Closed stb1 closed 10 years ago
Looks like you produced an endless loop in your netfilter config. You need to fix your netfilter config so that it does not redirect connections from sslsplit
to the original destinations. Ways to do that include to limit the redirection rules to the incoming traffic interface, another to limit it to a certain range of source IPs as in the manual page, or to explicitly exclude connections originating on localhost. Which strategy works for you depends on your specific use case.
Not a bug, closing issue.
I don't even have setup iptables rules yet I still get this error.
I was doing a tcp connect test from localhost to sslsplit - maybe that was normal behaviour?
You need to redirect packets to sslsplit (sslsplit is not like a network proxy). The relevant paragraph in sslsplit(1) man page is: https://github.com/droe/sslsplit/blob/e17de8454a65d2b9ba432856971405dfcf1e7522/sslsplit.1.in#L108 So if you haven't configured iptables yet, that seems like a normal behavior.
Hello,
i´ve tried several Options: sudo sslsplit -D -l connections.log -j /tmp/sslsplit/ -S logdir/ -k ca.key -c ca.crt ssl 0.0.0.0 8443 tcp 0.0.0.0 8080 and also the minimized Version: sudo sslsplit -D -k ca.key -c ca.crt -P https 0.0.0.0 8443
After Setting up my iptables, and try to connect to a SSL Site i read These Messages:
"kali@ip-X-X-X-X:~$ sudo sslsplit -D -k ca.key -c ca.crt -P https 0.0.0.0 8443 Generated RSA key for leaf certs. SSLsplit 0.4.6 (built 2013-06-06) Copyright (c) 2009-2013, Daniel Roethlisberger daniel@roe.ch http://www.roe.ch/SSLsplit Features: -DDISABLE_SSLV2_SESSION_CACHE -DHAVE_NETFILTER NAT engines: netfilter* tproxy netfilter: IP_TRANSPARENT SOL_IPV6 !IPV6_ORIGINAL_DST compiled against OpenSSL 1.0.1e 11 Feb 2013 (1000105f) rtlinked against OpenSSL 1.0.1e 11 Feb 2013 (1000105f) TLS Server Name Indication (SNI) supported OpenSSL is thread-safe with THREADID Using direct access workaround when loading certs SSL/TLS algorithm availability: RSA DSA ECDSA DH ECDH EC OpenSSL option availability: SSL_OP_NO_COMPRESSION SSL_OP_NO_TICKET SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION SSL_OP_TLS_ROLLBACK_BUG compiled against libevent 2.0.19-stable rtlinked against libevent 2.0.19-stable 1 CPU cores detected proxyspecs:
My IPTables: kali@ip-X-X-X-X:~$ sudo iptables -t nat -L Chain PREROUTING (policy ACCEPT) target prot opt source destination REDIRECT tcp -- anywhere anywhere tcp dpt:http redir ports 8080 REDIRECT tcp -- anywhere anywhere tcp dpt:https redir ports 8443
Chain INPUT (policy ACCEPT) target prot opt source destination
Chain OUTPUT (policy ACCEPT) target prot opt source destination
Chain POSTROUTING (policy ACCEPT) target prot opt source Destination
net.ipv4.ip_forward = 1
Version: Amazon EC2 Kali (1.0.6), and virtual installed on local Virtualbox from 1.0.6 CD Image
Thanks in advance