SNI - DNS can't run

[SciLor]

I will get following error message, when I try using sni.

sslsplit -D -l connections.log -j /tmp/sslsplit/ -S /tmp/sslsplit/logdir/ -c /tmp/sslsplit/ca.crt -k /tmp/sslsplit/ca.key -W /tmp/sslsplit/gendir/ -P https 0.0.0.0 8443 sni 443
... (See logfile)
Active events:
[warn] Unable to seed random number generator; DNS can't run.
Failed to create dnsbase 0
Failed to start thread manager
Received privsep req type 00 sz 1 on srvsock 12
Received privsep req type 00 sz 1 on srvsock 14
Received privsep req type 00 sz 1 on srvsock 18
Child pid 83769 exited with status 1

Version: 0.5.5-1+b1

System: Linux kali 5.3.0-kali2-amd64 #1 SMP Debian 5.3.9-3kali1 (2019-11-20) x86_64 GNU/Linux

IPTables: sysctl -w net.ipv4.ip_forward=1iptables -t nat -F iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-ports 8443

error.sslsplit.log

[sonertari]

We call evdns_base_new(), which calls evutil_secure_rng_init(), which in turn calls arc4random(). arc4random() is the function that fails with the warning "Unable to seed random number generator; DNS can't run." in the logs you have. I can't tell why it fails on your system, but not on Kali 2019.3 I have here.

[xymostech]

Not sure if this was your problem, @SciLor, but I was having the exact same problem. For me I discovered that arc4random() was trying to read from /dev/urandom, but since I was chrooted and I hadn't included /dev/urandom in my chroot, this was failing. My solution was to stop chrooting (i.e. remove the -j option), but presumably you could include /dev/urandom in the chroot directory to solve this as well.

Hopefully that's helpful for someone, sslsplit has been very useful to me.