# finding passwords to sites in squid log



## miscar (Jan 14, 2009)

Looking at the forums i seem to be the only newbie here and i hate to continue to ask questions but to learn thats the only way besides reading the man and this isnt covered that i can find. i have squid up and running as a proxy server in my house , my kids can only connect via this proxy. My daughter has a myspace which she has set to private ( good idea given her age ) However her mother would like to see it just to make sure the younger girls arent up to no good ( the equivalent to finding your kids diary under the mattress) sure she could ask our daughter whats her password and we would get it but its a matter of of the kids thinking you trust them at the same time looking out for them scenario.  is it possible to extract her password in the squid logs?


----------



## anomie (Jan 14, 2009)

miscar said:
			
		

> My daughter has a myspace which she has set to private.. is it possible to extract her password in the squid logs?



No - myspace logins are over https. Even a packet sniffer would just get you (encrypted) garbage. 

You _can_ use squid to deny access to myspace, however...


----------



## SirDice (Jan 14, 2009)

Even if the credentials were sent via HTTP it'll be POSTed. AFAIK squid doesn't log the data that's POSTed.


----------



## jemate18 (Jan 24, 2009)

You'll not be able to get what you want.. Only possible thing is to use a keylogger.. BUt I think keylogger usage is ethically wrong.. just my personal opinion


----------



## marius (Jan 25, 2009)

The idea in the first place is very wrong


----------



## sniper007 (Jan 26, 2009)

password in squid log? no way 

You can try with M-I-T-M (ettercap) but there will be also a problem with (unknown) certificate. By default settings web browsers deny unknown (untrusted) certificates, but if your daughter will click continue anyway then you are the winner


----------



## SirDice (Jan 26, 2009)

miscar said:
			
		

> However her mother would like to see it just to make sure the younger girls arent up to no good ( the equivalent to finding your kids diary under the mattress) sure she could ask our daughter whats her password and we would get it but its a matter of of the kids thinking you trust them at the same time looking out for them scenario.  is it possible to extract her password in the squid logs?



Err.. Didn't read too good.. So you don't want to ask her because of trust but you are willing to totally violate her trust and her privacy by sneakily gaining access to her myspace?


----------

