US2021126905A1PendingUtilityA1

System and method for decoding traffic over proxy servers

Assignee: VERINT SYSTEMS LTDPriority: Jan 27, 2011Filed: Nov 10, 2020Published: Apr 29, 2021
Est. expiryJan 27, 2031(~4.5 yrs left)· nominal 20-yr term from priority
Inventors:Naomi Frid
H04L 63/0281H04L 63/306H04L 63/30H04L 63/0407
58
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

Methods and systems for applying surveillance to client computers that communicate via proxy servers. A decoding system accepts communication packets from a communication network. Based on the received packets, the decoding system identifies that a certain client computer conducts a communication session with a target server via a proxy server. The decoding system processes the packets so as to correlate the identity of the client computer with the identity of the target server. The correlated identities may comprise, for example, Internet Protocol (IP) addresses or Uniform Resource Locators (URLs).

Claims

exact text as granted — not AI-modified
1 . A method, comprising:
 intercepting, by a decoding system, a packet sent between a client computer and a proxy server or between the proxy server and a target server, the packet comprising a first identity of one of the client computer or the target computer in a header of the packet;   decoding, by the decoding system, the packet to extract a second identity of the other one of the client computer or the target server from a payload of the packet;   correlating the first identity with the second identity;   reconstructing and presenting a communication session between the client computer and the target server, as viewed by a user of the client computer, using the correlated first and second identities, the communication session includes the packet.   
     
     
         2 . The method of  claim 1 , wherein the first identity is an Internet Protocol (IP) address of the one of the client computer or the target computer. 
     
     
         3 . The method of  claim 2 , wherein the second identity is a Uniform Resource Locator (URL) of the other one of the client computer or the target server. 
     
     
         4 . The method of  claim 1 , wherein the packet includes an encoded form of the second identity. 
     
     
         5 . The method of  claim 4 , wherein the packet is an Hyper-Text Transfer Protocol (HTTP) request packet. 
     
     
         6 . The method of  claim 1 , wherein reconstructing and presenting the communication session comprises modifying the packet to imitate a modified session between the client computer and the target server that does not traverse the proxy server. 
     
     
         7 . The method of  claim 6 , wherein reconstructing and presenting the communication session further comprises:
 reconstructing the modified session from modified communication packets including the modified packet; and   decoding and presenting the modified communication session.   
     
     
         8 . The method according to  claim 1 , wherein the client computer communicates with the proxy server over a first Transmission Control Protocol (TCP) tunnel, wherein the proxy server communicates with the target server over a second TCP tunnel, and wherein correlating the first and second identities comprises decoding at least the first TCP tunnel. 
     
     
         9 . The method according to  claim 1 , wherein the proxy server comprises a HTTP proxy server. 
     
     
         10 . The method according to  claim 1 , wherein the proxy server operates in accordance with a SOCKS protocol. 
     
     
         11 . An apparatus, comprising:
 a network interface, which is configured to intercept a communication packet sent between a client computer and a proxy server or between the proxy server and a target server, the packet comprising a first identity of one of the client computer or the target computer in a header of the packet; and   a processor, which is configured to decode the packet to extract a second identity of the other one of the client computer or the target server;   wherein the processor is further configured to correlate the first identity with the second identity;   wherein the processor is further configured to reconstruct and present a communication session between the client computer and the target server, as viewed by a user of the client computer, using the correlated first and second identities, the communication session includes the packet.   
     
     
         12 . The apparatus of  claim 11 , wherein the first identity is an Internet Protocol (IP) address of the one of the client computer or the target computer. 
     
     
         13 . The apparatus of  claim 12 , wherein the second identity is a Uniform Resource Locator (URL) of the other one of the client computer or the target server. 
     
     
         14 . The apparatus of  claim 11 , wherein the packet includes an encoded form of the second identity. 
     
     
         15 . The apparatus of  claim 14 , wherein the packet is an Hyper-Text Transfer Protocol (HTTP) request packet. 
     
     
         16 . The apparatus of  claim 11 , wherein the processor is further configured to modify the packet to imitate a modified session between the client computer and the target server that does not traverse the proxy server. 
     
     
         17 . The apparatus of  claim 16 , wherein the processor is further configured to:
 reconstruct the modified session from modified communication packets including the modified packet; and   decode and presenting the modified communication session.   
     
     
         18 . The apparatus of  claim 11 , wherein the client computer communicates with the proxy server over a first Transmission Control Protocol (TCP) tunnel, wherein the proxy server communicates with the target server over a second TCP tunnel, and wherein the processor is further configured to decode at least the first TCP tunnel to correlate the first identity with the second identity. 
     
     
         19 . The apparatus of  claim 11 , wherein the proxy server comprises a HTTP proxy server. 
     
     
         20 . The apparatus of  claim 11 , wherein the proxy server operates in accordance with a SOCKS protocol.

Join the waitlist — get patent alerts

Track US2021126905A1 — get alerts on status changes and closely related new filings.

We store only your email — no account needed. See our privacy policy.