SSLproxy

Commit Graph

Author	SHA1	Message	Date
Daniel Roethlisberger	73324dcd7b	Update NEWS.md	8 years ago
Daniel Roethlisberger	2bcfaf4b44	Re-enable EV_READ if disabled and outbuf empty The event buffer write handler failes to re-enable the corresponding read event of the opposite connection if the buffer is not only down to less than half the limit, but completely emptied. In that case, the read event would never be re-enabled and the connection would stall and time out. Issue: #109 Patch by: Eun Soo Park	9 years ago
Daniel Roethlisberger	02ab680b34	Add log to PCAP conversion script Add contributed python script for parsing the output of sslsplit -L from a log file or named pipe and converting the log entries to an emulated PCAP format. Information not contained in the log, such as sequence numbers, IP IDs etc is emulated and does not correspond to the original packets on the network. Issue: #27 Contributed by: Maciej Kotowicz	9 years ago
Daniel Roethlisberger	0e2b748bba	Only init DNS when DNS is required by proxy specs Only initialize evdns if DNS lookups are actually required by the loaded proxy specifications. This allows sslsplit to work in non-DNS modes in situations where the local DNS resolver does not work, such as for local use on a system without network connectivity. Currently, only SNI based proxy specs require DNS. On systems without network connectivity, DNS subsystem init may fail due to /etc/resolv.conf being (temporarily) unavailable. Issue: #104	9 years ago
Daniel Roethlisberger	d0d3ca9d21	Update docs and -V for LibreSSL and BoringSSL	9 years ago
Daniel Roethlisberger	a084aa62ec	Update NEWS.md	9 years ago
Daniel Roethlisberger	3f39f589f2	Warn on OpenSSL version mismatch in debug mode Issue: #88	9 years ago
Daniel Roethlisberger	b765cb7e0f	Update NEWS.md for #92	9 years ago
Daniel Roethlisberger	7badc2fc13	Move all test RSA keys from 1024 bit to 2048 bit Issue: #83	9 years ago
Daniel Roethlisberger	7ae02fa6d0	Merge branch 'master' into develop after 0.4.11	9 years ago
Daniel Roethlisberger	22b4d3c108	SSLsplit 0.4.11 maintenance release	9 years ago
Daniel Roethlisberger	317cd8190f	Reorder major bug fixes	9 years ago
Daniel Roethlisberger	c8e9f231bd	Fix loading of certificate chains with OpenSSL 1.0.2 SSLsplit was directly accessing `extra_certs` within `SSL_CTX` to get to the extra certificates chain. When building on OpenSSL 1.0.2 or newer, use the new API instead of directly accessing `extra_certs`. Issue: #79	9 years ago
Daniel Roethlisberger	568b5a681c	Update documentation for new -F formats	9 years ago
Daniel Roethlisberger	01d10b192a	IPv6 addrs in filenames use underscore not colon Use underscore instead of colon for all IPv6 addresses in generated filenames in order to generate NTFS clean filenames. Issue: #69	9 years ago
Daniel Roethlisberger	914360eb5e	Separate host and port into separate strings Store host and port in separate strings internally and get rid of the [host]:port representation where separate host and port would be cleaner. This includes the following user-visible changes: - Generated filenames that contain host and port, such as by -S and -F %d and %s, now use a host,port format instead of [host]:port. - Connect log now uses separate fields for host and port. Issue: #69 #74 Reported by: Adam Jacob Muller	9 years ago
Daniel Roethlisberger	a027fb68cd	Fix loading of certificate chains with OpenSSL 1.0.2 SSLsplit was directly accessing `extra_certs` within `SSL_CTX` to get to the extra certificates chain. When building on OpenSSL 1.0.2 or newer, use the new API instead of directly accessing `extra_certs`. Issue: #79	9 years ago
Daniel Roethlisberger	91da4674e5	Update copyright, license and tagline - Update copyright to 2015 - Remove the non-standard "unmodified" from the 2-clause BSD license - Remove scalable from the tagline to avoid misinterpretations	9 years ago
Daniel Roethlisberger	3662eeae50	Update documentation	10 years ago
Daniel Roethlisberger	7f378251e8	Update documentation	10 years ago
Daniel Roethlisberger	b8213e756d	Merge branch 'feature/privsep' into develop Conflicts: NEWS.md main.c sslsplit.1	10 years ago
Daniel Roethlisberger	61cd0fb541	SSLsplit 0.4.10 release	10 years ago
Daniel Roethlisberger	008821cfca	Update NEWS.md	10 years ago
Daniel Roethlisberger	f076336e0b	Don't allow -u on Mac OS X with pf proxyspecs Apple checks EUID==0 on ioctl(/dev/pf), whereas OpenBSD and FreeBSD only check permissions on open(/dev/pf). This means that on OS X, it is not possible to open /dev/pf, drop privileges, and send an ioctl to the file descriptor opened earlier with EUID==0. It also means Apple broke the Unix way of dealing with device nodes - why are there file permissions on /dev/pf when they later enforce EUID==0 on use, thereby breaking basic Unix mechanisms? Work around this by disallowing -u with pf proxyspecs and by not automatically dropping to nobody on Mac OS X. Issue: #65 Reported by: Vladimir Marteev	10 years ago
Daniel Roethlisberger	43c0f57eec	Update NEWS.md for feature/privsep	10 years ago
Daniel Roethlisberger	125163a003	Add local process lookup on FreeBSD using sysctl() API	10 years ago
Daniel Roethlisberger	c35e40a597	Update NEWS.md for OpenSSL 0.9.8y bug workaround	10 years ago
Daniel Roethlisberger	6cc01ec32b	Update NEWS.md for -i	10 years ago
Daniel Roethlisberger	f656bcabb7	Update NEWS.md	10 years ago
Daniel Roethlisberger	c8ba26f60d	Update documentation after merging #56	10 years ago
Daniel Roethlisberger	6b0e47dc89	Allow more control over used SSL/TLS versions Add -r to force a specific SSL/TLS protocol version. Add -R to disable one or several SSL/TLS protocol versions. Replace WANT_SSLV2_CLIENT and WANT_SSLV2_SERVER to WITH_SSLV2. Issue: #30 Reported by: @Apollo2342	10 years ago
Daniel Roethlisberger	67ed768fec	Migrate documentation to markdown Issue: #33	10 years ago

1 2

82 Commits (master)