Rename to sslproxy

Reduce http headers to just one SSLproxy line
7 years ago · ea6dc07248
parent 4bfc85868b
commit ea6dc07248
9 changed files with 57 additions and 106 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,7 +1,7 @@
 /*.o
 /*.dSYM
-/sslsplit
-/sslsplit.test
+/sslproxy
+/sslproxy.test
 /extra/*.pyc
 /extra/pki/dh*.param
 /extra/pki/dsa.pem
--- a/.travis.yml
+++ b/.travis.yml
@ -2,7 +2,7 @@ language: c
 compiler:
  - gcc
  - clang
-script: make && make travis && ./sslsplit -V
+script: make && make travis && ./sslproxy -V
 before_install:
  - sudo apt-get update -qq
  - sudo apt-get install -qq libssl-dev libevent-dev check
--- a/AUTHORS.md
+++ b/AUTHORS.md
@ -25,3 +25,6 @@ See [issue tracker on Github][1], `NEWS.md` and `git log` for details.
 All your contributions are greatly appreciated; without you, SSLsplit would not
 be what it is today.

+SSLproxy is based on SSLsplit, and has been developed by
+[Soner Tari](https://github.com/sonertari).
+
--- a/4
+++ b/4
@ -198,8 +198,8 @@ TAR?=		tar

 ### You should not need to touch anything below this line

-TARGET:=	sslsplit
-PNAME:=		SSLsplit
+TARGET:=	sslproxy
+PNAME:=		SSLproxy
 SRCS:=		$(filter-out $(wildcard *.t.c),$(wildcard *.c))
 HDRS:=		$(wildcard *.h)
 OBJS:=		$(SRCS:.c=.o)
--- a/README.md
+++ b/README.md
@ -1,10 +1,13 @@
 # SSLsplit - transparent SSL/TLS interception [![Build Status](https://travis-ci.org/droe/sslsplit.svg?branch=master)](https://travis-ci.org/droe/sslsplit)
 Copyright (C) 2009-2016, [Daniel Roethlisberger](//daniel.roe.ch/).  
 http://www.roe.ch/SSLsplit
-
+The modifications for SSLproxy are copyrighted to [Soner Tari](https://github.com/sonertari),
+and licensed under the same license as SSLsplit.

 ## Overview

+SSLproxy is based on SSLsplit.
+
 SSLsplit is a tool for man-in-the-middle attacks against SSL/TLS encrypted
 network connections.  It is intended to be useful for network forensics,
 application security analysis and penetration testing.
--- a/extra/sslsplit.sh.in
+++ b/extra/sslsplit.sh.in
@ -1,4 +1,4 @@
 #!/bin/sh
 ulimit -n @@maxfds@@
 export LD_LIBRARY_PATH=@@localbase@@/lib:"$LD_LIBRARY_PATH"
-exec @@prefix@@/bin/sslsplit "$@"
+exec @@prefix@@/bin/sslproxy "$@"
--- a/main.c
+++ b/main.c
@ -85,7 +85,7 @@ main_version(void)
 		fprintf(stderr, "---------------------------------------"
 		                "---------------------------------------\n");
 		fprintf(stderr, "WARNING: Something is wrong with the "
-		                "version compiled into sslsplit!\n");
+		                "version compiled into sslproxy!\n");
 		fprintf(stderr, "The version should contain a release "
 		                "number and/or a git commit reference.\n");
 		fprintf(stderr, "If using a package, please report a bug "
@ -190,11 +190,11 @@ main_usage(void)
 #endif /* HAVE_LOCAL_PROCINFO */
 "              %%%% - literal '%%'\n"
 #ifdef HAVE_LOCAL_PROCINFO
-"      e.g.    \"/var/log/sslsplit/%%X/%%u-%%s-%%d-%%T.log\"\n"
+"      e.g.    \"/var/log/sslproxy/%%X/%%u-%%s-%%d-%%T.log\"\n"
 "  -i          look up local process owning each connection for logging\n"
 #define OPT_i "i"
 #else /* !HAVE_LOCAL_PROCINFO */
-"      e.g.    \"/var/log/sslsplit/%%T-%%s-%%d.log\"\n"
+"      e.g.    \"/var/log/sslproxy/%%T-%%s-%%d.log\"\n"
 #define OPT_i 
 #endif /* HAVE_LOCAL_PROCINFO */
 "  -d          daemon mode: run in background, log error messages to syslog\n"
--- a/pxyconn.c
+++ b/pxyconn.c
@ -110,12 +110,8 @@ typedef struct pxy_conn_lproc_desc {
 #define WANT_CONNECT_LOG(ctx)	((ctx)->opts->connectlog||!(ctx)->opts->detach)
 #define WANT_CONTENT_LOG(ctx)	((ctx)->opts->contentlog&&!(ctx)->passthrough)

-#define SSLPROXY_ADDR_KEY		"SSLproxy-Addr:"
-#define SSLPROXY_ADDR_KEY_LEN	strlen(SSLPROXY_ADDR_KEY)
-#define SSLPROXY_SRCADDR_KEY	"SSLproxy-SrcAddr:"
-#define SSLPROXY_SRCADDR_KEY_LEN	strlen(SSLPROXY_SRCADDR_KEY)
-#define SSLPROXY_DSTADDR_KEY	"SSLproxy-DstAddr:"
-#define SSLPROXY_DSTADDR_KEY_LEN	strlen(SSLPROXY_DSTADDR_KEY)
+#define SSLPROXY_KEY		"SSLproxy:"
+#define SSLPROXY_KEY_LEN	strlen(SSLPROXY_KEY)

 static pxy_conn_ctx_t * MALLOC NONNULL(2,3,4)
 pxy_conn_ctx_new(evutil_socket_t fd,
@ -433,14 +429,8 @@ pxy_conn_ctx_free(pxy_conn_ctx_t *ctx, int by_requestor)
 	if (ctx->sni) {
 		free(ctx->sni);
 	}
-	if (ctx->child_addr_str) {
-		free(ctx->child_addr_str);
-	}
-	if (ctx->src_addr_str) {
-		free(ctx->src_addr_str);
-	}
-	if (ctx->dst_addr_str) {
-		free(ctx->dst_addr_str);
+	if (ctx->header_str) {
+		free(ctx->header_str);
 	}
 	if (ctx->srv_dst_ssl_version) {
 		free(ctx->srv_dst_ssl_version);
@ -1506,9 +1496,7 @@ pxy_http_reqhdr_filter_line(const char *line, pxy_conn_ctx_t *ctx, int child)
 		} else if (!strncasecmp(line, "Accept-Encoding:", 16) ||
 		           !strncasecmp(line, "Keep-Alive:", 11)) {
 			return NULL;
-		} else if (child && (!strncasecmp(line, SSLPROXY_ADDR_KEY, SSLPROXY_ADDR_KEY_LEN) ||
-				   !strncasecmp(line, SSLPROXY_SRCADDR_KEY, SSLPROXY_SRCADDR_KEY_LEN) ||
-				   !strncasecmp(line, SSLPROXY_DSTADDR_KEY, SSLPROXY_DSTADDR_KEY_LEN) ||
+		} else if (child && (!strncasecmp(line, SSLPROXY_KEY, SSLPROXY_KEY_LEN) ||
 				   // @attention flickr keeps redirecting to https with 301 unless we remove the Via line of squid
 				   // Apparently flickr assumes the existence of Via header field or squid keyword a sign of plain http, even if we are using https
 		           !strncasecmp(line, "Via:", 4) ||
@ -1846,7 +1834,7 @@ static void
 pxy_http_reqhdr_filter(struct evbuffer *inbuf, struct evbuffer *outbuf, struct bufferevent *bev, pxy_conn_ctx_t *ctx, pxy_conn_ctx_t *parent, int child)
 {
 	logbuf_t *lb = NULL, *tail = NULL;
-	int inserted_sslproxy_addr = 0;
+	int inserted_header = 0;
 	char *line;
 	while ((line = evbuffer_readln(inbuf, NULL, EVBUFFER_EOL_CRLF))) {
 		char *replace;
@ -1876,12 +1864,10 @@ pxy_http_reqhdr_filter(struct evbuffer *inbuf, struct evbuffer *outbuf, struct b
 		}
 		free(line);

-		if (!child && !inserted_sslproxy_addr) {
-			inserted_sslproxy_addr = 1;
-			log_dbg_level_printf(LOG_DBG_MODE_FINEST, ">>>>> pxy_http_reqhdr_filter: src INSERT sslproxy_addr line, fd=%d: %s\n", ctx->fd, ctx->child_addr_str);
-			evbuffer_add_printf(outbuf, "%s\r\n", ctx->child_addr_str);
-			log_dbg_level_printf(LOG_DBG_MODE_FINEST, ">>>>> pxy_http_reqhdr_filter: src INSERT sslproxy_srcaddr line, fd=%d: %s\n", ctx->fd, ctx->src_addr_str);
-			evbuffer_add_printf(outbuf, "%s\r\n", ctx->src_addr_str);
+		if (!child && !inserted_header) {
+			inserted_header = 1;
+			log_dbg_level_printf(LOG_DBG_MODE_FINEST, ">>>>> pxy_http_reqhdr_filter: src INSERT header_str line, fd=%d: %s\n", ctx->fd, ctx->header_str);
+			evbuffer_add_printf(outbuf, "%s\r\n", ctx->header_str);
 		}

 		if (ctx->seen_req_header) {
@ -2113,14 +2099,12 @@ pxy_bev_readcb(struct bufferevent *bev, void *arg)
 				goto leave;
 			}
 		} else {
-			log_dbg_level_printf(LOG_DBG_MODE_FINER, ">>>>>,,,,,,,,,,,,,,,,,,,,,,, pxy_bev_readcb: custom_field= %s\n", ctx->child_addr_str);
+			log_dbg_level_printf(LOG_DBG_MODE_FINER, ">>>>>,,,,,,,,,,,,,,,,,,,,,,, pxy_bev_readcb: SSLproxy header= %s\n", ctx->header_str);

-			size_t child_addr_len = strlen(ctx->child_addr_str);
-			size_t src_addr_len = strlen(ctx->src_addr_str);
-			size_t dst_addr_len = strlen(ctx->dst_addr_str);
+			size_t header_len = strlen(ctx->header_str);
 			size_t packet_size = evbuffer_get_length(inbuf);
 			// +2 is for \r\n
-			char *packet = malloc(packet_size + child_addr_len + 2 + src_addr_len + 2 + dst_addr_len + 2);
+			char *packet = malloc(packet_size + header_len + 2);
 			if (!packet) {
 				// @todo Should we just set enomem?
 				ctx->enomem = 1;
@ -2144,26 +2128,21 @@ pxy_bev_readcb(struct bufferevent *bev, void *arg)
 			// And we are dealing pop3 and smtp also, not just http.

 			// @attention Cannot use string manipulation functions; we are dealing with binary arrays here, not NULL-terminated strings
-			if (!ctx->sent_addr_info) {
+			if (!ctx->sent_header) {
 				if (ctx->spec->mail) {
-					memmove(packet + child_addr_len + 2 + src_addr_len + 2 + dst_addr_len + 2, packet, packet_size);
-					memcpy(packet, ctx->child_addr_str, child_addr_len);
-					memcpy(packet + child_addr_len, "\r\n", 2);
-					memcpy(packet + child_addr_len + 2, ctx->src_addr_str, src_addr_len);
-					memcpy(packet + child_addr_len + 2 + src_addr_len, "\r\n", 2);
-					memcpy(packet + child_addr_len + 2 + src_addr_len + 2, ctx->dst_addr_str, src_addr_len);
-					memcpy(packet + child_addr_len + 2 + src_addr_len + 2 + dst_addr_len, "\r\n", 2);
-					packet_size+= child_addr_len + 2 + src_addr_len + 2 + dst_addr_len + 2;
-					ctx->sent_addr_info = 1;
+					memmove(packet + header_len + 2, packet, packet_size);
+					memcpy(packet, ctx->header_str, header_len);
+					memcpy(packet + header_len, "\r\n", 2);
+					packet_size+= header_len + 2;
+					ctx->sent_header = 1;
 				} else {
 					char *pos = memmem(packet, packet_size, "\r\n", 2);
 					if (pos) {
-						memmove(pos + 2 + child_addr_len + 2 + src_addr_len, pos, packet_size - (pos - packet));
-						memcpy(pos + 2, ctx->child_addr_str, child_addr_len);
-						memcpy(pos + 2 + child_addr_len, "\r\n", 2);
-						memcpy(pos + 2 + child_addr_len + 2, ctx->src_addr_str, src_addr_len);
-						packet_size+= child_addr_len + 2 + src_addr_len + 2;
-						ctx->sent_addr_info = 1;
+						memmove(pos + 2 + header_len, pos, packet_size - (pos - packet));
+						memcpy(pos + 2, ctx->header_str, header_len);
+						memcpy(pos + 2 + header_len, "\r\n", 2);
+						packet_size+= header_len + 2;
+						ctx->sent_header = 1;
 					} else {
 						log_dbg_level_printf(LOG_DBG_MODE_FINEST, ">>>>>,,,,,,,,,,,,,,,,,,,,,,, pxy_bev_readcb: No CRLF in packet\n");
 					}
@ -2298,30 +2277,12 @@ pxy_bev_readcb_child(struct bufferevent *bev, void *arg)
 				log_err_printf("ERROR: evbuffer_remove cannot drain the buffer\n");
 			}

-			size_t child_addr_len = strlen(parent->child_addr_str);
-			char *pos = memmem(packet, packet_size, parent->child_addr_str, child_addr_len);
-			if (pos) {
-				memmove(pos, pos + child_addr_len + 2, packet_size - (pos - packet) - (child_addr_len + 2));
-				packet_size-= child_addr_len + 2;
-				log_dbg_level_printf(LOG_DBG_MODE_FINEST, ">>>>>....................... pxy_bev_readcb_child: <<<<<<<<<<<<<<<<<<<<<<<<<<<<< REMOVED SSLproxy-Addr\n");
-			}
-
-			// @todo Combine src_addr removal with child_addr removal?
-			size_t src_addr_len = strlen(parent->src_addr_str);
-			pos = memmem(packet, packet_size, parent->src_addr_str, src_addr_len);
-			if (pos) {
-				memmove(pos, pos + src_addr_len + 2, packet_size - (pos - packet) - (src_addr_len + 2));
-				packet_size-= src_addr_len + 2;
-				log_dbg_level_printf(LOG_DBG_MODE_FINEST, ">>>>>....................... pxy_bev_readcb_child: <<<<<<<<<<<<<<<<<<<<<<<<<<<<< REMOVED SSLproxy-SrcAddr\n");
-			}
-
-			// @todo Combine dst_addr removal with src_addr removal?
-			size_t dst_addr_len = strlen(parent->dst_addr_str);
-			pos = memmem(packet, packet_size, parent->dst_addr_str, dst_addr_len);
+			size_t header_len = strlen(parent->header_str);
+			char *pos = memmem(packet, packet_size, parent->header_str, header_len);
 			if (pos) {
-				memmove(pos, pos + dst_addr_len + 2, packet_size - (pos - packet) - (dst_addr_len + 2));
-				packet_size-= dst_addr_len + 2;
-				log_dbg_level_printf(LOG_DBG_MODE_FINEST, ">>>>>....................... pxy_bev_readcb_child: <<<<<<<<<<<<<<<<<<<<<<<<<<<<< REMOVED SSLproxy-DstAddr\n");
+				memmove(pos, pos + header_len + 2, packet_size - (pos - packet) - (header_len + 2));
+				packet_size-= header_len + 2;
+				log_dbg_level_printf(LOG_DBG_MODE_FINEST, ">>>>>....................... pxy_bev_readcb_child: <<<<<<<<<<<<<<<<<<<<<<<<<<<<< REMOVED SSLproxy header\n");
 			}

 			if (evbuffer_add(outbuf, packet, packet_size) < 0) {
@ -2743,35 +2704,21 @@ pxy_connected_enable(struct bufferevent *bev, pxy_conn_ctx_t *ctx, char *event_n
 			return 0;
 		}

+		// SSLproxy: [127.0.0.1]:34649,[192.168.3.24]:47286,[74.125.206.108]:465,s
 		// @todo Port may be less than 5 chars
-		int addr_len = SSLPROXY_ADDR_KEY_LEN + 1 + strlen(addr) + 5 + 3 + 1;
+		// SSLproxy:        +   + [ + addr         + ] + : + p + , + [ + srchost_str              + ] + : + srcport_str              + , + [ + dsthost_str              + ] + : + dstport_str              + , + s + NULL
+		// SSLPROXY_KEY_LEN + 1 + 1 + strlen(addr) + 1 + 1 + 5 + 1 + 1 + strlen(ctx->srchost_str) + 1 + 1 + strlen(ctx->srcport_str) + 1 + 1 + strlen(ctx->dsthost_str) + 1 + 1 + strlen(ctx->dstport_str) + 1 + 1 + 1
+		int header_len = SSLPROXY_KEY_LEN + strlen(addr) + strlen(ctx->srchost_str) + strlen(ctx->srcport_str) + strlen(ctx->dsthost_str) + strlen(ctx->dstport_str) + 20;
 		// @todo Always check malloc retvals. Should we close the conn if malloc fails?
-		ctx->child_addr_str = malloc(addr_len);
-		if (!ctx->child_addr_str) {
-			pxy_conn_free(ctx, 1);
-			return 0;
-		}
-		snprintf(ctx->child_addr_str, addr_len, "%s [%s]:%u", SSLPROXY_ADDR_KEY, addr, ntohs(child_listener_addr.sin_port));
-
-		// SSLproxy-SrcAddr: [192.168.3.23]:49260,s
-		int src_addr_len = SSLPROXY_SRCADDR_KEY_LEN + 2 + strlen(ctx->srchost_str) + 2 + strlen(ctx->srcport_str) + 1 + 1 + 1;
-		ctx->src_addr_str = malloc(src_addr_len);
-		if (!ctx->src_addr_str) {
-			pxy_conn_free(ctx, 1);
-			return 0;
-		}
-		snprintf(ctx->src_addr_str, src_addr_len, "%s [%s]:%s,%s", SSLPROXY_SRCADDR_KEY, ctx->srchost_str, ctx->srcport_str, ctx->spec->ssl ? "s":"p");
-
-		// SSLproxy-DstAddr: [192.168.3.23]:49260,s
-		int dst_addr_len = SSLPROXY_DSTADDR_KEY_LEN + 2 + strlen(ctx->dsthost_str) + 2 + strlen(ctx->dstport_str) + 1 + 1 + 1;
-		ctx->dst_addr_str = malloc(dst_addr_len);
-		if (!ctx->dst_addr_str) {
+		ctx->header_str = malloc(header_len);
+		if (!ctx->header_str) {
 			pxy_conn_free(ctx, 1);
 			return 0;
 		}
-		snprintf(ctx->dst_addr_str, dst_addr_len, "%s [%s]:%s,%s", SSLPROXY_DSTADDR_KEY, ctx->dsthost_str, ctx->dstport_str, ctx->spec->ssl ? "s":"p");
+		snprintf(ctx->header_str, header_len, "%s [%s]:%u,[%s]:%s,[%s]:%s,%s",
+				SSLPROXY_KEY, addr, ntohs(child_listener_addr.sin_port), ctx->srchost_str, ctx->srcport_str, ctx->dsthost_str, ctx->dstport_str, ctx->spec->ssl ? "s":"p");

-		log_dbg_level_printf(LOG_DBG_MODE_FINER, ">>>>>=================================== pxy_connected_enable: ENABLE src, child_addr= %s, fd=%d, child_fd=%d\n", ctx->child_addr_str, fd, ctx->child_fd);
+		log_dbg_level_printf(LOG_DBG_MODE_FINER, ">>>>>=================================== pxy_connected_enable: ENABLE src, SSLproxy header= %s, fd=%d, child_fd=%d\n", ctx->header_str, fd, ctx->child_fd);

 		// Now open the gates
 		bufferevent_enable(ctx->src.bev, EV_READ|EV_WRITE);
--- a/pxyconn.h
+++ b/pxyconn.h
@ -142,11 +142,9 @@ struct pxy_conn_ctx {
 	// Fd of the listener event for the children
 	evutil_socket_t child_fd;
 	struct evconnlistener *child_evcl;
-	// SSL proxy return address: The IP:port address the children are listening to
-	char *child_addr_str;
-	char *src_addr_str;
-	char *dst_addr_str;
-	int sent_addr_info;
+	// SSL proxy return address: The IP:port address the children are listening to, orig client addr, and orig target addr
+	char *header_str;
+	int sent_header;

 	// Child list of the conn
 	pxy_conn_child_ctx_t *children;