search

sonertari / SSLproxy

Transparent SSL/TLS proxy for decrypting and diverting network traffic to other programs, such as UTM services, for deep SSL inspection
BSD 2-Clause "Simplified" License
377 stars 98 forks source link

Question: what if client port mutable? #23

Open studio501 opened 3 years ago

studio501 commented 3 years ago

hello I am very new to this repo, I would like to know what if the client port is change each time I start the app, how can I suppose to know the exactly port I would like to forward to, is there a wild character use in sslproxy command eg:

sslproxy -e ipfw -k ca.key -c ca.crt ssl 127.0.0.1 808* up:9903

or how can I make the client port static

and yes, I am confused the sslproxy forward should work at the very beginning on client-server handshake or it can work at the middle communicate as well

sslproxy -V

Copyright (c) 2017-2020, Soner Tari sonertari@gmail.com https://github.com/sonertari/SSLproxy Copyright (c) 2009-2019, Daniel Roethlisberger daniel@roe.ch https://www.roe.ch/SSLsplit Build info: V:GIT Features: -DHAVE_DARWIN_LIBPROC NAT engines: - Local process info support: yes (Darwin libproc) compiled against OpenSSL 1.1.1g 21 Apr 2020 (1010107f) rtlinked against OpenSSL 1.1.1g 21 Apr 2020 (1010107f) OpenSSL has support for TLS extensions TLS Server Name Indication (SNI) supported OpenSSL is thread-safe with THREADID OpenSSL has engine support Using SSL_MODE_RELEASE_BUFFERS SSL/TLS protocol availability: tls10 tls11 tls12 tls13 SSL/TLS algorithm availability: !SHA0 RSA DSA ECDSA DH ECDH EC OpenSSL option availability: SSL_OP_NO_COMPRESSION SSL_OP_NO_TICKET SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION SSL_OP_TLS_ROLLBACK_BUG compiled against libevent 2.1.11-stable rtlinked against libevent 2.1.11-stable compiled against libnet 1.2 rtlinked against libnet 1.2 compiled against libpcap n/a rtlinked against libpcap 1.8.1 -- Apple version 79.20.1 compiled against sqlite 3.19.3 rtlinked against sqlite 3.19.3 12 CPU cores detected

sonertari commented 3 years ago

If you want SSLproxy to listen on multiple ports, you should repeat the same proxyspec for each port, e.g.:

sslproxy -e ipfw -k ca.key -c ca.crt ssl 127.0.0.1 8080 up:9903
sslproxy -e ipfw -k ca.key -c ca.crt ssl 127.0.0.1 8081 up:9903
...
sslproxy -e ipfw -k ca.key -c ca.crt ssl 127.0.0.1 8089 up:9903

Sorry, I cannot understand the rest of the question. But I guess the Mode of Operation diagram on the README page could help.

studio501 commented 3 years ago

If you want SSLproxy to listen on multiple ports, you should repeat the same proxyspec for each port, e.g.:

sslproxy -e ipfw -k ca.key -c ca.crt ssl 127.0.0.1 8080 up:9903
sslproxy -e ipfw -k ca.key -c ca.crt ssl 127.0.0.1 8081 up:9903
...
sslproxy -e ipfw -k ca.key -c ca.crt ssl 127.0.0.1 8089 up:9903

Sorry, I cannot understand the rest of the question. But I guess the Mode of Operation diagram on the README page could help.

thank you very much, I'll try that