mirror of
https://github.com/sonertari/SSLproxy
synced 2024-11-06 09:20:26 +00:00
422 lines
8.3 KiB
Plaintext
422 lines
8.3 KiB
Plaintext
# TestProxy test configuration for sslproxy v0.9.0
|
|
|
|
# Global options
|
|
#User _sslproxy
|
|
#Group _sslproxy
|
|
#Chroot /var/run/sslproxy
|
|
PidFile /var/run/sslproxy.pid
|
|
#Daemon yes
|
|
Debug yes
|
|
DebugLevel 4
|
|
#OpenFilesLimit 1024
|
|
#LeafKey /etc/sslproxy/leaf.key
|
|
#LeafKeyRSABits 2048
|
|
#LeafCertDir /etc/sslproxy/leaf.d
|
|
#DefaultLeafCert /etc/sslproxy/leaf.pem
|
|
#WriteGenCertsDir /var/log/sslproxy
|
|
#WriteAllCertsDir /var/log/sslproxy
|
|
#OpenSSLEngine cloudhsm
|
|
#ConnectLog /var/log/sslproxy/connect.log
|
|
#ContentLog /var/log/sslproxy/content.log
|
|
#ContentLogDir /var/log/sslproxy/content
|
|
#ContentLogPathSpec /var/log/sslproxy/%X/%u-%s-%d-%T.log
|
|
#LogProcInfo yes
|
|
#PcapLog /var/log/sslproxy/content.pcap
|
|
#PcapLogDir /var/log/sslproxy/pcap
|
|
#PcapLogPathSpec /var/log/sslproxy/%X/%u-%s-%d-%T.pcap
|
|
#MirrorIf lo
|
|
#MirrorTarget 192.0.2.1
|
|
#MasterKeyLog /var/log/sslproxy/masterkeys.log
|
|
LogStats yes
|
|
StatsPeriod 1
|
|
ConnIdleTimeout 120
|
|
ExpiredConnCheckPeriod 10
|
|
UserDBPath users.db
|
|
|
|
# Default ProxySpec options (cloned to each proxyspec)
|
|
CACert ca.crt
|
|
CAKey ca.key
|
|
#ClientCert /etc/sslproxy/client.crt
|
|
#ClientKey /etc/sslproxy/client.key
|
|
#CAChain /etc/sslproxy/chain.crt
|
|
#LeafCRLURL http://example.com/example.crl
|
|
#DenyOCSP yes
|
|
#Passthrough yes
|
|
#DHGroupParams /etc/sslproxy/dh.pem
|
|
#ECDHCurve prime256v1
|
|
#SSLCompression no
|
|
#ForceSSLProto tls12
|
|
#DisableSSLProto tls10
|
|
#EnableSSLProto tls10
|
|
#MinSSLProto tls10
|
|
#MaxSSLProto tls13
|
|
#Ciphers MEDIUM:HIGH
|
|
#CipherSuites TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256
|
|
#NATEngine netfilter
|
|
#RemoveHTTPAcceptEncoding no
|
|
#RemoveHTTPReferer yes
|
|
VerifyPeer no
|
|
#AllowWrongHost no
|
|
#UserAuth no
|
|
#UserTimeout 300
|
|
#UserAuthURL https://192.168.0.1/userdblogin.php
|
|
#ValidateProto no
|
|
#MaxHTTPHeaderSize 8192
|
|
#PassSite example.com
|
|
#PassSite example.com 192.168.0.1
|
|
#PassSite example.com soner
|
|
#PassSite *.google.com * android
|
|
#Divert yes
|
|
|
|
# Tests for tcp connection over ssl proxyspec
|
|
ProxySpec https 127.0.0.1 8441 up:8080 127.0.0.1 9441
|
|
ProxySpec {
|
|
Proto https
|
|
Addr 127.0.0.1
|
|
Port 8442
|
|
DivertPort 8080
|
|
TargetAddr 127.0.0.1
|
|
TargetPort 9442
|
|
ValidateProto yes
|
|
}
|
|
|
|
# Tests for ssl connection on tcp proxyspec
|
|
ProxySpec {
|
|
Proto http
|
|
Addr 127.0.0.1
|
|
Port 8183
|
|
DivertPort 8080
|
|
TargetAddr 127.0.0.1
|
|
TargetPort 9183
|
|
ValidateProto yes
|
|
}
|
|
|
|
# Tests for HTTP GET method validation
|
|
ProxySpec {
|
|
Proto http
|
|
Addr 127.0.0.1
|
|
Port 8184
|
|
DivertPort 8080
|
|
TargetAddr 127.0.0.1
|
|
TargetPort 9184
|
|
ValidateProto yes
|
|
}
|
|
ProxySpec {
|
|
Proto https
|
|
Addr 127.0.0.1
|
|
Port 8444
|
|
DivertPort 8080
|
|
TargetAddr 127.0.0.1
|
|
TargetPort 9444
|
|
ValidateProto yes
|
|
}
|
|
|
|
# Tests for HTTP POST method validation
|
|
ProxySpec {
|
|
Proto http
|
|
Addr 127.0.0.1
|
|
Port 8185
|
|
DivertPort 8080
|
|
TargetAddr 127.0.0.1
|
|
TargetPort 9185
|
|
ValidateProto yes
|
|
}
|
|
ProxySpec {
|
|
Proto https
|
|
Addr 127.0.0.1
|
|
Port 8445
|
|
DivertPort 8080
|
|
TargetAddr 127.0.0.1
|
|
TargetPort 9445
|
|
ValidateProto yes
|
|
}
|
|
|
|
# Tests for SSL configuration
|
|
ProxySpec https 127.0.0.1 8443 up:8080 127.0.0.1 9443
|
|
# Tests for SSL configuration: tls10 only
|
|
ProxySpec {
|
|
Proto https
|
|
Addr 127.0.0.1
|
|
Port 8449
|
|
DivertPort 8080
|
|
TargetAddr 127.0.0.1
|
|
TargetPort 9449
|
|
ForceSSLProto tls10
|
|
}
|
|
# Tests for SSL configuration: tls11 only
|
|
ProxySpec {
|
|
Proto https
|
|
Addr 127.0.0.1
|
|
Port 8450
|
|
DivertPort 8080
|
|
TargetAddr 127.0.0.1
|
|
TargetPort 9450
|
|
ForceSSLProto tls11
|
|
}
|
|
# Tests for SSL configuration: tls12 only
|
|
ProxySpec {
|
|
Proto https
|
|
Addr 127.0.0.1
|
|
Port 8451
|
|
DivertPort 8080
|
|
TargetAddr 127.0.0.1
|
|
TargetPort 9451
|
|
ForceSSLProto tls12
|
|
}
|
|
# Tests for SSL configuration: Rejects unsupported SSL/TLS proto
|
|
ProxySpec {
|
|
Proto https
|
|
Addr 127.0.0.1
|
|
Port 8452
|
|
DivertPort 8080
|
|
TargetAddr 127.0.0.1
|
|
TargetPort 9452
|
|
ForceSSLProto tls10
|
|
}
|
|
ProxySpec {
|
|
Proto https
|
|
Addr 127.0.0.1
|
|
Port 8453
|
|
DivertPort 8080
|
|
TargetAddr 127.0.0.1
|
|
TargetPort 9453
|
|
ForceSSLProto tls12
|
|
}
|
|
|
|
# Tests for HTTP request headers: SSLproxy, Connection, Upgrade, Keep-Alive, Accept-Encoding, Via, X-Forwarded-For, and Referer
|
|
ProxySpec http 127.0.0.1 8180 up:8080 127.0.0.1 9180
|
|
ProxySpec https 127.0.0.1 8446 up:8080 127.0.0.1 9446
|
|
|
|
# Tests for HTTP response headers: Public-Key-Pins, Public-Key-Pins-Report-Only, Strict-Transport-Security, Expect-CT, Alternate-Protocol, Upgrade, OCSP request
|
|
ProxySpec http 127.0.0.1 8181 up:8080 127.0.0.1 9181
|
|
ProxySpec https 127.0.0.1 8447 up:8080 127.0.0.1 9447
|
|
|
|
# Tests for HTTP response headers: Deny OCSP request, remove Accept-Encoding, and do not remove Referer
|
|
ProxySpec {
|
|
Proto http
|
|
Addr 127.0.0.1
|
|
Port 8186
|
|
DivertPort 8080
|
|
TargetAddr 127.0.0.1
|
|
TargetPort 9186
|
|
DenyOCSP yes
|
|
RemoveHTTPAcceptEncoding yes
|
|
RemoveHTTPReferer no
|
|
}
|
|
ProxySpec {
|
|
Proto https
|
|
Addr 127.0.0.1
|
|
Port 8448
|
|
DivertPort 8080
|
|
TargetAddr 127.0.0.1
|
|
TargetPort 9448
|
|
DenyOCSP yes
|
|
RemoveHTTPAcceptEncoding yes
|
|
RemoveHTTPReferer no
|
|
}
|
|
|
|
# Tests for Passthrough
|
|
ProxySpec {
|
|
Proto https
|
|
Addr 127.0.0.1
|
|
Port 8454
|
|
DivertPort 8080
|
|
TargetAddr 127.0.0.1
|
|
TargetPort 9454
|
|
Passthrough yes
|
|
VerifyPeer yes
|
|
}
|
|
|
|
# Tests for VerifyPeer
|
|
ProxySpec https 127.0.0.1 8455 up:8080 127.0.0.1 9455
|
|
ProxySpec {
|
|
Proto https
|
|
Addr 127.0.0.1
|
|
Port 8456
|
|
DivertPort 8080
|
|
TargetAddr 127.0.0.1
|
|
TargetPort 9456
|
|
VerifyPeer yes
|
|
}
|
|
|
|
# Tests for CACert/CAKey
|
|
ProxySpec https 127.0.0.1 8457 up:8080 127.0.0.1 9457
|
|
ProxySpec {
|
|
Proto https
|
|
Addr 127.0.0.1
|
|
Port 8458
|
|
DivertPort 8080
|
|
TargetAddr 127.0.0.1
|
|
TargetPort 9458
|
|
CACert ca2.crt
|
|
CAKey ca2.key
|
|
}
|
|
|
|
# Tests for UserAuth
|
|
ProxySpec {
|
|
Proto http
|
|
Addr 127.0.0.1
|
|
Port 8187
|
|
DivertPort 8080
|
|
TargetAddr 127.0.0.1
|
|
TargetPort 9187
|
|
UserAuth yes
|
|
}
|
|
ProxySpec {
|
|
Proto https
|
|
Addr 127.0.0.1
|
|
Port 8459
|
|
DivertPort 8080
|
|
TargetAddr 127.0.0.1
|
|
TargetPort 9459
|
|
UserAuth yes
|
|
}
|
|
|
|
# Tests for POP3
|
|
ProxySpec {
|
|
Proto pop3
|
|
Addr 127.0.0.1
|
|
Port 8188
|
|
DivertPort 8110
|
|
TargetAddr 127.0.0.1
|
|
TargetPort 9188
|
|
ValidateProto yes
|
|
}
|
|
ProxySpec {
|
|
Proto pop3s
|
|
Addr 127.0.0.1
|
|
Port 8460
|
|
DivertPort 8110
|
|
TargetAddr 127.0.0.1
|
|
TargetPort 9460
|
|
ValidateProto yes
|
|
}
|
|
|
|
# Tests for SMTP
|
|
ProxySpec {
|
|
Proto smtp
|
|
Addr 127.0.0.1
|
|
Port 8189
|
|
DivertPort 9199
|
|
TargetAddr 127.0.0.1
|
|
TargetPort 9189
|
|
ValidateProto yes
|
|
}
|
|
ProxySpec {
|
|
Proto smtps
|
|
Addr 127.0.0.1
|
|
Port 8461
|
|
DivertPort 9199
|
|
TargetAddr 127.0.0.1
|
|
TargetPort 9461
|
|
ValidateProto yes
|
|
}
|
|
|
|
# SSLsplit mode tests for HTTP request headers: SSLproxy, Connection, Upgrade, Keep-Alive, Accept-Encoding, Via, X-Forwarded-For, and Referer
|
|
ProxySpec http 127.0.0.1 8190 127.0.0.1 9190
|
|
ProxySpec https 127.0.0.1 8463 127.0.0.1 9463
|
|
|
|
# Tests for Divert filtering rules
|
|
ProxySpec {
|
|
Proto http
|
|
Addr 127.0.0.1
|
|
Port 8191
|
|
DivertPort 8080
|
|
TargetAddr 127.0.0.1
|
|
TargetPort 9191
|
|
Divert no
|
|
Match from ip 127.0.0.1 to ip 127.0.0.1
|
|
Divert from ip 127.0.0.1 to ip 127.0.0.1
|
|
Match from ip 127.0.0.1 to ip 127.0.0.1
|
|
}
|
|
ProxySpec {
|
|
Proto https
|
|
Addr 127.0.0.1
|
|
Port 8192
|
|
DivertPort 8080
|
|
TargetAddr 127.0.0.1
|
|
TargetPort 9192
|
|
Divert no
|
|
Match from ip 127.0.0.1 to ip 127.0.0.1
|
|
Divert from ip 127.0.0.1 to ip 127.0.0.1
|
|
Match from ip 127.0.0.1 to ip 127.0.0.1
|
|
}
|
|
|
|
# Tests for Split filtering rules
|
|
ProxySpec {
|
|
Proto http
|
|
Addr 127.0.0.1
|
|
Port 8193
|
|
DivertPort 8080
|
|
TargetAddr 127.0.0.1
|
|
TargetPort 9193
|
|
Divert yes
|
|
Match from ip 127.0.0.1 to ip 127.0.0.1
|
|
Split from ip 127.0.0.1 to ip 127.0.0.1
|
|
Match from ip 127.0.0.1 to ip 127.0.0.1
|
|
}
|
|
ProxySpec {
|
|
Proto https
|
|
Addr 127.0.0.1
|
|
Port 8194
|
|
DivertPort 8080
|
|
TargetAddr 127.0.0.1
|
|
TargetPort 9194
|
|
Divert yes
|
|
Match from ip 127.0.0.1 to ip 127.0.0.1
|
|
Split from ip 127.0.0.1 to ip 127.0.0.1
|
|
Match from ip 127.0.0.1 to ip 127.0.0.1
|
|
}
|
|
|
|
# Tests for Pass filtering rules
|
|
ProxySpec {
|
|
Proto http
|
|
Addr 127.0.0.1
|
|
Port 8195
|
|
DivertPort 8080
|
|
TargetAddr 127.0.0.1
|
|
TargetPort 9195
|
|
Divert yes
|
|
Match from ip 127.0.0.1 to ip 127.0.0.1
|
|
Pass from ip 127.0.0.1 to ip 127.0.0.1 log connect
|
|
Match from ip 127.0.0.1 to ip 127.0.0.1
|
|
}
|
|
ProxySpec {
|
|
Proto https
|
|
Addr 127.0.0.1
|
|
Port 8196
|
|
DivertPort 8080
|
|
TargetAddr 127.0.0.1
|
|
TargetPort 9196
|
|
Divert yes
|
|
Match from ip 127.0.0.1 to ip 127.0.0.1
|
|
Pass from ip 127.0.0.1 to ip 127.0.0.1 log connect
|
|
Match from ip 127.0.0.1 to ip 127.0.0.1
|
|
}
|
|
|
|
# Tests for Block filtering rules
|
|
ProxySpec {
|
|
Proto http
|
|
Addr 127.0.0.1
|
|
Port 8197
|
|
DivertPort 8080
|
|
TargetAddr 127.0.0.1
|
|
TargetPort 9197
|
|
Divert yes
|
|
Match from ip 127.0.0.1 to ip 127.0.0.1
|
|
Block from ip 127.0.0.1 to ip 127.0.0.1
|
|
Match from ip 127.0.0.1 to ip 127.0.0.1
|
|
}
|
|
ProxySpec {
|
|
Proto https
|
|
Addr 127.0.0.1
|
|
Port 8198
|
|
DivertPort 8080
|
|
TargetAddr 127.0.0.1
|
|
TargetPort 9198
|
|
Divert yes
|
|
Match from ip 127.0.0.1 to ip 127.0.0.1
|
|
Block from ip 127.0.0.1 to ip 127.0.0.1
|
|
Match from ip 127.0.0.1 to ip 127.0.0.1
|
|
}
|