SSLproxy

Commit Graph

Author	SHA1	Message	Date
Soner Tari	a7d671169c	Fix handling of HTTP Accept-Encoding	5 years ago
Soner Tari	d1a3328c58	Differentiate PassSite option from Passthrough option: PassSite does not require Passthrough now Remove redundant if conditions	6 years ago
Soner Tari	26a73d797d	Fix passsite struct free	6 years ago
Soner Tari	c3abe74776	Add client filtering to PassSite option, per site filters can be defined using client IP addresses, users, and description keywords	6 years ago
Soner Tari	7e8fcbcafa	Move strncpy() call from passsite matching to initial PassSite setup	6 years ago
Soner Tari	ddeb9831ed	Add PassSite option, if the site matches SNI or common names in the SSL certificate, the connection is passed through the proxy, issue #12	6 years ago
Soner Tari	9275315541	Add OpenFilesLimit option, use 50-10000, so user does not need to modify system-wide value now	6 years ago
Soner Tari	074e5d6400	Add LeafKeyRSABits option for user to change leaf key RSA keysize in bits, so it can be set to 1024\|2048\|3072\|4096 now	6 years ago
Soner Tari	0d49ba56db	Enable user auth support on Linux	6 years ago
Soner Tari	b6f2203495	Validate proxyspec protocols http, pop3, and smtp	6 years ago
Soner Tari	c37bcc6de1	Add UserDBPath and UserTimeout options	6 years ago
Soner Tari	cde3fbca3f	Redirect user to login page and redirect again to orig target after successful authentication, currently supported only on OpenBSD Get ethernet address and compare with the one in userdb, on each conn setup Create user_auth options Rename and clean-up	6 years ago
Soner Tari	304207e9e9	Add initial user database support using sqlite3	6 years ago
Soner Tari	e132b12d79	Support remote listening programs using ua and ra proxyspec options, address of remote listening program that decrypted packets are diverted to and address SSLproxy is listening for returned packets from remote listening program, respectively	6 years ago
Soner Tari	70a22f4515	Do not break the event loop if out of fds, instead properly check all retvals of libevent functions So remove getdtable*() solution	6 years ago
Soner Tari	52d37297b6	Update with sslsplit develop changes, especially content logging Change SIGHUP to behave like SIGUSR1	6 years ago
Soner Tari	2f0e574f09	Fix autossl, but Evolution client sometimes does not send ehlo, especially after user rejects self-signed cert, which needs further investigation And other improvements	6 years ago
Soner Tari	a314be6e94	Add conn context and is_child fields to proxy context struct to get rid of extra function params and to simplify conditionals Remove redundant parent/conn pointer vars Use conn instead of parent amap	6 years ago
Soner Tari	9213734c95	Enable header insertion for tcp and ssl proxspecs as well, reported by @Sfinx Remove redundant mail field of proxyspec	6 years ago
Soner Tari	d2e9ab4487	Merge sslsplit-develop changes	6 years ago
Soner Tari	a584363f62	Add defined(LIBRESSL_VERSION_NUMBER) directives to fix signal 6 and 10 crashes: LibreSSL versions up to v2.7.4 behave like OPENSSL_VERSION_NUMBER < 0x1000200fL, beware not just OPENSSL_VERSION_NUMBER < 0x10100000L Fix up:port af, use a different var, because utm port af is always AF_INET, and it breaks the target address af if the listening address is AF_INET6 Enable -O2 C flag, because LibreSSL is compiled with -O2 too	6 years ago
Soner Tari	0c8348db75	Merge sslsplit develop changes	6 years ago
Soner Tari	e8054deed3	Set option defaults in opts_new() now Use bit instead of int for boolean options	6 years ago
Soner Tari	7ac3e0a445	Remove most of defined(LIBRESSL_VERSION_NUMBER), LibreSSL behaves more like OPENSSL_VERSION_NUMBER >= 0x10100000L now	6 years ago
Soner Tari	5a4b8974bf	Add fall through comment for missing break in case statement, as gcc (Ubuntu 7.3.0-16ubuntu3) 7.3.0 complains about it now Break out of for loop if max token is reached	6 years ago
Soner Tari	ee3278d2bb	Fix a possible memory corruption due to incorrect size allocation for argv	6 years ago
Soner Tari	27650fab69	Support all command line options in the conf file as well Update with the latest sslsplit-devel changes	7 years ago
Soner Tari	5bba07b27f	Use SSL_CTX_set_min_proto_version() and SSL_CTX_set_max_proto_version() functions to force SSL/TLS protocol version for OpenSSL 1.1.0+	7 years ago
Soner Tari	9d435e180c	Update with SSLsplit 0.5.2 and develop branch changes as of 270218	7 years ago
Soner Tari	4c8831bd90	Update with SSLsplit 0.5.1 changes, fix LibreSSL version issues Add VerifyPeer and AllowWrongHost options	7 years ago
Soner Tari	4fceaaa0e9	Fix compiler warning Rename the man page for the ports package	7 years ago
Soner Tari	9ec58f821b	Changes needed while adding SSL proxy support to WUI Separate mail/mails to pop3/pop3s/smtp/smpts for statistics Write connect logs to syslog too, for statistics Fix log lines for statistics, remove fds from err logs	7 years ago
Soner Tari	7748e3ec1b	Add conf file support, with -f command line option, supports a subset of all possible options	7 years ago
Soner Tari	1a6eab50a5	Tidy and clean logs up Add DEBUG_PROXY directive around all log_dbg_level_printf() and related lines Log stats to syslog, similar to error logs, so that it is simpler to rotate and parse -O w/o -g is failing bufferevent_socket_connect for parent dst, so either enable -O w/ -g, or disable -O w/o -g (-O2 is failing too) Refactoring	7 years ago
Soner Tari	4bfc85868b	Add support for pop3 (p3scan pop3 proxy) Send sslproxy info only once, in the first packet only Clean-up	7 years ago
Soner Tari	67ddee1585	Import sslsplit-devel changes Add stats logs, initial Add SSLproxy_SrcAddr header field Clean-up	7 years ago
Soner Tari	5a496d04e0	Make utm service port spec a command line option Check NULL retvals, clean-up	7 years ago
Soner Tari	26cbefa3a4	Use inet_ntop() instead of inet_ntoa() Fix compiler warnings	7 years ago
Soner Tari	133584361f	Rename and clean-up	7 years ago
Soner Tari	82b58c2dab	Fix multithreading Clean-up	7 years ago
Soner Tari	ad63380b07	Fix e2 port specs, otherwise we get: "Error from socket() fd2: Protocol not supported (43) Error opening socket: Bad file descriptor (9)"	7 years ago
Soner Tari	d033ea68dd	Plain TCP version is running good enough, next will try to switch the SSL on	7 years ago
Daniel Roethlisberger	29f44c3d64	Add autossl spec parsing tests and improve docs	9 years ago
Daniel Roethlisberger	e67978f4dd	Merge branch 'develop' into feature/autossl	9 years ago
Daniel Roethlisberger	3bda2715c7	Don't test NONNULL spec in first loop iteration	9 years ago
Daniel Roethlisberger	0506024587	Update copyright notices to 2016	9 years ago
Daniel Roethlisberger	b3b7a7ab17	Merge branch 'develop' into feature/autossl	9 years ago
Daniel Roethlisberger	0e2b748bba	Only init DNS when DNS is required by proxy specs Only initialize evdns if DNS lookups are actually required by the loaded proxy specifications. This allows sslsplit to work in non-DNS modes in situations where the local DNS resolver does not work, such as for local use on a system without network connectivity. Currently, only SNI based proxy specs require DNS. On systems without network connectivity, DNS subsystem init may fail due to /etc/resolv.conf being (temporarily) unavailable. Issue: #104	9 years ago
Daniel Roethlisberger	57a2ab8588	Rewrite protocol version macros and refactoring Introduce HAVE_SSLV2, HAVE_SSLV3, HAVE_TLSV10, HAVE_TLSV11 and HAVE_TLSV12 to indicate that support for the respective protocol is available in OpenSSL. This was necessary due to the increased complexity of testing version support following the phasing out of SSLv2 and SSLv3 from OpenSSL implementations. This fixes the build with OpenSSL versions which have SSLv3 support removed. While here, de-duplicate code for setting SSL_CTX options and do not set SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION anymore; it has no benefit in the context of splitting SSL/TLS for analysis. Reported by: Jérémie Courrèges-Anglas	9 years ago
Daniel Roethlisberger	6671a82aed	Rename genericstarttls to autossl and improve docs Issue: #87	10 years ago

1 2

66 Commits (57ae6f07a5c7f64f4f5a0209e451106b128eab43)