Closed Leonschmitt closed 3 years ago
It's a bug, content logging with tcp is broken.
I have investigated TCP connections with content logging enabled. Content logging needs to be initialized before writing any content, obviously. This initialization is done in the connect event handler. But in TCP connections the read callback for src fires before the connect event callback for dst does. In brief, we are trying to write content before init.
Since TCP is not encrypted, I don't use content logging for it, hence never noticed this issue. This bug should exist in sslproxy too. But, content logging for encrypted connections should work fine in sslproxy.
I will fix it asap. But until then I suggest that you use tcpdump or a similar program to listen on port 1212 in your setup.
The SSLproxy line is the second line in HTTP connections, right after, say, the GET line for ebay.com in your tests.
Thanks for reporting.
Thank you very much for your quick reply. I have one more question in this context Did I understand it correctly that I need to recover the Http packets from the TCP packets which are sent to my self-written LP (via sockets) to get the SSLproxy line with the dynamically generated port. In order to send the packets back to the proxy in the next step?
Can you try the develop branch now? Content logging in lp must be fixed now, except that it is initialized before dst info is ready, so the filenames with -S and -F options will be missing dst addresses. I should probably make lp behave similarly to sslproxy.
Btw, content logging in sslproxy is fine, because sslproxy does not enable readcb until after connect eventcb.
Yes, your LP will receive decrypted HTTP (TCP) packets, which will have an SSLproxy line in the first packet, which in turn will contain the dynamically assigned IP address as the first address in it, so you can return the first and subsequent packets to sslproxy listening on that address.
I have just tested the development branch. The content logging of the lp is now fixed in the development branch. Thanks for answering my questions that will help me a lot. Now I just need to write a program that reassembles the TCP packets into Http packets to get the dynamic generated port.
Great, so I am closing this issue, thanks again for reporting.
Hello, I am very new to this repo. I am a student and I want to use it for a university project, so I started trying things out.
First I wanted to know how to get the dynamic port or where to find the dynamically generated port to send the packets back to the proxy. So I used the lp program (test/testproxy). But whenever I tried to use the program with a logdir, I got the error "Child proc 22407 killed by signal 11". When I start the program without the "-S logdir" option, the program works. I don't know if this is a bug or if I am doing something wrong. Mabye the issue is more like a question
I generated .cer file and imported ca.crt to my client firefox browser
Run lp: Programm with
sudo lp -J -S logdir 127.0.0.1 1212
btw im in the directory and the logdir exist i tried it also with the option -L same result
After i run the SSLProxy with this Input and tried to Get www.ebay.com
sudo sslproxy -D -k test.key -c test.crt -l connect.log -J -S logdir -Y pcaplogdir https 192.168.0.168 8443 up:1212
The Output of the lp programm shows immediatly:
Child proc 22407 killed by signal 11
As i mentioned above if i run the lp without the option logdir it works
This is the Output of the SSLProxy 👍
**sudo sslproxy -D -k test.key -c test.crt -l connect.log -J -S logdir -Y pcaplogdir https 192.168.0.168 8443 up:1212**
All this leads me to another question. Where exactly is the dynamically created port located within a package. I know the documentation says it is inserted in the first packet, but looking at the logs and pcaplog, I can't find the information about the port in the first TCP packet. I only see the port information in the HTTP packets but i dont know how to find them within the TCP Packets. Please can you specify where to find the ports within the tcp packets send to the LP. So that I can program a LP that sends me the packets back the proxy for my purpose
I hope you can help me in this matter.
Best regards