System and method for decoding traffic over proxy servers

US 9,692,730 B2
Filed: 01/25/2012
Issued: 06/27/2017
Est. Priority Date: 01/27/2011
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

receiving communication packets from a communication network;

identifying at least some of the communication packets as belonging to a communication session that is conducted between a client computer and a target server via a proxy server;

modifying at least some of the identified communication packets to represent an artificial direct session between the client computer and the target server, which does not traverse the proxy server;

decoding the modified packets so as to reconstruct the artificial direct session; and

presenting the reconstructed artificial direct session to a surveillance operator.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and systems for applying surveillance to client computers that communicate via proxy servers. A decoding system accepts communication packets from a communication network. Based on the received packets, the decoding system identifies that a certain client computer conducts a communication session with a target server via a proxy server. The decoding system processes the packets so as to correlate the identity of the client computer with the identity of the target server. The correlated identities may comprise, for example, Internet Protocol (IP) addresses or Uniform Resource Locators (URLs).

23 Citations

10 Claims

1. A method, comprising:
- receiving communication packets from a communication network;
  
  identifying at least some of the communication packets as belonging to a communication session that is conducted between a client computer and a target server via a proxy server;
  
  modifying at least some of the identified communication packets to represent an artificial direct session between the client computer and the target server, which does not traverse the proxy server;
  
  decoding the modified packets so as to reconstruct the artificial direct session; and
  
  presenting the reconstructed artificial direct session to a surveillance operator.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method according to claim 1, further comprising correlating a first identity of the client computer with a second identity of the target server, wherein an indication of the second identity is encoded in one or more of the communication packets that are exchanged between the client computer and the proxy server, and wherein correlating the first identity with the second identity comprises decoding the indication.
  - 3. The method according to claim 1, further comprising correlating a first identity of the client computer with a second identity of the target server, wherein the client computer communicates with the proxy server over a first Transmission Control Protocol (TCP) tunnel, wherein the proxy server communicates with the target server over a second TCP tunnel, and wherein correlating the first identity with the second identity comprises decoding at least one of the first and second TCP tunnels.
  - 4. The method according to claim 1, wherein the proxy server comprises a Hyper-Text Transfer Protocol (HTTP) proxy server.
  - 5. The method according to claim 1, wherein the proxy server operates in accordance with a SOCKS protocol.

6. Apparatus, comprising:
- a network interface, which is configured to receive communication packets from a communication network; and
  
  a hardware processor, which is configured to identify at least some of the communication packets as belonging to a communication session that is conducted between a client computer and a target server via a proxy server,wherein the processor is configured to modify at least some of the identified communication packets to represent an artificial direct session between the client computer and the target server, which does not traverse the proxy server, to decode the modified packets so as to reconstruct the artificial session, and to present the reconstructed artificial direct session to a surveillance operator.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The apparatus according to claim 6, wherein the processor is further configured to correlate a first identity of the client computer with a second identity of the target server, wherein an indication of the second identity is encoded in one or more of the communication packets that are exchanged between the client computer and the proxy server, and wherein the processor is configured to correlate the first identity with the second identity by decoding the indication.
  - 8. The apparatus according to claim 6, wherein the processor is further configured to correlate a first identity of the client computer with a second identity of the target server, wherein the client computer communicates with the proxy server over a first Transmission Control Protocol (TCP) tunnel, wherein the proxy server communicates with the target server over a second TCP tunnel, and wherein the processor is configured to correlate the first identity with the second identity by decoding at least one of the first and second TCP tunnels.
  - 9. The apparatus according to claim 6, wherein the proxy server comprises a Hyper-Text Transfer Protocol (HTTP) proxy server.
  - 10. The apparatus according to claim 6, wherein the proxy server operates in accordance with a SOCKS protocol.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cognyte Technologies Israel Ltd. (Cognyte Software Ltd.)
Original Assignee
Verint Systems Limited (Verint Systems Incorporated)
Inventors
Frid, Naomi
Primary Examiner(s)
Chea, Philip
Assistant Examiner(s)
Nguyen, Van Kim T

Application Number

US13/358,476
Publication Number

US 20120215927A1
Time in Patent Office

1,980 Days
Field of Search

None
US Class Current
CPC Class Codes

H04L 63/0281   Proxies

H04L 63/0407   wherein the identity of one...

H04L 63/30   for supporting lawful inter...

H04L 63/306   intercepting packet switche...

System and method for decoding traffic over proxy servers

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

23 Citations

10 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for decoding traffic over proxy servers

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

23 Citations

10 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links