will only trust this proxy if you install its root certificate into the System of every client. Typically this will make sense only in a manged company network.