How to see full URL path in logs?

Post your questions about SoftEther VPN software here. Please answer questions if you can afford.
Post Reply
vasily
Posts: 1
Joined: Sat Sep 25, 2021 9:25 pm

How to see full URL path in logs?

Post by vasily » Sat Sep 25, 2021 9:29 pm

Hello guys, please help me. I want to see full URL path in packet log file. As for now I am just getting domains. Examples are below:

2021-09-25,20:49:58.886,SID-USER-[L2TP]-3,SID-SECURENAT-
2,CA2FC347F2E3,5ED34E629BDC,0x0800,571,TCP_DATAv4,PSH+ACK,192.168.40.10,54828,104.16.88.20,https(443),2610412907,2187798747,WindowSize=65535 HttpMethod=SSL_Connect HttpUrl=https://cdn.jsdelivr.net/ ,-,91.190.115.253(port=1701),-

2021-09-25,20:49:59.277,SID-USER-[L2TP]-3,SID-SECURENAT-2,CA2FC347F2E3,5ED34E629BDC,0x0800,571,TCP_DATAv4,PSH+ACK,192.168.40.10,59838,31.13.82.36,https(443),850941128,961478128,WindowSize=65535 HttpMethod=SSL_Connect HttpUrl=https://www.facebook.com/ ,-,91.190.115.253(port=1701),-

I need SoftEther to log full url for every website browsed.
Thanks

eddiewu
Posts: 146
Joined: Wed Nov 25, 2020 9:10 am

Re: How to see full URL path in logs?

Post by eddiewu » Sun Sep 26, 2021 1:17 am

It’s impossible as full path is encrypted.

nobody12
Posts: 84
Joined: Sat Feb 13, 2021 10:22 pm

Re: How to see full URL path in logs?

Post by nobody12 » Sun Sep 26, 2021 5:48 pm

You can be happy you see the servername. The original https specification did not allow this. But then, as IP addresses got scarce, a method called SNI was introduced to make it possible that multiple webservers can be hosted by a single IP. Therefore submitting the hostname unencrypted.

It is of course possible to see what users do, but it is out of the scope of Softether:
You need to install a transparent proxy and force all http/https traffic trough it. Add a MITM system to it, so that the proxy itself issues certificates for every site the clients visit. However, clients will only trust this proxy if you install its root certificate into the System of every client. Typically this will make sense only in a manged company network.

Post Reply