Archives
/
SSLproxy
mirror of https://github.com/sonertari/SSLproxy
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
961 Commits
2 Branches
25 Tags
3.0 MiB
develop
master
v0.5.0
v0.5.1
v0.5.2
v0.5.3
v0.5.4
v0.5.5
v0.5.6
v0.5.7
v0.5.8
v0.5.9
v0.6.0
v0.7.0
v0.8.0
v0.8.1
v0.8.2
v0.8.3
v0.8.4
v0.8.5
v0.8.6
v0.9.0
v0.9.1
v0.9.2
v0.9.3
v0.9.4
v0.9.5
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '446cc29f5f'
${ noResults }
Commit Graph

77 Commits (446cc29f5f97b7d907782e669a7a1d3aed828f5c)

Author SHA1 Message Date
Soner Tari ac3607a841 Add deferred pass and block actions 
We should defer pass and/or block actions as long as possible, because a
higher precedence rule in SSL filter should be able to override (cancel)
deferred pass and block actions taken by a lower precedence rule in Dst
Host filter. And in HTTP filter the same applies to deferred block
actions taken by Dst Host and SSL filters.

Also, thanks to this new deferred actions, now HTTP filter can keep
enabled divert and split modes. In other words, a higher precedence HTTP
filter rule can cancel a deferred block action set by a lower precedence
rule earlier, which was not possible before without deferred actions and
rule precedence.

And other improvements.
 3 years ago
Soner Tari 11884271fd Add negation prefix ! to log actions 
Now filtering rules can disable log actions too. This is possible thanks
to the newly added precedence field of rules. Log actions of filtering
rules at higher precedence can modify logging now. In other words, more
specific rules can change the log actions of more general rules.
HTTP filtering rules can only disable logging.
 3 years ago
Soner Tari cc7bd4a332 Add precedence to filtering rules 
Now we assign precedence to each filtering rule. More specific rules
have higher precedence. So, filtering rules at lower precedence cannot
override the actions applied to a conn by filtering rules at higher
precedence.
The other precedence rules still apply.
 3 years ago
Soner Tari 8ec97d779f Do not take log actions in HTTP filtering rules 
Log actions specified in HTTP filter rules can never enable disabled
logging, because their loggers would not be initialized.

Perhaps we should initialize them in the log submit function, if they
are initialized yet.
 3 years ago
Soner Tari 8a57d52f62 Add master and cert log actions 
Also, improve documentation
 3 years ago
Soner Tari 357e6050db Do not init content logging for the connection if its log action is disabled 
So now, we don't create any content log file if that log action is
disabled.
Also, improve documentation.
 3 years ago
Soner Tari f0c2ca6819 Add Match action and connect|content|pcap|mirror log actions in filtering rules 
- Match action is added to be used with log actions only, the other
filter actions can specify log actions too
- Log actions do not configure any loggers. Global loggers for
respective log actions should have been configured for those log actions
to have any effect.
- If no filter rules are defined for a proxyspec, all log actions are
enabled. Otherwise, all log actions are disabled, and filtering rules
should enable them specifically.
- Fix max number of tokens in proxyspec and filter parsers
- Fix issues with rejecting unknown args in filter rule parser
- Do not use filter_rules field of proxyspec after config finished, it
is used for filter configuration and freed afterwards
 3 years ago
Soner Tari 8d752b4d31 Add documentation for filtering rules 
Also bump version to 0.8.7
 3 years ago
Soner Tari f2d4ef61c9 Add support for passsite substring match 
Now the site field in PassSite option can have an '*' suffix to search
for a match anywhere in sni or common names. Note that this is not a
regex or wildcard search.

Previously, we only supported exact matches in sni and between slashes
in common names. This change makes it possible to cover multiple sites
in one PassSite option. In fact, without this change, certain sites
could not be added as passsite, because it was impossible to know their
subdomain names beforehand, for example *.fbcdn.net, which may have many
subdomain names in place of asterisk.

So to use substring match, append an '*' to a site name in PassSite
option (the asterisk is removed before substring search). For example,
use ".fbcdn.net*" to match all subdomains of fbcdn.net, notice the
asterisk at the end.

We also add a warning log starting with "Closing on ssl error without
passsite match" to report sites that can be added as passsite, which is
expected to help in writing PassSite rules.

Also, we now set dstaddr_str earlier in conn handling, so we can print
it in debug logs. This also helps in IDLE and EXPIRED conn logs.
 3 years ago
Soner Tari 69753b250c Add split mode of operation similar to SSLsplit 
The -n command line option enables split mode for all proxyspecs,
effectively making sslproxy behave like sslsplit.
Divert option can be set/unset globally and per-proxyspec.
Add e2e tests for split mode, and update make file for tests
accordingly.
Update documentation accordingly.
Improve code reuse, remove duplicate functions.

This change deserves a release of its own, hence v0.8.4.
 3 years ago
Soner Tari 1bb5bd2398 Improve UserAuth documentation 3 years ago
Soner Tari 2b9cb937fd Improve documentation 3 years ago
Soner Tari 596aebb2f3 Update version to 0.8.3 and copyright year to 2021 3 years ago
Soner Tari 66dddf2cdb Add info on IPv4-only features 4 years ago
Soner Tari 9c76563cee Fix mistake: return address -> divert address 4 years ago
Soner Tari 177f6a3b52 Improve overview 4 years ago
Soner Tari def65e195c Update man page with README 
Improve README
 4 years ago
Soner Tari f1e9de7386 Improve documentation 4 years ago
Soner Tari f254ac1586 Add info on DivertUsers and PassUsers options 4 years ago
Soner Tari 6c0b981831 Update version to 0.8.1 
Update TLS 1.3 documentation.
 4 years ago
Soner Tari 05654e3bee Avoid possible crashes caused by passing NULL pointers to str*() functions 4 years ago
Soner Tari ea57aebf15 Fix mailto 4 years ago
Soner Tari 2b702495b0 Remove comixwall.org 4 years ago
Soner Tari a0d74baa43 Update copyright year to 2020 4 years ago
Soner Tari 009fe9f6ad Merge sslsplit develop changes 5 years ago
Soner Tari 3c124966e4 Update documentation 5 years ago
Soner Tari c3abe74776 Add client filtering to PassSite option, per site filters can be defined using client IP addresses, users, and description keywords 5 years ago
Soner Tari 07a6c32e93 Update documentation with PassSite option 5 years ago
Soner Tari 0eaf475193 Update documentation with the new user info in SSLproxy line 5 years ago
Soner Tari dcaaa49f90 Improve documentation and use better names 5 years ago
Soner Tari 362a87ac6d Update documentation 5 years ago
Soner Tari 0d49ba56db Enable user auth support on Linux 5 years ago
Soner Tari b6f2203495 Validate proxyspec protocols http, pop3, and smtp 5 years ago
Soner Tari f3e7a359a6 Update documentation with user auth feature 5 years ago
Soner Tari 588122b512 Explain support for remote listening programs in README 6 years ago
Soner Tari 3d1ed7c8d2 Fix the link for The Risks of SSL Inspection, markdown doesn't like the new line in between caption and link 6 years ago
Soner Tari 52d37297b6 Update with sslsplit develop changes, especially content logging 
Change SIGHUP to behave like SIGUSR1
 6 years ago
Soner Tari d2e9ab4487 Merge sslsplit-develop changes 6 years ago
Soner Tari 0c8348db75 Merge sslsplit develop changes 6 years ago
Soner Tari df061dc7ad Add Travis CI 6 years ago
Soner Tari 5e2724c38b Update version to 0.5.6 
Improve man pages and help message
 6 years ago
Soner Tari e577747ac8 No need to resize the image width, because github fits it to the page width itself 6 years ago
Soner Tari e06c338724 Fix the url of the Mode of Operation Diagram, github needs direct link to google drive documents, and resize the image using html code, because github markdown does not support resizing 6 years ago
Soner Tari 8590d61291 Add the Mode of Operation Diagram 6 years ago
Soner Tari 0b420556ea Add presentation 6 years ago
Soner Tari 9d435e180c Update with SSLsplit 0.5.2 and develop branch changes as of 270218 6 years ago
Soner Tari e2e910ba08 Update title and copyright year 7 years ago
Soner Tari 4c8831bd90 Update with SSLsplit 0.5.1 changes, fix LibreSSL version issues 
Add VerifyPeer and AllowWrongHost options
 7 years ago
Soner Tari a56929922d Fix link 7 years ago
Soner Tari a2b14097dd Verify upstream certificates, see https://insights.sei.cmu.edu/cert/2015/03/the-risks-of-ssl-inspection.html 7 years ago