droe / sslsplit Goto Github PK
View Code? Open in Web Editor NEWTransparent SSL/TLS interception
Home Page: https://www.roe.ch/SSLsplit
License: BSD 2-Clause "Simplified" License
Transparent SSL/TLS interception
Home Page: https://www.roe.ch/SSLsplit
License: BSD 2-Clause "Simplified" License
Add an optional feature to allow SSLsplit to strip the STARTTLS flag in EHLO responses.
For a start, connection type smtp
and command line flag controlling STARTTLS stripping; later SSLsplit probably needs per-proxyspec options controlling such features.
https://www.eff.org/deeplinks/2014/11/starttls-downgrade-attacks
Depends on #40.
# uname -a
Linux raspberrypi 3.10.24+ #614 PREEMPT Thu Dec 19 20:38:42 GMT 2013 armv6l GNU/Linux
# git branch
* master
# git rev-parse HEAD
e1d8a2a96501418605dd3df686df708162b24b1d
# /home/pi/sslsplit/sslsplit -D -l connections.log -j /tmp/sslsplit/ -S logdir/ -k ca.key -c ca.crt ssl 0.0.0.0 8443 tcp 0.0.0.0 8080
Generated RSA key for leaf certs.
SSLsplit 0.4.7-42-ge1d8a2a (built 2014-01-14)
Copyright (c) 2009-2014, Daniel Roethlisberger <[email protected]>
http://www.roe.ch/SSLsplit
Features: -DDISABLE_SSLV2_SESSION_CACHE -DHAVE_NETFILTER
NAT engines: netfilter* tproxy
netfilter: IP_TRANSPARENT SOL_IPV6 !IPV6_ORIGINAL_DST
compiled against OpenSSL 1.0.1e 11 Feb 2013 (1000105f)
rtlinked against OpenSSL 1.0.1e 11 Feb 2013 (1000105f)
TLS Server Name Indication (SNI) supported
OpenSSL is thread-safe with THREADID
Using SSL_MODE_RELEASE_BUFFERS
Using direct access workaround when loading certs
SSL/TLS algorithm availability: RSA DSA ECDSA DH ECDH EC
OpenSSL option availability: SSL_OP_NO_COMPRESSION SSL_OP_NO_TICKET SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION SSL_OP_TLS_ROLLBACK_BUG
compiled against libevent 2.0.19-stable
rtlinked against libevent 2.0.19-stable
1 CPU cores detected
proxyspecs:
- [0.0.0.0]:8080 tcp plain netfilter
- [0.0.0.0]:8443 ssl plain netfilter
Loaded CA: '/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd'
Using libevent backend 'epoll'
Event base supports: edge yes, O(1) yes, anyfd no
Inserted events:
0x5d240 [fd 7] Read Persist
0x5e1cc [fd 8] Read Persist
0x5f98c [fd 9] Read Persist
0x5d130 [fd 6] Read Persist
0x5df98 [fd 3] Signal Persist
0x5fb48 [fd 1] Signal Persist
0x5fc28 [fd 2] Signal Persist
0x5fd08 [fd 13] Signal Persist
Failed to start thread manager
# /home/pi/sslsplit/sslsplit -V
SSLsplit 0.4.7-42-ge1d8a2a (built 2014-01-14)
Copyright (c) 2009-2014, Daniel Roethlisberger <[email protected]>
http://www.roe.ch/SSLsplit
Features: -DDISABLE_SSLV2_SESSION_CACHE -DHAVE_NETFILTER
NAT engines: netfilter* tproxy
netfilter: IP_TRANSPARENT SOL_IPV6 !IPV6_ORIGINAL_DST
compiled against OpenSSL 1.0.1e 11 Feb 2013 (1000105f)
rtlinked against OpenSSL 1.0.1e 11 Feb 2013 (1000105f)
TLS Server Name Indication (SNI) supported
OpenSSL is thread-safe with THREADID
Using SSL_MODE_RELEASE_BUFFERS
Using direct access workaround when loading certs
SSL/TLS algorithm availability: RSA DSA ECDSA DH ECDH EC
OpenSSL option availability: SSL_OP_NO_COMPRESSION SSL_OP_NO_TICKET SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION SSL_OP_TLS_ROLLBACK_BUG
compiled against libevent 2.0.19-stable
rtlinked against libevent 2.0.19-stable
1 CPU cores detected
# gdb --args /home/pi/sslsplit/sslsplit -D -l connections.log -j /tmp/sslsplit/ -S logdir/ -k ca.key -c ca.crt ssl 0.0.0.0 8443 tcp 0.0.0.0 8080
GNU gdb (GDB) 7.4.1-debian
Copyright (C) 2012 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "arm-linux-gnueabihf".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /home/pi/sslsplit/sslsplit...done.
(gdb) r
Starting program: /home/pi/sslsplit/sslsplit -D -l connections.log -j /tmp/sslsplit/ -S logdir/ -k ca.key -c ca.crt ssl 0.0.0.0 8443 tcp 0.0.0.0 8080
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/arm-linux-gnueabihf/libthread_db.so.1".
Program received signal SIGILL, Illegal instruction.
0xb6e5a5e0 in ?? () from /usr/lib/arm-linux-gnueabihf/libcrypto.so.1.0.0
(gdb) c
Continuing.
Cannot access memory at address 0x0
Program received signal SIGILL, Illegal instruction.
0xb6e5a5e8 in ?? () from /usr/lib/arm-linux-gnueabihf/libcrypto.so.1.0.0
(gdb) c
Continuing.
Cannot access memory at address 0x0
Warning: not seeding OpenSSL RAND due to PURITY!
Generated RSA key for leaf certs.
SSLsplit 0.4.7-42-ge1d8a2a-dirty (built 2014-01-14)
Copyright (c) 2009-2014, Daniel Roethlisberger <[email protected]>
http://www.roe.ch/SSLsplit
Features: -DDISABLE_SSLV2_SESSION_CACHE -DPURIFY -DDEBUG_PROXY -DDEBUG_CERTIFICATE -DDEBUG_SESSION_CACHE -DDEBUG_SNI_PARSER -DDEBUG_THREAD -DHAVE_NETFILTER
NAT engines: netfilter* tproxy
netfilter: IP_TRANSPARENT SOL_IPV6 !IPV6_ORIGINAL_DST
compiled against OpenSSL 1.0.1e 11 Feb 2013 (1000105f)
rtlinked against OpenSSL 1.0.1e 11 Feb 2013 (1000105f)
TLS Server Name Indication (SNI) supported
OpenSSL is thread-safe with THREADID
Using SSL_MODE_RELEASE_BUFFERS
Using direct access workaround when loading certs
SSL/TLS algorithm availability: RSA DSA ECDSA DH ECDH EC
OpenSSL option availability: SSL_OP_NO_COMPRESSION SSL_OP_NO_TICKET SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION SSL_OP_TLS_ROLLBACK_BUG
compiled against libevent 2.0.19-stable
rtlinked against libevent 2.0.19-stable
1 CPU cores detected
proxyspecs:
- [0.0.0.0]:8080 tcp plain netfilter
- [0.0.0.0]:8443 ssl plain netfilter
Loaded CA: '/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd'
Certificate:
<snip>
-----BEGIN CERTIFICATE-----
<snip>
-----END CERTIFICATE-----
Using libevent backend 'epoll'
Event base supports: edge yes, O(1) yes, anyfd no
[New Thread 0xb6bd7470 (LWP 30094)]
[New Thread 0xb63d7470 (LWP 30095)]
[New Thread 0xb5bd7470 (LWP 30096)]
Failed to start thread manager
[Thread 0xb6bd7470 (LWP 30094) exited]
[Thread 0xb63d7470 (LWP 30095) exited]
[Thread 0xb5bd7470 (LWP 30096) exited]
[Inferior 1 (process 30091) exited normally]
I got a "Failed to open '$Filepath': No such file or directory" on log.c line 274 when running sslsplit even with sudo permissions. Anyone similare problems? OS: Fedora Core 19
Please alias -? to -h, I can never remember which to use with which apps.
When using -j
explicitly or implicitly by running as root, proxyspecs using sni
seem to fail to resolve hostnames within the chroot on some systems (e.g. Mac OS X). One possible fix is be to remove implicit chroot() and add a warning to the -j
documentation that name resolution might not work within a chroot.
Hi,
i try to use sslsplit to passthrough ssl connections like a transparent proxy without intercepting. For that i use the following syntax but i'm always getting a segmentation fault. When providing -k and -c it works - but with intercepting ssl. is there a way to use sslsplit to just passthrough all connections?
Thank you!
sslsplit -S /tmp/ https 0.0.0.0 443 sni 443 -D -t /etc/mypki/targets/ -P
Generated RSA key for leaf certs.
SSLsplit 0.4.5-9-g7114487 (built 2013-05-25)
Copyright (c) 2009-2012, Daniel Roethlisberger [email protected]
http://www.roe.ch/SSLsplit
Features: -DDISABLE_SSLV2_SESSION_CACHE -DHAVE_NETFILTER
NAT engines: netfilter* tproxy
netfilter: IP_TRANSPARENT SOL_IPV6 !IPV6_ORIGINAL_DST
compiled against OpenSSL 1.0.1e 11 Feb 2013 (1000105f)
rtlinked against OpenSSL 1.0.1e 11 Feb 2013 (1000105f)
TLS Server Name Indication (SNI) supported
OpenSSL is thread-safe with THREADID
Using direct access workaround when loading certs
SSL/TLS algorithm availability: RSA DSA ECDSA DH ECDH EC
OpenSSL option availability: SSL_OP_NO_COMPRESSION SSL_OP_NO_TICKET SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION SSL_OP_TLS_ROLLBACK_BUG
compiled against libevent 2.0.19-stable
rtlinked against libevent 2.0.19-stable
2 CPU cores detected
proxyspecs:
No CA loaded.
Using libevent backend 'epoll'
Event base supports: edge yes, O(1) yes, anyfd no
Started 4 connection handling threads
Inserted events:
0x1b07500 [fd 6] Read Persist
0x1b0b510 [fd 27] Read Persist
0x1b07338 [fd 5] Read Persist
0x1b0b5e0 [fd 3] Signal Persist
0x1b0b8b0 [fd 1] Signal Persist
0x1b0ba20 [fd 2] Signal Persist
0x1b0bb90 [fd 13] Signal Persist
Targets for '/etc/mypki/targets/server.pem': 'www.myside.de'
Starting main event loop.
SNI peek: [n/a] [complete]
No target address; aborting connection
SNI peek: [accounts.google.com] [complete]
===> Original server certificate:
Segmentation fault
Hello,
i´ve tried several Options:
sudo sslsplit -D -l connections.log -j /tmp/sslsplit/ -S logdir/ -k ca.key -c ca.crt ssl 0.0.0.0 8443 tcp 0.0.0.0 8080 and also the minimized Version:
sudo sslsplit -D -k ca.key -c ca.crt -P https 0.0.0.0 8443
After Setting up my iptables, and try to connect to a SSL Site i read These Messages:
"kali@ip-X-X-X-X:~$ sudo sslsplit -D -k ca.key -c ca.crt -P https 0.0.0.0 8443
Generated RSA key for leaf certs.
SSLsplit 0.4.6 (built 2013-06-06)
Copyright (c) 2009-2013, Daniel Roethlisberger [email protected]
http://www.roe.ch/SSLsplit
Features: -DDISABLE_SSLV2_SESSION_CACHE -DHAVE_NETFILTER
NAT engines: netfilter* tproxy
netfilter: IP_TRANSPARENT SOL_IPV6 !IPV6_ORIGINAL_DST
compiled against OpenSSL 1.0.1e 11 Feb 2013 (1000105f)
rtlinked against OpenSSL 1.0.1e 11 Feb 2013 (1000105f)
TLS Server Name Indication (SNI) supported
OpenSSL is thread-safe with THREADID
Using direct access workaround when loading certs
SSL/TLS algorithm availability: RSA DSA ECDSA DH ECDH EC
OpenSSL option availability: SSL_OP_NO_COMPRESSION SSL_OP_NO_TICKET SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION SSL_OP_TLS_ROLLBACK_BUG
compiled against libevent 2.0.19-stable
rtlinked against libevent 2.0.19-stable
1 CPU cores detected
proxyspecs:
My IPTables:
kali@ip-X-X-X-X:~$ sudo iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
REDIRECT tcp -- anywhere anywhere tcp dpt:http redir ports 8080
REDIRECT tcp -- anywhere anywhere tcp dpt:https redir ports 8443
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source Destination
net.ipv4.ip_forward = 1
Version:
Amazon EC2 Kali (1.0.6), and virtual installed on local Virtualbox from 1.0.6 CD Image
Thanks in advance
I'm running BackTrack 5 R3 and trying to compile it.
I'm having an error about libevent. I tried updating it and currently libevent is in the newest version (apt-get).
When trying to compile SSLSplit I get the following error:
root@bt:~/sslsplit# make
GNUmakefile:175: *** dependency 'libevent 2.x' not found; install it or point LIBEVENT_BASE to base path. Stop.
libevent is at '/usr/lib/libevent.a', and I have no idea how to set LIBEVENT_BASE appropriately. I tried this:
root@bt:/sslsplit# LIBEVENT_BASE=/usr/lib/libevent.a/sslsplit# make
root@bt:
GNUmakefile:175: *** dependency 'libevent 2.x' not found; install it or point LIBEVENT_BASE to base path. Stop.
any idea what I am doing wrong?
I suggest to reuse a higher level build system than your current make file so that powerful checks for software features will become easier.
SSLsplit currently logs both CN and all subjectAltName attributes of type DNS. It should filter out duplicates and simply log all names the certificate is valid for, preserving order (CN first).
Implement some flexible and configurable (or even scriptable) way to make modifications to requests and/or responses and possibly allow regex based inclusion/exclusion of certain requests by header matching (client fingerprinting).
Hi,
I get the following error when I try to compile on mac os x.
Please help...
base64.t.c:73: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘attribute’ before ‘START_TEST’
base64.t.c:86: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘attribute’ before ‘START_TEST’
base64.t.c:99: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘attribute’ before ‘START_TEST’
base64.t.c:112: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘attribute’ before ‘START_TEST’
base64.t.c:125: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘attribute’ before ‘START_TEST’
base64.t.c:138: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘attribute’ before ‘START_TEST’
base64.t.c:151: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘attribute’ before ‘START_TEST’
base64.t.c:164: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘attribute’ before ‘START_TEST’
base64.t.c:177: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘attribute’ before ‘START_TEST’
base64.t.c:190: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘attribute’ before ‘START_TEST’
base64.t.c:203: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘attribute’ before ‘START_TEST’
base64.t.c:213: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘attribute’ before ‘START_TEST’
base64.t.c:223: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘attribute’ before ‘START_TEST’
base64.t.c:233: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘attribute’ before ‘START_TEST’
base64.t.c:243: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘attribute’ before ‘START_TEST’
base64.t.c:253: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘attribute’ before ‘START_TEST’
base64.t.c:263: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘attribute’ before ‘START_TEST’
base64.t.c:273: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘attribute’ before ‘START_TEST’
base64.t.c:283: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘attribute’ before ‘START_TEST’
base64.t.c:293: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘attribute’ before ‘START_TEST’
base64.t.c:303: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘attribute’ before ‘START_TEST’
base64.t.c:316: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘attribute’ before ‘Suite’
CRL denial based on targetdir cert's CDPs or by identifying CRL ASN.1 on the content level.
When using sslsplit
with OpenSSL 1.0.0a, it sometimes drops connections to some servers with the following errors:
sslsplit: Error from bufferevent: 0:- 336142611:275:serverhello tlsext:20:SSL routines:146:SSL3_GET_SERVER_HELLO
sslsplit: Additional SSL error: 336691357:157:tls invalid ecpointformat list:20:SSL routines:280:SSL_CHECK_SERVERHELLO_TLSEXT
Sslsplit installed just fine and also starts without any issue.
When I hit enter on the client browser it goes:
....
....
Connecting to [192.168.1.10]:8080
Connecting to [192.168.1.10]:8080
Error 24 on listener: Too many open files
Main event loop stopped.
Error from bufferevent: 104:Connection reset by peer 0:0:-:0:-:0:-
Segmentation fault (core dumped)
The "connecting to IP" line repeats several times.
sslsplit -V:
SSLsplit 0.4.8-10-g85b177f (built 2014-10-01)
Copyright (c) 2009-2014, Daniel Roethlisberger [email protected]
http://www.roe.ch/SSLsplit
Features: -DDISABLE_SSLV2_SESSION_CACHE -DHAVE_NETFILTER
NAT engines: netfilter* tproxy
netfilter: IP_TRANSPARENT SOL_IPV6 !IPV6_ORIGINAL_DST
compiled against OpenSSL 1.0.1f 6 Jan 2014 (1000106f)
rtlinked against OpenSSL 1.0.1f 6 Jan 2014 (1000106f)
TLS Server Name Indication (SNI) supported
OpenSSL is thread-safe with THREADID
Using SSL_MODE_RELEASE_BUFFERS
SSL/TLS algorithm availability: RSA DSA ECDSA DH ECDH EC
OpenSSL option availability: SSL_OP_NO_COMPRESSION SSL_OP_NO_TICKET SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION SSL_OP_TLS_ROLLBACK_BUG
compiled against libevent 2.0.21-stable
rtlinked against libevent 2.0.21-stable
2 CPU cores detected
Not sure what I'm doing wrong here.
Thx.
Daemon mode (-d
) does not seem to work properly under unspecified circumstances on OpenBSD 5.0. Might be a bug in libevent.
SSLsplit 0.4.4-17-g6106940 (built 2012-08-06)
Copyright (c) 2009-2012, Daniel Roethlisberger <[email protected]>
http://www.roe.ch/SSLsplit
Features: -DDISABLE_SSLV2_SESSION_CACHE -DHAVE_PF
NAT engines: pf*
compiled against OpenSSL 1.0.0a 1 Jun 2010 (1000001f)
rtlinked against OpenSSL 1.0.0a 1 Jun 2010 (1000001f)
TLS Server Name Indication (SNI) supported
OpenSSL is thread-safe with THREADID
SSL/TLS algorithm availability: RSA DSA ECDSA DH !ECDH EC
OpenSSL option availability: SSL_OP_NO_COMPRESSION SSL_OP_NO_TICKET SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION SSL_OP_TLS_ROLLBACK_BUG
compiled against libevent 2.0.19-stable
rtlinked against libevent 2.0.19-stable
4 CPU cores detected
Needs verification.
Apple has not published Yosemite sources yet. When they do, add the 10.10 headers and build against them on Yosemite.
Loading AJAX-heavy sites through SSLsplit can cause browsers to stall completely, seemingly loading forever without any progress. I suspect this has to do with the fact that SSLsplit downgrades Connection: keep-alive
to Connection: close
and removes other headers related to performance-improving HTTP features such as chunking. SSLsplit does that in order to get nice and clean, uncompressed and unencoded, straightforward loggable and tweakable HTTP requests and responses. However, this puts a lot of strain on browsers, servers and SSLsplit itself since it causes the browser to send lots of requests at the same time. This definitely needs more investigation.
As a workaround, using ssl
proxyspecs instead of https
disables all the HTTP header munging and generally gives better performance, at the cost of reduced features (e.g. no OCSP denial, less readable logs).
SSLsplit should probably implement more of the HTTP features like chunking, pipelining etc, but this would require a major rewrite of the https connection handling code.
Hi Daniel,
Thanks for working on a very useful ssl tool.
When compiling sslsplit with the newer openssl library, I am having problems with some sites e.g. gmail (mail.google.com), where the login process suddenly stops and just hangs there.
Is there something I can do to help debug the above problem ?
Kind regards,
Jane
Dump information helpful for low-level SSL/TLS compat debugging in debug mode, such as:
Hi,
I've downloaded this tool recently and I am trying to decrypt some HTTPS pages which are passed through a proxy. My question is the following: can I sniff the traffic and decrypt it (i have the private key) and send it unencrypted through another interface for monitoring purposes?
While parsing the log there are often requests like this:
2014-04-10 15:46:59 UTC [192.168.3.132]:50126 -> [2.16.170.224]:80 (460):
GET /configurations/pep/pipeline/pipeline0.html HTTP/1.1
Host: configuration.apple.com
Connection: Keep-Alive
GET /configurations/pep/pipeline/pipeline1.html HTTP/1.1
Host: configuration.apple.com
Connection: Keep-Alive
GET /configurations/pep/pipeline/pipeline2.html HTTP/1.1
Host: configuration.apple.com
Connection: Keep-Alive
GET /configurations/pep/pipeline/pipeline3.html HTTP/1.1
Host: configuration.apple.com
Connection: Keep-Alive
The responses aren't compound like this and have seperate metadata.
Also a request counter for assigning a requests to its response whould be great.
The only solution for this I see is to compound also the responses with this connection counter.
Control SSL_OP_SINGLE_ECDH_USE
and possibly other SSL de-optimizations by a "prefer speed to security" command line option or build time knob.
Restructure and rewrite the documentation (README.md, first part of manual page and website) in order to be more clear on what SSLsplit achieves, and what not. Answer FAQ's like whether the client needs to trust the fake CA or not, what the effect of removing HPKP/HSTS headers is, and similar frequently asked questions.
I'm using "Ubuntu 14.04.1 LTS".
What protocols can sslsplit support?
Optionally add ephemeral RSA key to SSL_CTX
to allow export cipher suites, controlled by a command line switch, and probably disabled unless specifically enabled by a build knob WANT_EPHEMERAL_RSA
or some such.
http://www.openssl.org/docs/ssl/SSL_CTX_set_tmp_rsa_callback.html
Add mode to prevent browser updates. This is useful when exploiting an SSL related bug in an old browser that would go away if the browser was allowed to update itself.
Hi!
When compiling on Debian, I get the following error:
pxyconn.c: In function ‘pxy_sni_resolve_cb’:
pxyconn.c:1524:23: error: dereferencing pointer to incomplete type
pxyconn.c:1524:36: error: dereferencing pointer to incomplete type
pxyconn.c:1525:19: error: dereferencing pointer to incomplete type
pxyconn.c: In function ‘pxy_fd_readcb’:
pxyconn.c:1605:19: error: storage size of ‘hints’ isn’t known
pxyconn.c:1605:19: warning: unused variable ‘hints’ [-Wunused-variable]
The problem is that getaddrinfo()
is a POSIX.1g extension and is not available in pure C99. It may work if libevent has also been compiled with --std=c99
because struct evutil_addrinfo
will be defined as a full structure. Otherwise, it is just an alias to struct addrinfo
which is not defined in netdb.h
but still exists as an incomplete type in event2/utils.h
.
You can either compile with --std=gnu99
or with -D_POSIX_C_SOURCE=200112L
. With the later option, there are additional errors later. Moreover, compiling with --std=gnu99
almost silents out any warnings. I don't know if such a standard is portable outside of gcc.
To support STARTTLS for various protocols, WebSockets, HTTP/2 etc, the proxy core will need to be refactored to more cleanly allow for other protocols than HTTP/1.
Separate pxyconn into the following three layers:
Tasks:
Using a fresh build of 7839de3 on 32-bit Arch, this happens:
$ sudo iptables-save
# Generated by iptables-save v1.4.20 on Sat Jan 4 18:51:01 2014
*nat
:PREROUTING ACCEPT [389:57605]
:INPUT ACCEPT [334:21574]
:OUTPUT ACCEPT [1121:67319]
:POSTROUTING ACCEPT [1327:83441]
-A PREROUTING -i vboxnet0 -p tcp -m tcp --dport 443 -j REDIRECT --to-ports 8080
$ sslsplit -D -c ~/.mitmproxy/mitmproxy-ca.pem -S logs ssl 0.0.0.0 8080 netfilter
Generated RSA key for leaf certs.
SSLsplit 0.4.7-11-g7839de3 (built 2014-01-04)
Copyright (c) 2009-2013, Daniel Roethlisberger <[email protected]>
http://www.roe.ch/SSLsplit
Features: -DDISABLE_SSLV2_SESSION_CACHE -DHAVE_NETFILTER
NAT engines: netfilter* tproxy
netfilter: IP_TRANSPARENT SOL_IPV6 !IPV6_ORIGINAL_DST
compiled against OpenSSL 1.0.1e 11 Feb 2013 (1000105f)
rtlinked against OpenSSL 1.0.1e 11 Feb 2013 (1000105f)
TLS Server Name Indication (SNI) supported
OpenSSL is thread-safe with THREADID
Using direct access workaround when loading certs
SSL/TLS algorithm availability: RSA DSA ECDSA DH ECDH EC
OpenSSL option availability: SSL_OP_NO_COMPRESSION SSL_OP_NO_TICKET SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION SSL_OP_TLS_ROLLBACK_BUG
compiled against libevent 2.0.21-stable
rtlinked against libevent 2.0.21-stable
2 CPU cores detected
proxyspecs:
- [0.0.0.0]:8080 ssl plain netfilter
Loaded CA: '/CN=mitmproxy/O=mitmproxy'
Using libevent backend 'epoll'
Event base supports: edge yes, O(1) yes, anyfd no
Inserted events:
0x999ff68 [fd 6] Read Persist
0x99a00d4 [fd 7] Read Persist
0x999fe58 [fd 5] Read Persist
0x999ffb8 [fd 3] Signal Persist
0x999f5b0 [fd 1] Signal Persist
0x99a02c8 [fd 2] Signal Persist
0x99a03a8 [fd 13] Signal Persist
Initialized 4 connection handling threads
Started 4 connection handling threads
Starting main event loop.
SNI peek: [n/a] [complete]
Segmentation fault (core dumped)
Between the third and second last lines, I entered https://www.google.com in IE8 running in a Windows XP VM, thus causing a connection. Going by wireshark, the segfault is in whatever happens between receiving a Client Hello and sending anything back whatsoever.
Running with GDB attached, same output from sslsplit, and once in gdb:
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0xb6b38b40 (LWP 23983)]
0xb7bdafd6 in __strlen_sse2_bsf () from /usr/lib/libc.so.6
(gdb) bt
#0 0xb7bdafd6 in __strlen_sse2_bsf () from /usr/lib/libc.so.6
#1 0x080554ab in cachedsess_mkkey (addr=addr@entry=0x807a110, addrlen=128, sni=0x0) at cachedsess.c:211
#2 0x08055f3e in pxy_dstssl_create (ctx=0x807a0a8) at pxyconn.c:839
#3 pxy_conn_connect (ctx=ctx@entry=0x807a0a8) at pxyconn.c:1635
#4 0x080566bb in pxy_fd_readcb (fd=40, what=2, arg=0x807a0a8) at pxyconn.c:1783
#5 0xb7d33314 in event_base_loop () from /usr/lib/libevent-2.0.so.5
#6 0xb7d340c3 in event_base_dispatch () from /usr/lib/libevent-2.0.so.5
#7 0x08053bfc in pxy_thrmgr_thr (arg=0x8073fe8) at pxythrmgr.c:86
#8 0xb7d0ff10 in start_thread () from /usr/lib/libpthread.so.0
#9 0xb7c44dfe in clone () from /usr/lib/libc.so.6
(gdb) info threads
Id Target Id Frame
7 Thread 0xb4dffb40 (LWP 23986) "sslsplit" 0xb7fdd424 in __kernel_vsyscall ()
6 Thread 0xb57ffb40 (LWP 23985) "sslsplit" 0xb7fdd424 in __kernel_vsyscall ()
5 Thread 0xb61ffb40 (LWP 23984) "sslsplit" 0xb7fdd424 in __kernel_vsyscall ()
* 4 Thread 0xb6b38b40 (LWP 23983) "sslsplit" 0xb7bdafd6 in __strlen_sse2_bsf () from /usr/lib/libc.so.6
3 Thread 0xb7339b40 (LWP 23982) "sslsplit" 0xb7fdd424 in __kernel_vsyscall ()
2 Thread 0xb7b3ab40 (LWP 23981) "sslsplit" 0xb7fdd424 in __kernel_vsyscall ()
1 Thread 0xb7b3b700 (LWP 23977) "sslsplit" 0xb7fdd424 in __kernel_vsyscall ()
With sni 443
instead of netfilter
there's no segfault but not much usefulness either since my target doesn't support SNI.
Comment by @exvance moved from #10 to new issue:
I don't know if my issue is the same as this one. It doesn't seem to matter whether or not I use the -j option.
sslsplit -D -l connections.log -k ca.key -c ca.crt ssl 0.0.0.0 8443
Generated RSA key for leaf certs.
SSLsplit (built 2013-11-29)
Copyright (c) 2009-2013, Daniel Roethlisberger [email protected]
http://www.roe.ch/SSLsplit
Features: -DDISABLE_SSLV2_SESSION_CACHE -DHAVE_NETFILTER
NAT engines: netfilter*
netfilter: !IP_TRANSPARENT SOL_IPV6 !IPV6_ORIGINAL_DST
compiled against OpenSSL 1.0.1e 11 Feb 2013 (1000105f)
rtlinked against OpenSSL 1.0.1c 10 May 2012 (1000103f)
TLS Server Name Indication (SNI) supported
OpenSSL is not thread-safe
Using direct access workaround when loading certs
SSL/TLS algorithm availability: RSA DSA !ECDSA DH !ECDH !EC
OpenSSL option availability: SSL_OP_NO_COMPRESSION SSL_OP_NO_TICKET SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION SSL_OP_TLS_ROLLBACK_BUG
compiled against libevent 2.0.19-stable
rtlinked against libevent 2.0.19-stable
1 CPU cores detected
proxyspecs:
[0.0.0.0]:8443 ssl plain netfilter Loaded CA: '/C=US/ST=aa/L=aa/O=aa/OU=ssl/CN=aaaaa.com/emailAddress=aaaa' Using libevent backend 'epoll' Event base supports: edge yes, O(1) yes, anyfd no Inserted events: 0x888e48 [fd 7] Read Persist 0x887a34 [fd 8] Read Persist 0x888d38 [fd 6] Read Persist 0x889a30 [fd 3] Signal Persist 0x889b50 [fd 1] Signal Persist 0x889be0 [fd 2] Signal Persist 0x889c70 [fd 13] Signal Persist Failed to start thread manager
But then if I go back to version 0.4.6-1 it starts fine....but then I get the segmentation fault when I try to connect to port 8443 with telnet.
I get the following error when I try to read traffic from the Android App sayhey.
Error from bufferevent: 0:- 336109761:193:no shared cipher:20:SSL
I use the Kali Linux with fully updated system.
The App gets no connection.
Generated RSA key for leaf certs.
SSLsplit 0.4.8-10-g85b177f (built 2014-09-02)
Copyright (c) 2009-2014, Daniel Roethlisberger <[email protected]>
http://www.roe.ch/SSLsplit
Features: -DDISABLE_SSLV2_SESSION_CACHE -DHAVE_NETFILTER
NAT engines: netfilter* tproxy
netfilter: IP_TRANSPARENT SOL_IPV6 !IPV6_ORIGINAL_DST
compiled against OpenSSL 1.0.1e 11 Feb 2013 (1000105f)
rtlinked against OpenSSL 1.0.1e 11 Feb 2013 (1000105f)
TLS Server Name Indication (SNI) supported
OpenSSL is thread-safe with THREADID
Using SSL_MODE_RELEASE_BUFFERS
Using direct access workaround when loading certs
SSL/TLS algorithm availability: RSA DSA ECDSA DH ECDH EC
OpenSSL option availability: SSL_OP_NO_COMPRESSION SSL_OP_NO_TICKET SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION SSL_OP_TLS_ROLLBACK_BUG
compiled against libevent 2.0.19-stable
rtlinked against libevent 2.0.21-stable
4 CPU cores detected
proxyspecs:
- [0.0.0.0]:1025 tcp plain netfilter
- [0.0.0.0]:1050 ssl plain netfilter
- [0.0.0.0]:8443 ssl http netfilter
- [0.0.0.0]:8080 tcp http netfilter
Loaded CA: '/C=PortSwigger/ST=PortSwigger/L=PortSwigger/O=PortSwigger/OU=PortSwigger CA/CN=PortSwigger CA'
Using libevent backend 'epoll'
Event base supports: edge yes, O(1) yes, anyfd no
Inserted events:
0x1056460 [fd 8] Read Persist
0x1055fb0 [fd 9] Read Persist
0x1057540 [fd 10] Read Persist
0x1059190 [fd 11] Read Persist
0x1059250 [fd 12] Read Persist
0x1056298 [fd 7] Read Persist
0x10592e0 [fd 3] Signal Persist
0x1059520 [fd 1] Signal Persist
0x1059650 [fd 2] Signal Persist
0x1059780 [fd 13] Signal Persist
Initialized 8 connection handling threads
Started 8 connection handling threads
Starting main event loop.
SNI peek: [n/a] [complete]
Connecting to [85.88.17.243]:1235
SNI peek: [n/a] [complete]
Connecting to [85.88.17.243]:1235
===> Original server certificate:
Subject DN: /CN=foo.ssms.de
Common Names: foo.ssms.de
Fingerprint: 60:de:90:74:97:78:79:30:7b:5b:fb:c3:0d:36:d5:35:6f:04:bb:ab
Certificate cache: MISS
===> Forged server certificate:
Subject DN: /CN=foo.ssms.de
Common Names: foo.ssms.de
Fingerprint: 67:20:4e:97:d5:a6:14:40:30:7b:20:86:bc:5a:4f:7d:a3:aa:26:f9
ssl [192.168.3.131]:37806 [85.88.17.243]:1235 sni:- crt:foo.ssms.de origcrt:foo.ssms.de
Error from bufferevent: 0:- 336109761:193:no shared cipher:20:SSL routines:138:SSL3_GET_CLIENT_HELLO
SSL_free() in state 00002112 = SSL_ST_ACCEPT|0112 = 3RCH_C (SSLv3 read client hello C) [accept socket]
SSL_free() in state 00000003 = 0003 = SSLOK (SSL negotiation finished successfully) [connect socket]
===> Original server certificate:
Subject DN: /CN=foo.ssms.de
Common Names: foo.ssms.de
Fingerprint: 60:de:90:74:97:78:79:30:7b:5b:fb:c3:0d:36:d5:35:6f:04:bb:ab
Certificate cache: HIT
===> Forged server certificate:
Subject DN: /CN=foo.ssms.de
Common Names: foo.ssms.de
Fingerprint: 67:20:4e:97:d5:a6:14:40:30:7b:20:86:bc:5a:4f:7d:a3:aa:26:f9
ssl [192.168.3.131]:37807 [85.88.17.243]:1235 sni:- crt:foo.ssms.de origcrt:foo.ssms.de
Error from bufferevent: 0:- 336109761:193:no shared cipher:20:SSL routines:138:SSL3_GET_CLIENT_HELLO
SSL_free() in state 00002112 = SSL_ST_ACCEPT|0112 = 3RCH_C (SSLv3 read client hello C) [accept socket]
SSL_free() in state 00000003 = 0003 = SSLOK (SSL negotiation finished successfully) [connect socket]
SNI peek: [n/a] [complete]
Connecting to [74.125.230.101]:443
...
Hello,
when I try to run sslsplit (having libssl-dev and libevent-dev installed,generating self-signed certificates and using port forwarding before this) I get the following error:
Inserted events:
0x9a01148 [fd 7] Read Persist
0x9a0291c [fd 8] Read Persist
0x9a01038 [fd 6] Read Persist
0x9a02968 [fd 3] Signal Persist
0x9a02ad0 [fd 1] Signal Persist
0x9a02bb0 [fd 2] Signal Persist
0x9a02c90 [fd 13] Signal Persist
Failed to start thread manager
Segmentation fault
I'm using:
./sslsplit -D -l connections.log -j /tmp/sslsplit/ -S logdir/ -k ca.key -c ca.crt ssl 0.0.0.0 9000
on the command line.
Could this be a resurfacing of previously reported bug (issue #9)?
Thank you
When trying to run on my mips32 router I get this. Any idea what i am doing wrong ?
./sslsplit -D -k ca.key -c ca.crt ssl 0.0.0.0 8543
Generated RSA key for leaf certs.
SSLsplit 0.4.7 (built 2014-01-04)
Copyright (c) 2009-2013, Daniel Roethlisberger <[email protected]>
http://www.roe.ch/SSLsplit
Features: -DDISABLE_SSLV2_SESSION_CACHE -DHAVE_NETFILTER
NAT engines: netfilter* tproxy
netfilter: IP_TRANSPARENT !SOL_IPV6 !IPV6_ORIGINAL_DST
compiled against OpenSSL 1.0.1e 11 Feb 2013 (1000105f)
rtlinked against OpenSSL 1.0.1e 11 Feb 2013 (1000105f)
TLS Server Name Indication (SNI) supported
OpenSSL is thread-safe with THREADID
Using direct access workaround when loading certs
SSL/TLS algorithm availability: RSA DSA ECDSA DH ECDH EC
OpenSSL option availability: SSL_OP_NO_COMPRESSION SSL_OP_NO_TICKET SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION SSL_OP_TLS_ROLLBACK_BUG
compiled against libevent 2.0.21-stable
rtlinked against libevent 2.0.21-stable
1 CPU cores detected
proxyspecs:
- [0.0.0.0]:8543 ssl plain netfilter
Loaded CA: '/C=US/ST=Some-State/O=test'
Using libevent backend 'poll'
Event base supports: edge no, O(1) no, anyfd yes
./sslsplit: failed to init log facility.
Logging to syslog seems to be broken in daemon mode in latest master.
This is actually harder than it looks because if sslsplit drops privs or does a chroot()
, we cannot re-open log files that we might not have access to anymore. The complete solution would be a two-process architecture where the parent process keeps running under root and outside of chroot()
, communicating over a unix domain socket with the child, providing log file opening and other privileged services to the low-privileged process. This would have the side-effect of cleaning up the mess that is main()
and all the pre-init / init functions.
Add per-proxyspec options facility to control content mangling features such as OCSP denial, HTTP header removal, HTTP downgrade to 1.0, STARTTLS removal (#57) or similar features. Possibly also extend this to TLS related options such as pass-through mode.
sslsplit starts up, detects a few packets and crashes immediately.
The nat engine being used is pf, on OSX Mavericks.
These changes were made to sslsplit in order to get it running on Mavericks. I'm also attaching a git diff below.
diff --git a/nat.c b/nat.c
index b92adb8..d4cffbb 100644
--- a/nat.c
+++ b/nat.c
@@ -131,17 +131,17 @@ nat_pf_lookup_cb(struct sockaddr *dst_addr, socklen_t *dst_addrlen,
struct sockaddr_in *src_sai = (struct sockaddr_in *)src_addr;
struct sockaddr_in *our_sai = (struct sockaddr_in *)&our_addr;
nl.saddr.v4.s_addr = src_sai->sin_addr.s_addr;
- nl.sport = src_sai->sin_port;
+ nl.sxport.port = src_sai->sin_port;
nl.daddr.v4.s_addr = our_sai->sin_addr.s_addr;
- nl.dport = our_sai->sin_port;
+ nl.dxport.port = our_sai->sin_port;
}
if (nl.af == AF_INET6) {
struct sockaddr_in6 *src_sai = (struct sockaddr_in6 *)src_addr;
struct sockaddr_in6 *our_sai = (struct sockaddr_in6 *)&our_addr;
memcpy(&nl.saddr.v6.s6_addr, &src_sai->sin6_addr.s6_addr, 16);
- nl.sport = src_sai->sin6_port;
+ nl.sxport.port = src_sai->sin6_port;
memcpy(&nl.daddr.v6.s6_addr, &our_sai->sin6_addr.s6_addr, 16);
- nl.dport = our_sai->sin6_port;
+ nl.dxport.port = our_sai->sin6_port;
}
nl.proto = IPPROTO_TCP;
nl.direction = PF_OUT;
@@ -154,7 +154,7 @@ nat_pf_lookup_cb(struct sockaddr *dst_addr, socklen_t *dst_addrlen,
return -1;
}
- if ((nl.dport == nl.rdport) &&
+ if ((nl.dxport.port == nl.rdxport.port) &&
((nl.af == AF_INET && nl.daddr.v4.s_addr == nl.rdaddr.v4.s_addr) ||
(nl.af == AF_INET6 &&
!memcmp(nl.daddr.v6.s6_addr, nl.rdaddr.v6.s6_addr, 16)))) {
@@ -167,7 +167,7 @@ nat_pf_lookup_cb(struct sockaddr *dst_addr, socklen_t *dst_addrlen,
struct sockaddr_in *dst_sai = (struct sockaddr_in *)dst_addr;
memset(dst_sai, 0, sizeof(struct sockaddr_in));
dst_sai->sin_addr.s_addr = nl.rdaddr.v4.s_addr;
- dst_sai->sin_port = nl.rdport;
+ dst_sai->sin_port = nl.rdxport.port;
dst_sai->sin_family = nl.af;
*dst_addrlen = sizeof(struct sockaddr_in);
}
@@ -175,7 +175,7 @@ nat_pf_lookup_cb(struct sockaddr *dst_addr, socklen_t *dst_addrlen,
struct sockaddr_in6 *dst_sai = (struct sockaddr_in6 *)dst_addr;
memset(dst_sai, 0, sizeof(struct sockaddr_in6));
memcpy(dst_sai->sin6_addr.s6_addr, nl.rdaddr.v6.s6_addr, 16);
- dst_sai->sin6_port = nl.rdport;
+ dst_sai->sin6_port = nl.rdxport.port;
dst_sai->sin6_family = nl.af;
*dst_addrlen = sizeof(struct sockaddr_in6);
}
Below is the output for the command sslsplit -V
./sslsplit -V
SSLsplit 0.4.7-16-ga0bf21b-dirty (built 2014-01-08)
Copyright (c) 2009-2014, Daniel Roethlisberger <[email protected]>
http://www.roe.ch/SSLsplit
Features: -DDISABLE_SSLV2_SESSION_CACHE -DHAVE_PF -DHAVE_IPFW -DHAVE_IPFW
NAT engines: pf* ipfw
compiled against OpenSSL 1.0.1e 11 Feb 2013 (1000105f)
rtlinked against OpenSSL 1.0.1e 11 Feb 2013 (1000105f)
TLS Server Name Indication (SNI) supported
OpenSSL is thread-safe with THREADID
Using direct access workaround when loading certs
SSL/TLS algorithm availability: RSA DSA ECDSA DH ECDH EC
OpenSSL option availability: SSL_OP_NO_COMPRESSION SSL_OP_NO_TICKET SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION SSL_OP_TLS_ROLLBACK_BUG
compiled against libevent 2.0.21-stable
rtlinked against libevent 2.0.21-stable
4 CPU cores detected
The response to a uname -a
Darwin DDVMACAMITCHO 13.0.1 Darwin Kernel Version 13.0.1: Thu Sep 19 19:30:57 PDT 2013; root:xnu-2422.50.20~2/RELEASE_X86_64 x86_64
Please find attached some Debug information.
Current executable set to './sslsplit' (x86_64).
(lldb) r -D -l connections.log -j /tmp/sslsplit -S logdir/ -k ./ca.key -c ./ca.crt https 0.0.0.0 8081 ssl 0.0.0.0 8080 pf
Process 41327 launched: './sslsplit' (x86_64)
Generated RSA key for leaf certs.
SSLsplit 0.4.7-16-ga0bf21b-dirty (built 2014-01-08)
Copyright (c) 2009-2014, Daniel Roethlisberger <[email protected]>
http://www.roe.ch/SSLsplit
Features: -DDISABLE_SSLV2_SESSION_CACHE -DHAVE_PF -DHAVE_IPFW -DHAVE_IPFW
NAT engines: pf* ipfw
compiled against OpenSSL 1.0.1e 11 Feb 2013 (1000105f)
rtlinked against OpenSSL 1.0.1e 11 Feb 2013 (1000105f)
TLS Server Name Indication (SNI) supported
OpenSSL is thread-safe with THREADID
Using direct access workaround when loading certs
SSL/TLS algorithm availability: RSA DSA ECDSA DH ECDH EC
OpenSSL option availability: SSL_OP_NO_COMPRESSION SSL_OP_NO_TICKET SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION SSL_OP_TLS_ROLLBACK_BUG
compiled against libevent 2.0.21-stable
rtlinked against libevent 2.0.21-stable
4 CPU cores detected
proxyspecs:
- [0.0.0.0]:8080 ssl plain pf
- [0.0.0.0]:8081 ssl http pf
Loaded CA: '/C=IN/ST=HR/L=Gur/O=Dir/OU=SE/CN=JVD/[email protected]'
NAT engine preinit 'pf'
Using libevent backend 'kqueue'
Event base supports: edge yes, O(1) yes, anyfd yes
NAT engine init 'pf'
Inserted events:
0x100401278 [fd 18] Read Persist
0x100401890 [fd 20] Read Persist
0x1004019a0 [fd 21] Read Persist
0x100401a70 [fd 3] Signal Persist
0x100401c50 [fd 1] Signal Persist
0x100401d20 [fd 2] Signal Persist
0x100401df0 [fd 13] Signal Persist
Initialized 8 connection handling threads
Started 8 connection handling threads
Starting main event loop.
SNI peek: [login.yahoo.com] [complete]
Connecting to [106.10.162.30]:443
===> Original server certificate:
Subject DN: /C=US/ST=CA/L=Sunnyvale/O=Yahoo! Inc./CN=login.yahoo.com
Common Names: login.yahoo.com/mail.yahoo.com/*.mail.yahoo.com/mail.yahoo-inc.com/login.yahoo.com/fb.member.yahoo.com
Fingerprint: e9:c0:09:f9:4e:f5:e9:92:e2:fa:56:5d:13:f5:a2:56:76:da:6e:7b
Certificate cache: MISS
===> Forged server certificate:
Subject DN: /C=US/ST=CA/L=Sunnyvale/O=Yahoo! Inc./CN=login.yahoo.com
Common Names: login.yahoo.com/mail.yahoo.com/*.mail.yahoo.com/mail.yahoo-inc.com/login.yahoo.com/fb.member.yahoo.com
Fingerprint: 04:bc:a0:67:92:33:30:7d:75:18:d2:da:58:f8:ef:c2:2d:c5:db:0c
Unknown bufferevent 0x80
Certificate cache: KEEP (SNI match or target mode)
src buffer event connected: ignoring event
https [192.168.2.2]:57526 [106.10.162.30]:443 login.yahoo.com GET / 200 - sni:login.yahoo.com crt:login.yahoo.com/mail.yahoo.com/*.mail.yahoo.com/mail.yahoo-inc.com/login.yahoo.com/fb.member.yahoo.com origcrt:login.yahoo.com/mail.yahoo.com/*.mail.yahoo.com/mail.yahoo-inc.com/login.yahoo.com/fb.member.yahoo.com
Process 41327 stopped
* thread #2: tid = 0x13ed1d, 0x0000000100102e44 libcrypto.1.0.0.dylib`sk_pop_free + 21, stop reason = EXC_BAD_ACCESS (code=1, address=0x2)
frame #0: 0x0000000100102e44 libcrypto.1.0.0.dylib`sk_pop_free + 21
libcrypto.1.0.0.dylib`sk_pop_free + 21:
-> 0x100102e44: movl (%r15), %eax
0x100102e47: testl %eax, %eax
0x100102e49: jle 0x100102e67 ; sk_pop_free + 56
0x100102e4b: xorl %ebx, %ebx
(lldb) thread backtrace
* thread #2: tid = 0x13ed1d, 0x0000000100102e44 libcrypto.1.0.0.dylib`sk_pop_free + 21, stop reason = EXC_BAD_ACCESS (code=1, address=0x2)
frame #0: 0x0000000100102e44 libcrypto.1.0.0.dylib`sk_pop_free + 21
frame #1: 0x0000000100053616 libssl.1.0.0.dylib`SSL_free + 505
frame #2: 0x00000001000120d5 sslsplit`pxy_ssl_shutdown_cb(fd=59, what=0, arg=0x00000001003304e0) + 517 at pxysslshut.c:151
frame #3: 0x0000000100011e35 sslsplit`pxy_ssl_shutdown(evbase=0x000000010031ba40, ssl=0x0000000100329b40, fd=59) + 117 at pxysslshut.c:176
frame #4: 0x000000010000c9ad sslsplit`bufferevent_free_and_close_fd(bev=0x000000010032a030, ctx=0x0000000100329330) + 157 at pxyconn.c:875
frame #5: 0x000000010000f13f sslsplit`pxy_bev_eventcb(bev=0x000000010032a030, events=16, arg=0x0000000100329330) + 3279 at pxyconn.c:1613
frame #6: 0x0000000100218eeb libevent-2.0.5.dylib`bufferevent_run_deferred_callbacks_locked(_=<unavailable>, arg=0x000000010032a030) + 267 at bufferevent.c:160
frame #7: 0x00000001002104b1 libevent-2.0.5.dylib`event_base_loop [inlined] event_process_deferred_callbacks + 100 at event.c:1391
frame #8: 0x000000010021044d libevent-2.0.5.dylib`event_base_loop [inlined] event_process_active(base=<unavailable>) + 731 at event.c:1432
frame #9: 0x0000000100210172 libevent-2.0.5.dylib`event_base_loop(base=0x000000010031ba40, flags=<unavailable>) + 1762 at event.c:1621
frame #10: 0x0000000100012679 sslsplit`pxy_thrmgr_thr(arg=0x000000010031b9f0) + 153 at pxythrmgr.c:86
frame #11: 0x00007fff8c40a899 libsystem_pthread.dylib`_pthread_body + 138
frame #12: 0x00007fff8c40a72a libsystem_pthread.dylib`_pthread_start + 137
frame #13: 0x00007fff8c40efc9 libsystem_pthread.dylib`thread_start + 13
(lldb)
I have looked at a few source files for your current software. I have noticed that some checks for return codes are missing.
Would you like to add more error handling for return values from functions like the following?
Should add some sample script(s) for single file or fifo content log post-processing.
SSLsplit 0.4.5 with the following command line:
sslsplit -k CA.key -c CA.pem -P https 127.0.0.1 443 sni 443
returns:
Error from bind(): Permission denied
Failed to initialize proxy.
SSLsplit seems to drop privileges before binding to the ports. This seems to be a regression introduced somewhere during the fixes for multithreading.
Possible workarounds include:
Reported by Ian Grispan.
Remove all code for supporting SSL 2.0 left in SSLsplit.
Handle renegotiations and client certificate authentication more gracefully.
Mac OS X includes pf since 10.7 and has removed ipfw as of 10.9. However, Apple does not seem to install the headers needed to access the pf ioctl interfaces, such as pfvar.h
. Without these headers, SSLsplit cannot access the NAT mappings created by pf and therefore cannot support pf on Mac OS X.
It may be possible to manually take the appropriate headers from the XNU source code at:
However, this has not been tested and is only for the brave. There currently seems to be no good solution for the problem.
Is it possible to add a logging option that saves traffic in a format readable by Wireshark? This would make dissecting binary protocols over SSL much easier to analyse.
Hi droe,
your tool is awesome, but it doesn't work in vmware/virtualbox. The guest-sys is the latest Backtrack5R3-Version and the network is bridged. Here are the Error-Messages:
The netfilter NAT engine only suports IPv4 state lookups Connection not found in NAT state table, aborting connection
I start SSLSplit with folowing settings:
slsplit -D -O -P -k fakeCA/private/cakey.pem -c fakeCA/fakeca_public.pem -l log/https.log -S tmp/ https 192.168.0.254 4433
and
iptables -t nat -A PREROUTING -p tcp --destination-port 443 -j REDIRECT --to-ports 4433
With the same settings on the host-sys, SSLSplit is fine. What's wrong?
greetz
Using -t fails under many circumstances, such as with encrypted keys in daemon mode, when chroot() is used, or when the user we drop privs to lacks the permissions to read the file.
-t should be rewritten to load the certificates into a list of cert_t before detaching from TTY; that list would need to be added to the certificate cache after detaching.
sslsplit -D -l connections.log -j /tmp/sslsplit/ -S logdir/ -P -t ./certs/ ssl 0.0.0.0 9443 tcp 0.0.0.0 9080
...
Failed to load cert and key from PEM file './certs/'
certs
directory exists and have a single PEM file inside (foobar.pem):
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIb0sfVok+83ECAggA
MBQGCCqGSIb3DQMHBAiR0r6JINsSZgSCBMiEauatBQlxvspUMgYYL/EMznz3dXm3
Q...
-----END ENCRYPTED PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
MIIDbzCCAlegAwIBAgIJANHqAxI0u/R9MA0GCSqGSIb3DQEBBQUAME4xCzAJBgNV
BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMREwDwYDVQQKDAhGYWNlYm9vazEX
MBUGA1UEAwwOKi5mYWNlYm9vay5jb20wHhcNMTQwMTI5MTAxNjE2WhcNMTkwMTI5...
-----END CERTIFICATE-----
I believe that the problem resides inside the sys.c/sys_dir_eachfile
function which incorrectly traverses through directory structure.
Implement an extendable approach to broken certificate verification implementations and implement some of the more interesting ones.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.