2018-01-18 13:48:52 +00:00
|
|
|
# SSLproxy - transparent SSL/TLS proxy for decrypting and diverting network traffic to other programs for deep SSL inspection
|
2017-08-22 23:15:31 +00:00
|
|
|
|
2018-01-18 13:48:52 +00:00
|
|
|
Copyright (C) 2017-2018, [Soner Tari](http://comixwall.org).
|
2017-08-22 23:15:31 +00:00
|
|
|
https://github.com/sonertari/SSLproxy
|
|
|
|
|
2018-01-18 00:18:53 +00:00
|
|
|
Copyright (C) 2009-2018, [Daniel Roethlisberger](//daniel.roe.ch/).
|
2018-02-27 19:20:58 +00:00
|
|
|
https://www.roe.ch/SSLsplit
|
2012-04-13 12:47:30 +00:00
|
|
|
|
|
|
|
## Overview
|
|
|
|
|
2017-08-22 23:15:31 +00:00
|
|
|
SSLproxy is a proxy for SSL/TLS encrypted network connections. It is intended
|
2017-08-23 11:48:39 +00:00
|
|
|
to be used for decrypting and diverting network traffic to other programs, such
|
2018-03-19 11:23:14 +00:00
|
|
|
as UTM services, for deep SSL inspection. See [this
|
|
|
|
presentation](https://drive.google.com/open?id=12YaGIGs0-xfpqMNAY3rzUbIyed-Tso8W)
|
|
|
|
for a summary.
|
2017-08-22 23:15:31 +00:00
|
|
|
|
|
|
|
SSLproxy is designed to transparently terminate connections that are redirected
|
|
|
|
to it using a network address translation engine. SSLproxy then terminates
|
|
|
|
SSL/TLS and initiates a new SSL/TLS connection to the original destination
|
|
|
|
address. Packets received on the client side are decrypted and sent to the
|
|
|
|
program listening on a port given in the proxy specification. SSLproxy inserts
|
|
|
|
in the first packet the address and port it is expecting to receive the packets
|
|
|
|
back from the program. Upon receiving the packets back, SSLproxy re-encrypts
|
|
|
|
and sends them to their original destination. The return traffic follows the
|
2018-05-12 21:49:21 +00:00
|
|
|
same path back to the client in reverse order.
|
2017-08-22 23:15:31 +00:00
|
|
|
|
2018-03-19 15:33:22 +00:00
|
|
|
![Mode of Operation
|
|
|
|
Diagram](https://drive.google.com/uc?id=1N_Yy5nMPDSvY8YaNFd4sHvipyLWq5zDy)
|
2018-03-19 14:44:07 +00:00
|
|
|
|
2017-08-23 00:27:53 +00:00
|
|
|
This is similar in principle to [divert
|
|
|
|
sockets](https://man.openbsd.org/divert.4), where the packet filter diverts the
|
|
|
|
packets to a program listening on a divert socket, and after processing the
|
|
|
|
packets the program reinjects them into the kernel. If there is no program
|
2017-08-23 01:48:37 +00:00
|
|
|
listening on that divert socket or the program does not reinject the packets
|
|
|
|
into the kernel, the connection is effectively blocked. In the case of
|
|
|
|
SSLproxy, SSLproxy acts as both the packet filter and the kernel, and the
|
|
|
|
communication occurs over networking sockets.
|
2017-08-23 00:27:53 +00:00
|
|
|
|
2017-08-22 23:15:31 +00:00
|
|
|
For example, given the following proxy specification:
|
|
|
|
|
|
|
|
https 127.0.0.1 8443 up:8080
|
|
|
|
|
|
|
|
The SSLproxy listens for HTTPS connections on 127.0.0.1:8443. Upon receiving a
|
|
|
|
connection from the Client, it decrypts and diverts the packets to a Program
|
|
|
|
listening on 127.0.0.1:8080. After processing the packets, the Program gives
|
|
|
|
them back to the SSLproxy listening on a dynamically assigned address, which
|
|
|
|
the Program obtains from the first packet in the connection. Then the SSLproxy
|
|
|
|
re-encrypts and sends the packets to the Server. The response from the Server
|
2017-08-23 00:27:53 +00:00
|
|
|
follows the same path to the Client in reverse order.
|
2017-08-22 23:15:31 +00:00
|
|
|
|
|
|
|
The program that packets are diverted to should support this mode of operation.
|
|
|
|
Specifically, it should be able to recognize the SSLproxy address in the first
|
2017-08-23 00:27:53 +00:00
|
|
|
packet, and give the first and subsequent packets back to the SSLproxy
|
|
|
|
listening on that address, instead of sending them to the original destination
|
|
|
|
as it normally would.
|
2017-08-22 23:15:31 +00:00
|
|
|
|
2017-09-02 19:45:01 +00:00
|
|
|
A sample line SSLproxy inserts into the first packet in the connection is the
|
|
|
|
following:
|
|
|
|
|
|
|
|
SSLproxy: [127.0.0.1]:34649,[192.168.3.24]:47286,[192.168.111.130]:443,s
|
|
|
|
|
|
|
|
The first IP:port pair is a dynamically assigned address that the SSLproxy
|
|
|
|
expects the program send the packets back to it. The second and third IP:port
|
2018-03-19 14:44:07 +00:00
|
|
|
pairs are the actual source and destination addresses of the connection
|
|
|
|
respectively. Since the program receives the packets from the SSLproxy, it
|
|
|
|
cannot determine the source and destination addresses of the packets by
|
|
|
|
itself, hence must rely on the information in this SSLproxy line. The last
|
|
|
|
letter is either s or p, for SSL/TLS encrypted or plain traffic respectively.
|
|
|
|
This information is also important for the program, because it cannot reliably
|
|
|
|
determine if the actual network traffic it is processing was encrypted or not.
|
2017-09-02 19:45:01 +00:00
|
|
|
|
2017-08-22 23:15:31 +00:00
|
|
|
SSLproxy supports plain TCP, plain SSL, HTTP, HTTPS, POP3, POP3S, SMTP, and
|
2018-02-27 19:20:58 +00:00
|
|
|
SMTPS connections over both IPv4 and IPv6. It also has the ability to
|
|
|
|
dynamically upgrade plain TCP to SSL in order to generically support SMTP
|
|
|
|
STARTTLS and similar upgrade mechanisms. SSLproxy fully supports Server Name
|
2017-08-22 23:15:31 +00:00
|
|
|
Indication (SNI) and is able to work with RSA, DSA and ECDSA keys and DHE and
|
|
|
|
ECDHE cipher suites. Depending on the version of OpenSSL, SSLproxy supports
|
|
|
|
SSL 3.0, TLS 1.0, TLS 1.1 and TLS 1.2, and optionally SSL 2.0 as well.
|
|
|
|
|
2018-02-27 19:20:58 +00:00
|
|
|
For SSL and HTTPS connections, SSLproxy generates and signs forged X509v3
|
2017-08-22 23:15:31 +00:00
|
|
|
certificates on-the-fly, mimicking the original server certificate's subject
|
|
|
|
DN, subjectAltName extension and other characteristics. SSLproxy has the
|
|
|
|
ability to use existing certificates of which the private key is available,
|
|
|
|
instead of generating forged ones. SSLproxy supports NULL-prefix CN
|
|
|
|
certificates but otherwise does not implement exploits against specific
|
2015-05-01 09:54:20 +00:00
|
|
|
certificate verification vulnerabilities in SSL/TLS stacks.
|
|
|
|
|
2017-08-23 11:14:21 +00:00
|
|
|
SSLproxy implements a number of defenses against mechanisms which would
|
2017-08-22 23:15:31 +00:00
|
|
|
normally prevent MitM attacks or make them more difficult. SSLproxy can deny
|
|
|
|
OCSP requests in a generic way. For HTTP and HTTPS connections, SSLproxy
|
2018-02-27 19:20:58 +00:00
|
|
|
mangles headers to prevent server-instructed public key pinning (HPKP), avoid
|
|
|
|
strict transport security restrictions (HSTS), and prevent switching to
|
|
|
|
QUIC/SPDY, HTTP/2 or WebSockets (Upgrade, Alternate Protocols). HTTP
|
|
|
|
compression, encodings and keep-alive are disabled to make the logs more
|
|
|
|
readable.
|
2012-04-13 12:47:30 +00:00
|
|
|
|
2017-08-22 23:15:31 +00:00
|
|
|
Another reason to disable persistent connections is to reduce file descriptor
|
|
|
|
usage. Accordingly, connections are closed if they remain idle for a certain
|
|
|
|
period of time. The default timeout is 120 seconds, which can be changed in a
|
|
|
|
configuration file.
|
|
|
|
|
2018-01-18 00:18:53 +00:00
|
|
|
SSLproxy verifies upstream certificates by default. If the verification fails, the
|
|
|
|
connection is terminated immediately. This is in contrast to SSLsplit, because
|
|
|
|
in order to maximize the chances that a connection can be successfully split,
|
|
|
|
SSLsplit accepts all certificates including self-signed ones. See [The Risks of
|
|
|
|
SSL Inspection](https://insights.sei.cmu.edu/cert/2015/03/the-risks-of-ssl-inspection.html)
|
|
|
|
for the reasons of this difference.
|
2017-08-22 23:15:31 +00:00
|
|
|
|
|
|
|
As SSLproxy is based on SSLsplit, this is a modified SSLsplit README file.
|
|
|
|
See the manual page sslproxy(1) for details on using SSLproxy and setting up
|
2012-04-13 12:47:30 +00:00
|
|
|
the various NAT engines.
|
|
|
|
|
|
|
|
|
|
|
|
## Requirements
|
|
|
|
|
2017-08-22 23:15:31 +00:00
|
|
|
SSLproxy depends on the OpenSSL and libevent 2.x libraries.
|
2012-05-13 16:22:23 +00:00
|
|
|
The build depends on GNU make and a POSIX.2 environment in `PATH`.
|
2015-05-02 10:47:10 +00:00
|
|
|
If available, pkg-config is used to locate and configure the dependencies.
|
2014-01-14 00:23:09 +00:00
|
|
|
The optional unit tests depend on the check library.
|
2012-04-13 12:47:30 +00:00
|
|
|
|
2017-08-22 23:15:31 +00:00
|
|
|
SSLproxy currently supports the following operating systems and NAT mechanisms:
|
2014-11-04 19:39:20 +00:00
|
|
|
|
2013-12-23 13:13:27 +00:00
|
|
|
- FreeBSD: pf rdr and divert-to, ipfw fwd, ipfilter rdr
|
2013-12-23 12:57:57 +00:00
|
|
|
- OpenBSD: pf rdr-to and divert-to
|
2012-04-13 12:47:30 +00:00
|
|
|
- Linux: netfilter REDIRECT and TPROXY
|
2014-11-19 21:30:01 +00:00
|
|
|
- Mac OS X: pf rdr and ipfw fwd
|
2012-04-13 12:47:30 +00:00
|
|
|
|
2014-11-28 11:09:40 +00:00
|
|
|
Support for local process information (`-i`) is currently available on Mac OS X
|
|
|
|
and FreeBSD.
|
|
|
|
|
|
|
|
SSL/TLS features and compatibility greatly depend on the version of OpenSSL
|
2015-08-02 20:06:51 +00:00
|
|
|
linked against; for optimal results, use a recent release of OpenSSL proper.
|
2017-08-22 23:15:31 +00:00
|
|
|
OpenSSL forks like BoringSSL may or may not work.
|
2014-11-28 11:09:40 +00:00
|
|
|
|
2012-04-13 12:47:30 +00:00
|
|
|
|
|
|
|
## Installation
|
|
|
|
|
2015-05-02 10:52:37 +00:00
|
|
|
With OpenSSL, libevent 2.x, pkg-config and check available, run:
|
|
|
|
|
2012-05-13 16:22:23 +00:00
|
|
|
make
|
|
|
|
make test # optional unit tests
|
|
|
|
make install # optional install
|
2012-04-13 12:47:30 +00:00
|
|
|
|
2012-04-22 23:03:38 +00:00
|
|
|
Dependencies are autoconfigured using pkg-config. If dependencies are not
|
2012-05-13 16:22:23 +00:00
|
|
|
picked up and fixing `PKG_CONFIG_PATH` does not help, you can specify their
|
|
|
|
respective locations manually by setting `OPENSSL_BASE`, `LIBEVENT_BASE` and/or
|
|
|
|
`CHECK_BASE` to the respective prefixes.
|
2012-04-13 12:47:30 +00:00
|
|
|
|
2012-05-13 16:22:23 +00:00
|
|
|
You can override the default install prefix (`/usr/local`) by setting `PREFIX`.
|
2014-11-04 19:39:20 +00:00
|
|
|
For more build options see `GNUmakefile`.
|
2012-04-13 12:47:30 +00:00
|
|
|
|
|
|
|
|
2014-11-28 11:09:40 +00:00
|
|
|
## Documentation
|
2012-04-13 12:47:30 +00:00
|
|
|
|
2018-02-27 19:20:58 +00:00
|
|
|
See the manual page `sslproxy.1` for user documentation.
|
2014-11-28 11:18:40 +00:00
|
|
|
See `NEWS.md` for release notes listing significant changes between releases.
|
2012-04-13 12:47:30 +00:00
|
|
|
|
|
|
|
|
|
|
|
## License
|
|
|
|
|
2014-11-30 00:39:57 +00:00
|
|
|
SSLsplit is provided under a 2-clause BSD license.
|
2014-01-14 00:23:09 +00:00
|
|
|
SSLsplit contains components licensed under the MIT and APSL licenses.
|
2018-02-27 19:20:58 +00:00
|
|
|
See `LICENSE`, `LICENSE.contrib` and `LICENSE.third` as well as the respective
|
|
|
|
source file headers for details.
|
2017-08-22 23:15:31 +00:00
|
|
|
The modifications for SSLproxy are licensed under the same terms as SSLsplit.
|
2012-04-13 12:47:30 +00:00
|
|
|
|
2018-01-18 00:18:53 +00:00
|
|
|
|
|
|
|
## Credits
|
|
|
|
|
2018-02-27 19:20:58 +00:00
|
|
|
See `AUTHORS.md` for the list of contributors.
|
|
|
|
|
2018-01-18 00:18:53 +00:00
|
|
|
SSLsplit was inspired by `mitm-ssl` by Claes M. Nyberg and `sslsniff` by Moxie
|
|
|
|
Marlinspike, but shares no source code with them.
|
|
|
|
|
|
|
|
|