Commit Graph

82 Commits

Author SHA1 Message Date
Soner Tari
69753b250c Add split mode of operation similar to SSLsplit
The -n command line option enables split mode for all proxyspecs,
effectively making sslproxy behave like sslsplit.
Divert option can be set/unset globally and per-proxyspec.
Add e2e tests for split mode, and update make file for tests
accordingly.
Update documentation accordingly.
Improve code reuse, remove duplicate functions.

This change deserves a release of its own, hence v0.8.4.
2021-08-29 17:31:05 +03:00
Soner Tari
255cd1cd88 Separate make test as unit and e2e 2020-12-23 22:35:32 +03:00
Soner Tari
9ff63a1639 Disable travis testproxy tests on osx
SSL tests fail with "SSL stream connect HandshakeError: the handshake
was interrupted" and "SSL stream error: the handshake failed: Connection
reset by peer (os error 54)"
2020-04-03 12:19:38 +03:00
Soner Tari
155b83c045 Do not export vars to the shell, instead create a main.mk and include it when needed
Otherwise it is almost impossible to stop var redefinitions in
successive builds
2020-03-31 16:19:02 +03:00
Soner Tari
6d9cdeb8f5 Install cargo and testproxy to only one linux machine for now 2020-03-31 11:55:30 +03:00
Soner Tari
c69755a4bc Fix osx xnu path 2020-03-29 23:59:48 +03:00
Soner Tari
85d6a8690c Fix error message if check is missing 2020-03-29 23:59:30 +03:00
Soner Tari
af3366b84f Create make files for src and tests/check folders
Move folders and files related with check tests under tests/check folder
Fix check unit tests accordingly
2020-03-29 16:55:02 +03:00
Soner Tari
8eab8d1da8 Restructure source tree, create src and tests folders, move files accordingly
Remove docker
2020-03-27 14:28:08 +03:00
Soner Tari
009fe9f6ad Merge sslsplit develop changes 2019-08-08 12:23:04 +03:00
Soner Tari
f6a8522d1e Enable -O2 optimization, remove -g
Clean up gitignore
Fix typos
2019-05-27 11:12:12 +03:00
Soner Tari
cde3fbca3f Redirect user to login page and redirect again to orig target after successful authentication, currently supported only on OpenBSD
Get ethernet address and compare with the one in userdb, on each conn setup
Create user_auth options
Rename and clean-up
2019-03-01 02:08:24 +03:00
Soner Tari
304207e9e9 Add initial user database support using sqlite3 2019-02-16 17:29:14 +03:00
Soner Tari
52d37297b6 Update with sslsplit develop changes, especially content logging
Change SIGHUP to behave like SIGUSR1
2018-11-03 18:23:31 +03:00
Soner Tari
d2e9ab4487 Merge sslsplit-develop changes 2018-09-15 02:51:26 +03:00
Soner Tari
a584363f62 Add defined(LIBRESSL_VERSION_NUMBER) directives to fix signal 6 and 10 crashes: LibreSSL versions up to v2.7.4 behave like OPENSSL_VERSION_NUMBER < 0x1000200fL, beware not just OPENSSL_VERSION_NUMBER < 0x10100000L
Fix up:port af, use a different var, because utm port af is always AF_INET, and it breaks the target address af if the listening address is AF_INET6
Enable -O2 C flag, because LibreSSL is compiled with -O2 too
2018-08-22 22:48:55 +03:00
Soner Tari
0c8348db75 Merge sslsplit develop changes 2018-08-03 23:36:51 +03:00
Soner Tari
27650fab69 Support all command line options in the conf file as well
Update with the latest sslsplit-devel changes
2018-05-09 20:05:29 +03:00
Soner Tari
027b6e3a95 Update with sslsplit develop changes 2018-03-26 18:14:54 +03:00
Soner Tari
ae69b21908 Fix build on Linux, need to implement getdtablecount(2) of OpenBSD 2018-02-20 20:46:08 +03:00
Soner Tari
d76a9a52ad Fix examples 2018-02-08 23:40:18 +03:00
Soner Tari
4c8831bd90 Update with SSLsplit 0.5.1 changes, fix LibreSSL version issues
Add VerifyPeer and AllowWrongHost options
2018-01-18 03:18:53 +03:00
Soner Tari
b064ffa668 Use llu int as unique conn id, much simpler than uuid 2017-10-26 20:10:36 +03:00
Soner Tari
a79cf4e0d1 Add sslproxy.conf man page and example sslproxy.conf, and related make changes 2017-08-24 16:16:45 +03:00
Soner Tari
1a6eab50a5 Tidy and clean logs up
Add DEBUG_PROXY directive around all log_dbg_level_printf() and related lines
Log stats to syslog, similar to error logs, so that it is simpler to rotate and parse
-O w/o -g is failing bufferevent_socket_connect for parent dst, so either enable -O w/ -g, or disable -O w/o -g (-O2 is failing too)
Refactoring
2017-08-13 04:36:33 +03:00
Soner Tari
36c89a0314 Fix crash if no logging enabled
Disable debug, the default now
2017-08-11 16:53:46 +03:00
Soner Tari
ea6dc07248 Rename to sslproxy
Reduce http headers to just one SSLproxy line
2017-08-11 15:01:51 +03:00
Soner Tari
5a136b7ce7 Add extra stats
Rearrange, clean-up
2017-07-30 00:34:46 +03:00
Soner Tari
cea873e6f2 Set the OPENBSD directive at compile time 2017-07-29 01:15:39 +03:00
Soner Tari
67ddee1585 Import sslsplit-devel changes
Add stats logs, initial
Add SSLproxy_SrcAddr header field
Clean-up
2017-07-25 16:07:39 +03:00
Soner Tari
0b0f6b21dc Add uuid to all conn mctxs, otherwise we cannot uniquely identify them, causing trouble especially while deleting conns
Fix issues, clean-up
2017-07-01 00:29:39 +03:00
Soner Tari
d033ea68dd Plain TCP version is running good enough, next will try to switch the SSL on 2017-05-29 12:22:23 +03:00
Daniel Roethlisberger
e67978f4dd Merge branch 'develop' into feature/autossl 2016-03-27 13:27:38 +02:00
Daniel Roethlisberger
1c9aa249a9 Fix Travis build by disabling tests using IPv6
TravisCI has removed IPv6 support in 2016.  To cope with this regression
in the testing infrastructure, disable all tests on Travis that depend
on the system being able to handle ::1 as an IP address.  Normal unit
testing still uses the full test suite.
2016-03-25 12:00:35 +01:00
Daniel Roethlisberger
b3b7a7ab17 Merge branch 'develop' into feature/autossl 2016-03-15 20:13:12 +01:00
Daniel Roethlisberger
57a2ab8588 Rewrite protocol version macros and refactoring
Introduce HAVE_SSLV2, HAVE_SSLV3, HAVE_TLSV10, HAVE_TLSV11 and
HAVE_TLSV12 to indicate that support for the respective protocol is
available in OpenSSL.  This was necessary due to the increased
complexity of testing version support following the phasing out of SSLv2
and SSLv3 from OpenSSL implementations.  This fixes the build with
OpenSSL versions which have SSLv3 support removed.

While here, de-duplicate code for setting SSL_CTX options and do not set
SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION anymore; it has no benefit
in the context of splitting SSL/TLS for analysis.

Reported by:	Jérémie Courrèges-Anglas
2015-07-28 23:39:51 +02:00
Daniel Roethlisberger
74f62c3e5e Refactor and unify ClientHello parsers
Refactor and unify ssl_tls_clienthello_identify() and the earlier
ssl_tls_clienthello_parse_sni() into a single
ssl_tls_clienthello_parse() function that handles parsing ClientHello
messages for different purposes.  As a result, rename the debug knob
DEBUG_SNI_PARSER into DEBUG_CLIENTHELLO_PARSER.
2015-05-17 20:27:58 +02:00
Daniel Roethlisberger
64cc8ffcde Fix lib search w/o pkg-config w/multiple instances
Fix automatic search for dependencies when multiple instances of the
same library are installed in different prefixes that we search, by
using the first one found.  Automatic search is only used when
pkg-config was not found.  This fixes compiler errors caused by spurious
path names within compiler or linker flags, such as

    ld: can't map file, errno=22 file '/usr/lib' for architecture x86_64
    clang: error: linker command failed with exit code 1 (use -v to see
    invocation)

While here, also make XNU header version fallback more robust and add
(diabled) version mappings for 10.10.2 and 10.10.3 which are not
published by Apple yet.

Issue:		#96
Reported by:	Jan Vilhuber
2015-05-02 12:23:14 +02:00
Daniel Roethlisberger
dd0d3238ca Add sha1(NEWS.md) to BUILD_INFO when VERSION from dir
Issue:		#85
2015-04-22 23:12:03 +02:00
Daniel Roethlisberger
9b5006d6f7 Add PCFLAGS for additional pkg-config flags
Allow for additional flags to pkg-config by means of a PCFLAGS variable.
This e.g. allows to set PCFLAGS='--static' for static builds in
combination with CFLAGS='-static' and LDFLAGS='-static'.

Issue:		#82
Reported by:	@kickwindbg
2015-03-23 22:10:00 +01:00
Daniel Roethlisberger
a14354d18b Allow uid, gid and mode of installed files to be tuned
Introducing the overridable variables INSTALLUID, INSTALLGID, BINUID,
BINGID, BINMODE, MANUID, MANGID, MANMODE that allow overriding of uid,
gid and mode of installed files.  Note that this solution still has the
limitation that uid, gid and mode of created directories cannot be set.

Issue:		#81
Reported by:	Shiloh Heurich
2015-03-17 00:09:19 +01:00
Daniel Roethlisberger
da47cd3fe1 Improve documentation of build process 2015-03-15 22:38:29 +01:00
Daniel Roethlisberger
3231c9c031 Record the actual XNU version detected 2015-03-02 23:13:48 +01:00
Daniel Roethlisberger
20ea783cf7 Add XNU header selection fallback
If the proper headers matching either the reported XNU version or OS X
version exactly cannot be found, use the latest headers that SSLsplit
knows about.  This fixes build on new releases of OS X that have no
source code published by Apple yet.
2015-02-24 19:24:12 +01:00
Daniel Roethlisberger
bb071336e0 Escape # in shell invocation
This fixes the following make error on Mac OS X versions that we don't
explicitly support yet due to missing sources:

    GNUmakefile:55: *** unterminated call to function `shell': missing `)'.
    Stop.

Reported by:	Justin Garrick
2015-01-17 18:24:58 +01:00
Daniel Roethlisberger
c9aa840214 Quote dollar signs in shell invocation
Reported by:	Justin Garrick
2015-01-14 22:45:59 +01:00
Daniel Roethlisberger
47abb0030d Update clean target for newer clang build artefacts 2014-11-27 22:09:03 +01:00
Daniel Roethlisberger
e1156a3482 Make awk regexp more robust 2014-11-17 23:50:16 +01:00
Daniel Roethlisberger
ec9cc5fb23 Fix usr/grp test with Linux id 2014-11-16 22:47:42 +01:00
Daniel Roethlisberger
6f2f0af0c3 Fix usr/grp formatting unit test when id fails 2014-11-16 22:30:50 +01:00