opensnitch
opensnitch copied to clipboard
collect statistics about CA
while apps are creating TLS connections, the daemon should (asynchronously) reslove the whole certificates chain of every visited host and collect statistics about what certification authority is being used for each one (incrementing its connection counter in a new by_ca map[string]int
field. These new stats should be rendered as a new tab in the UI.
not bad, haven't seen these stats anywhere else!
yeah, i'm personally very curious to see from whom my traffic is protected and encrypted ...
This would be GREAT! Fantastic idea ;-)
Removed this from the 1.0.0 milestone as it'll take more time than I initially thought. There're two ways of handling this:
-
Whenever a new TLS connection is detected, the daemon can asynchronously connect to the same host and fetch the certificates chain, this adds a lot of overhead and it's generally slow. <-- This is not the correct approach
-
TLS handshake packets should be intercepted on the Netfilter queue and the
Certificates
section parsed and extracted from them. The problem is that the whole handshake takes more than just one packet, so the system should collect, reassemble and then parse when the end of the handshake is reached (there's a specific marker for it). <-- This is
The second approach is being developed on the passive-tls-query branch.