From ea6dc07248cb209673810984da670f8b26e15d3b Mon Sep 17 00:00:00 2001 From: Soner Tari Date: Fri, 11 Aug 2017 15:01:51 +0300 Subject: [PATCH] Rename to sslproxy Reduce http headers to just one SSLproxy line --- .gitignore | 4 +- .travis.yml | 2 +- AUTHORS.md | 3 + GNUmakefile | 4 +- README.md | 5 +- extra/sslsplit.sh.in | 2 +- main.c | 6 +- pxyconn.c | 129 +++++++++++++------------------------------ pxyconn.h | 8 +-- 9 files changed, 57 insertions(+), 106 deletions(-) diff --git a/.gitignore b/.gitignore index 44c3373..1e563e7 100644 --- a/.gitignore +++ b/.gitignore @@ -1,7 +1,7 @@ /*.o /*.dSYM -/sslsplit -/sslsplit.test +/sslproxy +/sslproxy.test /extra/*.pyc /extra/pki/dh*.param /extra/pki/dsa.pem diff --git a/.travis.yml b/.travis.yml index ef5bbca..fd533c3 100644 --- a/.travis.yml +++ b/.travis.yml @@ -2,7 +2,7 @@ language: c compiler: - gcc - clang -script: make && make travis && ./sslsplit -V +script: make && make travis && ./sslproxy -V before_install: - sudo apt-get update -qq - sudo apt-get install -qq libssl-dev libevent-dev check diff --git a/AUTHORS.md b/AUTHORS.md index 096cc70..294dac8 100644 --- a/AUTHORS.md +++ b/AUTHORS.md @@ -25,3 +25,6 @@ See [issue tracker on Github][1], `NEWS.md` and `git log` for details. All your contributions are greatly appreciated; without you, SSLsplit would not be what it is today. +SSLproxy is based on SSLsplit, and has been developed by +[Soner Tari](https://github.com/sonertari). + diff --git a/GNUmakefile b/GNUmakefile index 196f1b3..a07c58f 100644 --- a/GNUmakefile +++ b/GNUmakefile @@ -198,8 +198,8 @@ TAR?= tar ### You should not need to touch anything below this line -TARGET:= sslsplit -PNAME:= SSLsplit +TARGET:= sslproxy +PNAME:= SSLproxy SRCS:= $(filter-out $(wildcard *.t.c),$(wildcard *.c)) HDRS:= $(wildcard *.h) OBJS:= $(SRCS:.c=.o) diff --git a/README.md b/README.md index 5a30f85..239534b 100644 --- a/README.md +++ b/README.md @@ -1,10 +1,13 @@ # SSLsplit - transparent SSL/TLS interception [![Build Status](https://travis-ci.org/droe/sslsplit.svg?branch=master)](https://travis-ci.org/droe/sslsplit) Copyright (C) 2009-2016, [Daniel Roethlisberger](//daniel.roe.ch/). http://www.roe.ch/SSLsplit - +The modifications for SSLproxy are copyrighted to [Soner Tari](https://github.com/sonertari), +and licensed under the same license as SSLsplit. ## Overview +SSLproxy is based on SSLsplit. + SSLsplit is a tool for man-in-the-middle attacks against SSL/TLS encrypted network connections. It is intended to be useful for network forensics, application security analysis and penetration testing. diff --git a/extra/sslsplit.sh.in b/extra/sslsplit.sh.in index 9bc5028..e7b0fa9 100644 --- a/extra/sslsplit.sh.in +++ b/extra/sslsplit.sh.in @@ -1,4 +1,4 @@ #!/bin/sh ulimit -n @@maxfds@@ export LD_LIBRARY_PATH=@@localbase@@/lib:"$LD_LIBRARY_PATH" -exec @@prefix@@/bin/sslsplit "$@" +exec @@prefix@@/bin/sslproxy "$@" diff --git a/main.c b/main.c index 16eb3d6..672cbf3 100644 --- a/main.c +++ b/main.c @@ -85,7 +85,7 @@ main_version(void) fprintf(stderr, "---------------------------------------" "---------------------------------------\n"); fprintf(stderr, "WARNING: Something is wrong with the " - "version compiled into sslsplit!\n"); + "version compiled into sslproxy!\n"); fprintf(stderr, "The version should contain a release " "number and/or a git commit reference.\n"); fprintf(stderr, "If using a package, please report a bug " @@ -190,11 +190,11 @@ main_usage(void) #endif /* HAVE_LOCAL_PROCINFO */ " %%%% - literal '%%'\n" #ifdef HAVE_LOCAL_PROCINFO -" e.g. \"/var/log/sslsplit/%%X/%%u-%%s-%%d-%%T.log\"\n" +" e.g. \"/var/log/sslproxy/%%X/%%u-%%s-%%d-%%T.log\"\n" " -i look up local process owning each connection for logging\n" #define OPT_i "i" #else /* !HAVE_LOCAL_PROCINFO */ -" e.g. \"/var/log/sslsplit/%%T-%%s-%%d.log\"\n" +" e.g. \"/var/log/sslproxy/%%T-%%s-%%d.log\"\n" #define OPT_i #endif /* HAVE_LOCAL_PROCINFO */ " -d daemon mode: run in background, log error messages to syslog\n" diff --git a/pxyconn.c b/pxyconn.c index 404bf44..09ffef0 100644 --- a/pxyconn.c +++ b/pxyconn.c @@ -110,12 +110,8 @@ typedef struct pxy_conn_lproc_desc { #define WANT_CONNECT_LOG(ctx) ((ctx)->opts->connectlog||!(ctx)->opts->detach) #define WANT_CONTENT_LOG(ctx) ((ctx)->opts->contentlog&&!(ctx)->passthrough) -#define SSLPROXY_ADDR_KEY "SSLproxy-Addr:" -#define SSLPROXY_ADDR_KEY_LEN strlen(SSLPROXY_ADDR_KEY) -#define SSLPROXY_SRCADDR_KEY "SSLproxy-SrcAddr:" -#define SSLPROXY_SRCADDR_KEY_LEN strlen(SSLPROXY_SRCADDR_KEY) -#define SSLPROXY_DSTADDR_KEY "SSLproxy-DstAddr:" -#define SSLPROXY_DSTADDR_KEY_LEN strlen(SSLPROXY_DSTADDR_KEY) +#define SSLPROXY_KEY "SSLproxy:" +#define SSLPROXY_KEY_LEN strlen(SSLPROXY_KEY) static pxy_conn_ctx_t * MALLOC NONNULL(2,3,4) pxy_conn_ctx_new(evutil_socket_t fd, @@ -433,14 +429,8 @@ pxy_conn_ctx_free(pxy_conn_ctx_t *ctx, int by_requestor) if (ctx->sni) { free(ctx->sni); } - if (ctx->child_addr_str) { - free(ctx->child_addr_str); - } - if (ctx->src_addr_str) { - free(ctx->src_addr_str); - } - if (ctx->dst_addr_str) { - free(ctx->dst_addr_str); + if (ctx->header_str) { + free(ctx->header_str); } if (ctx->srv_dst_ssl_version) { free(ctx->srv_dst_ssl_version); @@ -1506,9 +1496,7 @@ pxy_http_reqhdr_filter_line(const char *line, pxy_conn_ctx_t *ctx, int child) } else if (!strncasecmp(line, "Accept-Encoding:", 16) || !strncasecmp(line, "Keep-Alive:", 11)) { return NULL; - } else if (child && (!strncasecmp(line, SSLPROXY_ADDR_KEY, SSLPROXY_ADDR_KEY_LEN) || - !strncasecmp(line, SSLPROXY_SRCADDR_KEY, SSLPROXY_SRCADDR_KEY_LEN) || - !strncasecmp(line, SSLPROXY_DSTADDR_KEY, SSLPROXY_DSTADDR_KEY_LEN) || + } else if (child && (!strncasecmp(line, SSLPROXY_KEY, SSLPROXY_KEY_LEN) || // @attention flickr keeps redirecting to https with 301 unless we remove the Via line of squid // Apparently flickr assumes the existence of Via header field or squid keyword a sign of plain http, even if we are using https !strncasecmp(line, "Via:", 4) || @@ -1846,7 +1834,7 @@ static void pxy_http_reqhdr_filter(struct evbuffer *inbuf, struct evbuffer *outbuf, struct bufferevent *bev, pxy_conn_ctx_t *ctx, pxy_conn_ctx_t *parent, int child) { logbuf_t *lb = NULL, *tail = NULL; - int inserted_sslproxy_addr = 0; + int inserted_header = 0; char *line; while ((line = evbuffer_readln(inbuf, NULL, EVBUFFER_EOL_CRLF))) { char *replace; @@ -1876,12 +1864,10 @@ pxy_http_reqhdr_filter(struct evbuffer *inbuf, struct evbuffer *outbuf, struct b } free(line); - if (!child && !inserted_sslproxy_addr) { - inserted_sslproxy_addr = 1; - log_dbg_level_printf(LOG_DBG_MODE_FINEST, ">>>>> pxy_http_reqhdr_filter: src INSERT sslproxy_addr line, fd=%d: %s\n", ctx->fd, ctx->child_addr_str); - evbuffer_add_printf(outbuf, "%s\r\n", ctx->child_addr_str); - log_dbg_level_printf(LOG_DBG_MODE_FINEST, ">>>>> pxy_http_reqhdr_filter: src INSERT sslproxy_srcaddr line, fd=%d: %s\n", ctx->fd, ctx->src_addr_str); - evbuffer_add_printf(outbuf, "%s\r\n", ctx->src_addr_str); + if (!child && !inserted_header) { + inserted_header = 1; + log_dbg_level_printf(LOG_DBG_MODE_FINEST, ">>>>> pxy_http_reqhdr_filter: src INSERT header_str line, fd=%d: %s\n", ctx->fd, ctx->header_str); + evbuffer_add_printf(outbuf, "%s\r\n", ctx->header_str); } if (ctx->seen_req_header) { @@ -2113,14 +2099,12 @@ pxy_bev_readcb(struct bufferevent *bev, void *arg) goto leave; } } else { - log_dbg_level_printf(LOG_DBG_MODE_FINER, ">>>>>,,,,,,,,,,,,,,,,,,,,,,, pxy_bev_readcb: custom_field= %s\n", ctx->child_addr_str); + log_dbg_level_printf(LOG_DBG_MODE_FINER, ">>>>>,,,,,,,,,,,,,,,,,,,,,,, pxy_bev_readcb: SSLproxy header= %s\n", ctx->header_str); - size_t child_addr_len = strlen(ctx->child_addr_str); - size_t src_addr_len = strlen(ctx->src_addr_str); - size_t dst_addr_len = strlen(ctx->dst_addr_str); + size_t header_len = strlen(ctx->header_str); size_t packet_size = evbuffer_get_length(inbuf); // +2 is for \r\n - char *packet = malloc(packet_size + child_addr_len + 2 + src_addr_len + 2 + dst_addr_len + 2); + char *packet = malloc(packet_size + header_len + 2); if (!packet) { // @todo Should we just set enomem? ctx->enomem = 1; @@ -2144,26 +2128,21 @@ pxy_bev_readcb(struct bufferevent *bev, void *arg) // And we are dealing pop3 and smtp also, not just http. // @attention Cannot use string manipulation functions; we are dealing with binary arrays here, not NULL-terminated strings - if (!ctx->sent_addr_info) { + if (!ctx->sent_header) { if (ctx->spec->mail) { - memmove(packet + child_addr_len + 2 + src_addr_len + 2 + dst_addr_len + 2, packet, packet_size); - memcpy(packet, ctx->child_addr_str, child_addr_len); - memcpy(packet + child_addr_len, "\r\n", 2); - memcpy(packet + child_addr_len + 2, ctx->src_addr_str, src_addr_len); - memcpy(packet + child_addr_len + 2 + src_addr_len, "\r\n", 2); - memcpy(packet + child_addr_len + 2 + src_addr_len + 2, ctx->dst_addr_str, src_addr_len); - memcpy(packet + child_addr_len + 2 + src_addr_len + 2 + dst_addr_len, "\r\n", 2); - packet_size+= child_addr_len + 2 + src_addr_len + 2 + dst_addr_len + 2; - ctx->sent_addr_info = 1; + memmove(packet + header_len + 2, packet, packet_size); + memcpy(packet, ctx->header_str, header_len); + memcpy(packet + header_len, "\r\n", 2); + packet_size+= header_len + 2; + ctx->sent_header = 1; } else { char *pos = memmem(packet, packet_size, "\r\n", 2); if (pos) { - memmove(pos + 2 + child_addr_len + 2 + src_addr_len, pos, packet_size - (pos - packet)); - memcpy(pos + 2, ctx->child_addr_str, child_addr_len); - memcpy(pos + 2 + child_addr_len, "\r\n", 2); - memcpy(pos + 2 + child_addr_len + 2, ctx->src_addr_str, src_addr_len); - packet_size+= child_addr_len + 2 + src_addr_len + 2; - ctx->sent_addr_info = 1; + memmove(pos + 2 + header_len, pos, packet_size - (pos - packet)); + memcpy(pos + 2, ctx->header_str, header_len); + memcpy(pos + 2 + header_len, "\r\n", 2); + packet_size+= header_len + 2; + ctx->sent_header = 1; } else { log_dbg_level_printf(LOG_DBG_MODE_FINEST, ">>>>>,,,,,,,,,,,,,,,,,,,,,,, pxy_bev_readcb: No CRLF in packet\n"); } @@ -2298,30 +2277,12 @@ pxy_bev_readcb_child(struct bufferevent *bev, void *arg) log_err_printf("ERROR: evbuffer_remove cannot drain the buffer\n"); } - size_t child_addr_len = strlen(parent->child_addr_str); - char *pos = memmem(packet, packet_size, parent->child_addr_str, child_addr_len); - if (pos) { - memmove(pos, pos + child_addr_len + 2, packet_size - (pos - packet) - (child_addr_len + 2)); - packet_size-= child_addr_len + 2; - log_dbg_level_printf(LOG_DBG_MODE_FINEST, ">>>>>....................... pxy_bev_readcb_child: <<<<<<<<<<<<<<<<<<<<<<<<<<<<< REMOVED SSLproxy-Addr\n"); - } - - // @todo Combine src_addr removal with child_addr removal? - size_t src_addr_len = strlen(parent->src_addr_str); - pos = memmem(packet, packet_size, parent->src_addr_str, src_addr_len); - if (pos) { - memmove(pos, pos + src_addr_len + 2, packet_size - (pos - packet) - (src_addr_len + 2)); - packet_size-= src_addr_len + 2; - log_dbg_level_printf(LOG_DBG_MODE_FINEST, ">>>>>....................... pxy_bev_readcb_child: <<<<<<<<<<<<<<<<<<<<<<<<<<<<< REMOVED SSLproxy-SrcAddr\n"); - } - - // @todo Combine dst_addr removal with src_addr removal? - size_t dst_addr_len = strlen(parent->dst_addr_str); - pos = memmem(packet, packet_size, parent->dst_addr_str, dst_addr_len); + size_t header_len = strlen(parent->header_str); + char *pos = memmem(packet, packet_size, parent->header_str, header_len); if (pos) { - memmove(pos, pos + dst_addr_len + 2, packet_size - (pos - packet) - (dst_addr_len + 2)); - packet_size-= dst_addr_len + 2; - log_dbg_level_printf(LOG_DBG_MODE_FINEST, ">>>>>....................... pxy_bev_readcb_child: <<<<<<<<<<<<<<<<<<<<<<<<<<<<< REMOVED SSLproxy-DstAddr\n"); + memmove(pos, pos + header_len + 2, packet_size - (pos - packet) - (header_len + 2)); + packet_size-= header_len + 2; + log_dbg_level_printf(LOG_DBG_MODE_FINEST, ">>>>>....................... pxy_bev_readcb_child: <<<<<<<<<<<<<<<<<<<<<<<<<<<<< REMOVED SSLproxy header\n"); } if (evbuffer_add(outbuf, packet, packet_size) < 0) { @@ -2743,35 +2704,21 @@ pxy_connected_enable(struct bufferevent *bev, pxy_conn_ctx_t *ctx, char *event_n return 0; } + // SSLproxy: [127.0.0.1]:34649,[192.168.3.24]:47286,[74.125.206.108]:465,s // @todo Port may be less than 5 chars - int addr_len = SSLPROXY_ADDR_KEY_LEN + 1 + strlen(addr) + 5 + 3 + 1; + // SSLproxy: + + [ + addr + ] + : + p + , + [ + srchost_str + ] + : + srcport_str + , + [ + dsthost_str + ] + : + dstport_str + , + s + NULL + // SSLPROXY_KEY_LEN + 1 + 1 + strlen(addr) + 1 + 1 + 5 + 1 + 1 + strlen(ctx->srchost_str) + 1 + 1 + strlen(ctx->srcport_str) + 1 + 1 + strlen(ctx->dsthost_str) + 1 + 1 + strlen(ctx->dstport_str) + 1 + 1 + 1 + int header_len = SSLPROXY_KEY_LEN + strlen(addr) + strlen(ctx->srchost_str) + strlen(ctx->srcport_str) + strlen(ctx->dsthost_str) + strlen(ctx->dstport_str) + 20; // @todo Always check malloc retvals. Should we close the conn if malloc fails? - ctx->child_addr_str = malloc(addr_len); - if (!ctx->child_addr_str) { - pxy_conn_free(ctx, 1); - return 0; - } - snprintf(ctx->child_addr_str, addr_len, "%s [%s]:%u", SSLPROXY_ADDR_KEY, addr, ntohs(child_listener_addr.sin_port)); - - // SSLproxy-SrcAddr: [192.168.3.23]:49260,s - int src_addr_len = SSLPROXY_SRCADDR_KEY_LEN + 2 + strlen(ctx->srchost_str) + 2 + strlen(ctx->srcport_str) + 1 + 1 + 1; - ctx->src_addr_str = malloc(src_addr_len); - if (!ctx->src_addr_str) { - pxy_conn_free(ctx, 1); - return 0; - } - snprintf(ctx->src_addr_str, src_addr_len, "%s [%s]:%s,%s", SSLPROXY_SRCADDR_KEY, ctx->srchost_str, ctx->srcport_str, ctx->spec->ssl ? "s":"p"); - - // SSLproxy-DstAddr: [192.168.3.23]:49260,s - int dst_addr_len = SSLPROXY_DSTADDR_KEY_LEN + 2 + strlen(ctx->dsthost_str) + 2 + strlen(ctx->dstport_str) + 1 + 1 + 1; - ctx->dst_addr_str = malloc(dst_addr_len); - if (!ctx->dst_addr_str) { + ctx->header_str = malloc(header_len); + if (!ctx->header_str) { pxy_conn_free(ctx, 1); return 0; } - snprintf(ctx->dst_addr_str, dst_addr_len, "%s [%s]:%s,%s", SSLPROXY_DSTADDR_KEY, ctx->dsthost_str, ctx->dstport_str, ctx->spec->ssl ? "s":"p"); + snprintf(ctx->header_str, header_len, "%s [%s]:%u,[%s]:%s,[%s]:%s,%s", + SSLPROXY_KEY, addr, ntohs(child_listener_addr.sin_port), ctx->srchost_str, ctx->srcport_str, ctx->dsthost_str, ctx->dstport_str, ctx->spec->ssl ? "s":"p"); - log_dbg_level_printf(LOG_DBG_MODE_FINER, ">>>>>=================================== pxy_connected_enable: ENABLE src, child_addr= %s, fd=%d, child_fd=%d\n", ctx->child_addr_str, fd, ctx->child_fd); + log_dbg_level_printf(LOG_DBG_MODE_FINER, ">>>>>=================================== pxy_connected_enable: ENABLE src, SSLproxy header= %s, fd=%d, child_fd=%d\n", ctx->header_str, fd, ctx->child_fd); // Now open the gates bufferevent_enable(ctx->src.bev, EV_READ|EV_WRITE); diff --git a/pxyconn.h b/pxyconn.h index 6097b8e..a6371bb 100644 --- a/pxyconn.h +++ b/pxyconn.h @@ -142,11 +142,9 @@ struct pxy_conn_ctx { // Fd of the listener event for the children evutil_socket_t child_fd; struct evconnlistener *child_evcl; - // SSL proxy return address: The IP:port address the children are listening to - char *child_addr_str; - char *src_addr_str; - char *dst_addr_str; - int sent_addr_info; + // SSL proxy return address: The IP:port address the children are listening to, orig client addr, and orig target addr + char *header_str; + int sent_header; // Child list of the conn pxy_conn_child_ctx_t *children;