search

sonertari / SSLproxy

Transparent SSL/TLS proxy for decrypting and diverting network traffic to other programs, such as UTM services, for deep SSL inspection
BSD 2-Clause "Simplified" License
385 stars 100 forks source link

SSLProxy seems to not Response when i write the first packet back #31

Closed Lo0815 closed 3 years ago

Lo0815 commented 3 years ago

Hi i don't now if it is a bug or maybe i do something wrong but i want to write my own listening programm for my projekt so i looked for a nio library in my preferred language (java). I choose the netty library for this purpose so i start to write the lp. But when i send the first recieved Packet back to the SslProxy nothing happes.

The lp 

public class Proxy {

    static final int PORT = Integer.parseInt(System.getProperty("port", "1222"));

    public static void main(String[] args) throws Exception {
        EventLoopGroup bossGroup = new NioEventLoopGroup(4);
        EventLoopGroup workerGroup = new NioEventLoopGroup(10);
        try {
            ServerBootstrap b = new ServerBootstrap();
            b.group(bossGroup, workerGroup)
                    .channel(NioServerSocketChannel.class)
                    .handler(new LoggingHandler(LogLevel.INFO))
                    .childHandler(new ChannelInitializer<SocketChannel>() {
                        @Override
                        protected void initChannel(SocketChannel socketChannel) throws Exception {
                            socketChannel.pipeline().addLast(new MyProxyOutgoingChannelHandler());
                        }
                    });
            b.bind(PORT).sync().channel().closeFuture().sync();
        } finally {
            bossGroup.shutdownGracefully();
            workerGroup.shutdownGracefully();
        }
    }
public class MyProxyOutgoingChannelHandler extends ChannelInboundHandlerAdapter {

    private  Bootstrap b = new Bootstrap();
    private Channel channel;
    private int port;

    public MyProxyOutgoingChannelHandler() {
    }

    @Override
    public void channelActive(ChannelHandlerContext ctx) {
        this.channel = ctx.channel();

    }
    @Override
    public void channelRead(ChannelHandlerContext ctx, Object msg) {

        ByteBuf in = (ByteBuf) msg;
        System.out.println("Server received: " + in.toString(StandardCharsets.UTF_8));

        port = parseHeader.digest(in.copy());

        while (port != 0 && in != null) {

       new ProxyRemoteconn(port ,in);

            in = null

        }
    }
    @Override
    public void channelInactive(ChannelHandlerContext ctx) {
        // flushAndClose(clientChannel);
    }

    @Override
    public void exceptionCaught(ChannelHandlerContext ctx, Throwable e) {
        e.printStackTrace();
        ctx.close();
    }
public class ProxyRemoteconn  {

    private int port;

    public ProxyRemoteconn (int port, ByteBuf in){

        Bootstrap b = new Bootstrap();
        EventLoopGroup workerGroup = new NioEventLoopGroup(6);

        b.group(new NioEventLoopGroup(6))
                .channel(NioSocketChannel.class)
                .handler(new ProxyChannelInitializer(in));
        System.out.println("port : " + port);
     ChannelFuture future = b.connect("127.0.0.1", port).addListener(new ChannelFutureListener() { // For testing
         @Override
         public void operationComplete(ChannelFuture future) throws Exception {
             if (future.isSuccess()) {

                 System.out.println(future.channel().remoteAddress());
                 future.channel().writeAndFlush(in);
                 //
                 //
             } else {

             }
         }
     });

    }

}

I received the first Packets from google.com this is the output of my own written lp

Server received: GET /search?q=www.google.com&oq=www.&aqs=chrome.4.69i60j69i57j0i271l3j69i60.30345j0j4&sourceid=chrome&ie=UTF-8 HTTP/1.1
SSLproxy: [127.0.0.1]:37257,[10.42.0.144]:33584,[172.217.22.196]:443,s
Host: www.google.com
Connection: close
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Google Chrome";v="92"
sec-ch-ua-mobile: ?0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
X-Client-Data: CIS2yQEIorbJAQipncoBCNCgygEIkLnKAQj29soBCIyeywEIoKDLAQjc8ssBCO/yywEIkPTLAQjO9ssBCLT4ywEInvnLAQjK+csBCPH5ywEI8vnLAQiv+ssBCO/6ywEIwvvLAQi//MsBGLryywEYkPXLAQ==
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate, br
Accept-Language: de-DE,de;q=0.9,en-US;q=0.8,en;q=0.7
Cookie: NID=220=M43-6f-Ygzw_Krqc6MR874yTnpTJYBESg3dVE2iMB0t5WzRl7dGqMnlnWDOkPSgoFUGTMQw8W93SOA8C0KpLFvoExeihhDGM7fmm1tj2iZwCBTbnxGHlQ_nnXW9CKv8Cc23TaJVQF_H33mtB1CTgdD8FBa8v6BV4i54izBXF07c

SSLproxy: [127.0.0.1]:37257,[10.42.0.144]:33584,[172.217.22.196]:443,s //the SSlproxyline

port : 37257 // the dynamic port
/127.0.0.1:37257 // the information that my lp has connected to the specific address

But when i send the this Package back to the sslproxy nothing happens i would expected that the proxy sends the next package to the lp

sudo sslproxy -D -k test.key -c test.crt -l connect.log -J -S logdir -Y pcaplogdir https 10.42.0.1 8443 up:1222

This is the Output of the SSLProxy 

| Warning: -F requires a privileged operation for each connection!
| Warning: -Y requires a privileged operation for each connection!
| Privileged operations require communication between parent and child process
| and will negatively impact latency and performance on each connection.
SSLproxy v0.8.3-3-g1bb5bd2 (built 2021-07-21)
Copyright (c) 2017-2021, Soner Tari <sonertari@gmail.com>
https://github.com/sonertari/SSLproxy
Copyright (c) 2009-2019, Daniel Roethlisberger <daniel@roe.ch>
https://www.roe.ch/SSLsplit
Build info: V:GIT
Features: -DHAVE_NETFILTER
NAT engines: netfilter* tproxy
netfilter: IP_TRANSPARENT IP6T_SO_ORIGINAL_DST
Local process info support: no
compiled against OpenSSL 1.1.1f  31 Mar 2020 (1010106f)
rtlinked against OpenSSL 1.1.1f  31 Mar 2020 (1010106f)
OpenSSL has support for TLS extensions
TLS Server Name Indication (SNI) supported
OpenSSL is thread-safe with THREADID
OpenSSL has engine support
Using SSL_MODE_RELEASE_BUFFERS
SSL/TLS protocol availability: tls10 tls11 tls12 tls13 
SSL/TLS algorithm availability: !SHA0 RSA DSA ECDSA DH ECDH EC
OpenSSL option availability: SSL_OP_NO_COMPRESSION SSL_OP_NO_TICKET SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION SSL_OP_TLS_ROLLBACK_BUG
compiled against libevent 2.1.11-stable
rtlinked against libevent 2.1.11-stable
compiled against libnet 1.1.6
rtlinked against libnet 1.1.6
compiled against libpcap n/a
rtlinked against libpcap 1.9.1 (with TPACKET_V3)
compiled against sqlite 3.31.1
rtlinked against sqlite 3.31.1
8 CPU cores detected
Generated 2048 bit RSA key for leaf certs.
Global SSL/TLS protocol: negotiate>=tls10<=tls13
proxyspecs:
- listen=[10.42.0.1]:8443 ssl|http netfilter
parent dst addr= [127.0.0.1]:1222
child src addr= [127.0.0.1]:0
opts=|ALL:-aNULL|TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256|no ecdhcurve|no leafcrlurl|remove_http_referer|verify_peer|no user_auth_url|300|||8192
SSL/TLS protocol: negotiate>=tls10<=tls13
Loaded CA: '/C=AUT/ST=Austria/L=Innsbruck/O=Uni/OU=test/CN=testl/emailAddress=test@test.de'
Loaded ProxySpec CA: '/C=AUT/ST=Austria/L=Innsbruck/O=Uni/OU=test/CN=test/emailAddress=test@test.de'
SSL/TLS leaf certificates taken from:
- Global generated on the fly
Privsep fastpath disabled
Created self-pipe [r=4,w=5]
Created chld-pipe [r=6,w=7]
Created socketpair 0 [p=8,c=9]
Created socketpair 1 [p=10,c=11]
Created socketpair 2 [p=12,c=13]
Created socketpair 3 [p=14,c=15]
Created socketpair 4 [p=16,c=17]
Created socketpair 5 [p=18,c=19]
Privsep parent pid 75462
Privsep child pid 75463
Using libevent backend 'epoll'
Event base supports: edge yes, O(1) yes, anyfd no
Received privsep req type 03 sz 9 on srvsock 8
Dropped privs to user nobody group - chroot -
Received privsep req type 00 sz 1 on srvsock 10
Inserted events:
  0x56446db50c48 [fd  5] Read Persist Internal
  0x56446db50e20 [fd  7] Read Persist Internal
  0x56446db51298 [fd  8] Read Persist
  0x56446db505d0 [sig 1] Signal Persist
  0x56446db4e290 [sig 2] Signal Persist
  0x56446db50b00 [sig 3] Signal Persist
  0x56446db509e0 [sig 10] Signal Persist
  0x56446db502e0 [sig 13] Signal Persist
  0x56446db4eb00 [sig 15] Signal Persist
  0x56446db51640 [fd  -1] Persist Timeout=1628256931.013076
Active events:
Received privsep req type 00 sz 1 on srvsock 18
Initialized 16 connection handling threads
Started 16 connection handling threads
Starting main event loop.
SNI peek: [www.google.com] [complete], fd=77
Connecting to [172.217.22.196]:443
===> Original server certificate:
Subject DN: /CN=www.google.com
Common Names: www.google.com/www.google.com
Fingerprint: 66:79:6D:0D:51:06:CE:D0:7B:1608:4E:C8:DA:53:6D:D7:C0:D0:10
Certificate cache: MISS
===> Forged server certificate:
Subject DN: /CN=www.google.com
Common Names: www.google.com/www.google.com
Fingerprint: 7A:1C:24:50:B6:19:CE:85:19:8E26:B9:56:7A:12:1D:03:7D:7A:19
HTTPS connected to [172.217.22.196]:443 TLSv1.3 TLS_AES_256_GCM_SHA384
CLIENT_RANDOM 4883C9BC65DFF9D60CDDE7D3D809C398F3689463BB9F2B0065931F28BE6EAD88 D0BE0058F67F00004033B66D44560000605E0058F67F000010000000000000008000000000000000E0A7B56D44560000
Received privsep req type 01 sz 96 on srvsock 14
Certificate cache: KEEP (SNI match or target mode)
Received privsep req type 01 sz 101 on srvsock 16
Certificate cache: KEEP (SNI match or target mode)
HTTPS connected to [172.217.22.196]:443 TLSv1.3 TLS_AES_128_GCM_SHA256
CLIENT_RANDOM 80FCC6321C100D30B721222BAABCF0AFA1184C939F9094E30B9A273D126A2348 D4B23F518ECC83C5A55BFAE8D193F8430070B58FBCE4AE8F439BE8ABF106729F0200000000000000D0BE0058F67F0000
Child connecting to [172.217.22.196]:443
SSL_free() in state 00000001 = 0001 = SSLOK  (SSL negotiation finished successfully) [connect socket]
Child HTTPS disconnected to [172.217.22.196]:443, child fd=83, fd=77
Child HTTPS disconnected from [10.42.0.144]:33584, child fd=83, fd=77
STATS: thr=0, mld=2, mfd=83, mat=8, mct=8, iib=1108, iob=0, eib=76327, eob=1175

Can you tell what is going wrong here ?

sonertari commented 3 years ago

Can you start sslproxy with -D4 instead of just -D? I assume that you have already compiled sslproxy with DEBUG_PROXY enabled. I couldn't look into your Java code, so perhaps verbose logs with -D4 can help.

Btw, note that sslproxy keeps sending packets to the lp, if there are any packets sent from the client, without waiting for returned packets from the lp to the dynamically assigned port. So, I don't know what your Java code is doing, but it should keep listening on port 1222 and the dynamically assigned port, 37257 in your example.

Note also that your lp should give the packets it receives from sslproxy on the dynamically assigned port back to sslproxy port it received the packets from the client side. In brief, this is a two way communication, packets are going in both directions at anytime. (For example, you should keep open the port on which you have received the first packet from sslproxy with the SSLproxy line, so you can use it to send the packets in the reverse direction. If you close it after receiving the first packet, sslproxy will terminate the connection, i.e. everything. I think that's what's going on in your case.)

Lo0815 commented 3 years ago

Thank you very much for your quick reply.

This is the output

sudo sslproxy -D4 -k test.key -c test.crt -l connect.log -J -S logdir -Y pcaplogdir https 10.42.0.1 8443 up:1222
| Warning: -F requires a privileged operation for each connection!
| Warning: -Y requires a privileged operation for each connection!
| Privileged operations require communication between parent and child process
| and will negatively impact latency and performance on each connection.
SSLproxy v0.8.3-3-g1bb5bd2 (built 2021-07-21)
Copyright (c) 2017-2021, Soner Tari <sonertari@gmail.com>
https://github.com/sonertari/SSLproxy
Copyright (c) 2009-2019, Daniel Roethlisberger <daniel@roe.ch>
https://www.roe.ch/SSLsplit
Build info: V:GIT
Features: -DHAVE_NETFILTER
NAT engines: netfilter* tproxy
netfilter: IP_TRANSPARENT IP6T_SO_ORIGINAL_DST
Local process info support: no
compiled against OpenSSL 1.1.1f  31 Mar 2020 (1010106f)
rtlinked against OpenSSL 1.1.1f  31 Mar 2020 (1010106f)
OpenSSL has support for TLS extensions
TLS Server Name Indication (SNI) supported
OpenSSL is thread-safe with THREADID
OpenSSL has engine support
Using SSL_MODE_RELEASE_BUFFERS
SSL/TLS protocol availability: tls10 tls11 tls12 tls13 
SSL/TLS algorithm availability: !SHA0 RSA DSA ECDSA DH ECDH EC
OpenSSL option availability: SSL_OP_NO_COMPRESSION SSL_OP_NO_TICKET SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION SSL_OP_TLS_ROLLBACK_BUG
compiled against libevent 2.1.11-stable
rtlinked against libevent 2.1.11-stable
compiled against libnet 1.1.6
rtlinked against libnet 1.1.6
compiled against libpcap n/a
rtlinked against libpcap 1.9.1 (with TPACKET_V3)
compiled against sqlite 3.31.1
rtlinked against sqlite 3.31.1
8 CPU cores detected
Generated 2048 bit RSA key for leaf certs.
Global SSL/TLS protocol: negotiate>=tls10<=tls13
proxyspecs:
- listen=[10.42.0.1]:8443 ssl|http netfilter
parent dst addr= [127.0.0.1]:1222
child src addr= [127.0.0.1]:0
opts=|ALL:-aNULL|TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256|no ecdhcurve|no leafcrlurl|remove_http_referer|verify_peer|no user_auth_url|300|||8192
SSL/TLS protocol: negotiate>=tls10<=tls13
Loaded CA: '/C=AUT/ST=Austria/L=Innsbruck/O=Uni/OU=test/CN=testl/emailAddress=test@test.de'
Loaded ProxySpec CA: '/C=AUT/ST=Austria/L=Innsbruck/O=Uni/OU=test/CN=test/emailAddress=test@test.de'
SSL/TLS leaf certificates taken from:
- Global generated on the fly
Privsep fastpath disabled
Created self-pipe [r=4,w=5]
Created chld-pipe [r=6,w=7]
Created socketpair 0 [p=8,c=9]
Created socketpair 1 [p=10,c=11]
Created socketpair 2 [p=12,c=13]
Created socketpair 3 [p=14,c=15]
Created socketpair 4 [p=16,c=17]
Created socketpair 5 [p=18,c=19]
Privsep parent pid 3422
Privsep child pid 3423
Using libevent backend 'epoll'
Event base supports: edge yes, O(1) yes, anyfd no
Received privsep req type 03 sz 9 on srvsock 8
Dropped privs to user nobody group - chroot -
Received privsep req type 00 sz 1 on srvsock 10
Inserted events:
  0x55f3c77b3d68 [fd  5] Read Persist Internal
  0x55f3c77b3f40 [fd  7] Read Persist Internal
  0x55f3c77b4358 [fd  8] Read Persist
  0x55f3c77b35d0 [sig 1] Signal Persist
  0x55f3c77b1290 [sig 2] Signal Persist
  0x55f3c77b3cb0 [sig 3] Signal Persist
  0x55f3c77b3a10 [sig 10] Signal Persist
  0x55f3c77b3c20 [sig 13] Signal Persist
  0x55f3c77b1b00 [sig 15] Signal Persist
  0x55f3c77b4700 [fd  -1] Persist Timeout=1628348418.683410
Received privsep req type 00 sz 1 on srvsock 18
Active events:
Initialized 16 connection handling threads
Started 16 connection handling threads
Starting main event loop.
SNI peek: [www.google.com] [complete], fd=77
Connecting to [172.217.23.100]:443
SNI peek: [fonts.gstatic.com] [complete], fd=79
Connecting to [142.251.37.3]:443
===> Original server certificate:
Subject DN: /CN=www.google.com
Common Names: www.google.com/www.google.com
Fingerprint: F8:AC:5B:8F:1A:EE:5D:6B:5E:BCFC:68:93:41:16:36:29:F6:62:36
Certificate cache: MISS
===> Forged server certificate:
Subject DN: /CN=www.google.com
Common Names: www.google.com/www.google.com
Fingerprint: B4:34:FA:34:3C:9A:F3:42:20:AA33:8B:F9:62:42:BC:4B:13:99:B9
HTTPS connected to [172.217.23.100]:443 TLSv1.3 TLS_AES_256_GCM_SHA384
CLIENT_RANDOM 672F1EFB0E7CBDFB9972FFB3085863CED7ADB2DB06C78C6CA96D699A6FC3FBF1 D0BE0004777F000060637CC7F3550000605E0004777F00001000000000000000800000000000000060D87BC7F3550000
Received privsep req type 01 sz 101 on srvsock 16
Certificate cache: KEEP (SNI match or target mode)
Received privsep req type 01 sz 96 on srvsock 14
Certificate cache: KEEP (SNI match or target mode)
===> Original server certificate:
Subject DN: /CN=*.gstatic.com
Common Names: *.gstatic.com/*.gstatic.com/gstatic.com/*.metric.gstatic.com/kn.dev/*.kn.dev
Fingerprint: 22:5B:E9:C3:4A:BC:BC:89:6F:8C48:F4:E1:D7:53:1D:D5:FC:A3:46
Certificate cache: MISS
===> Forged server certificate:
Subject DN: /CN=*.gstatic.com
Common Names: *.gstatic.com/*.gstatic.com/gstatic.com/*.metric.gstatic.com/kn.dev/*.kn.dev
Fingerprint: 7F:45:C0:E6:CB:73:25:DC:0E:2EC9:21:E9:7F:F5:C3:DD:D8:85:8D
HTTPS connected to [142.251.37.3]:443 TLSv1.3 TLS_AES_256_GCM_SHA384
CLIENT_RANDOM D62402AE169BEFD13D1AC542D3614D6AD8B94A87C9BBA4EEA7E5C535A5897C7F D0BD00FC767F0000806B7CC7F3550000405E00FC767F00001000000000000000800000000000000070DD7BC7F3550000
Certificate cache: KEEP (SNI match or target mode)
Received privsep req type 01 sz 94 on srvsock 14
Received privsep req type 01 sz 99 on srvsock 16
Certificate cache: KEEP (SNI match or target mode)
HTTPS connected to [172.217.23.100]:443 TLSv1.3 TLS_AES_128_GCM_SHA256
CLIENT_RANDOM 39CA9E05B2F647EB03A65EFA12F1E9EB1FFFBB75901BE829726F0AE08E4FAE40 4C610D931ABE49DE6247535637C07F9B7512C5C12C3425AF49EE0109B11DF4840200000000000000D0BE0004777F0000
HTTPS connected to [142.251.37.3]:443 TLSv1.3 TLS_AES_128_GCM_SHA256
CLIENT_RANDOM A507B605324BC0F61B6F04356B732B145C99C38F698E744249E63F86D5CEE0BA 8658BA6976709CBE03610CA68C84C0C2D236AC4DC2FB58C7A3CE4EF383044B0C0200000000000000D0BD00FC767F0000
Child connecting to [172.217.23.100]:443
SSL_free() in state 00000001 = 0001 = SSLOK  (SSL negotiation finished successfully) [connect socket]
Child HTTPS disconnected to [172.217.23.100]:443, child fd=89, fd=77
Child HTTPS disconnected from [10.42.0.144]:53362, child fd=89, fd=77
Received signal 13
Received SIGPIPE; ignoring.
^CReceived signal 2
Main event loop stopped (reason=2).

I have also adjusted the output with logs of my Java lp 


[id: 0xaec6ce88] REGISTERED
- [id: 0xaec6ce88] BIND: 0.0.0.0/0.0.0.0:1212
- [id: 0xaec6ce88, L:/0:0:0:0:0:0:0:0:1212] ACTIVE
[id: 0xaec6ce88, L:/0:0:0:0:0:0:0:0:1212] READ: [id: 0xc0785338, L:/127.0.0.1:1212 - R:/127.0.0.1:42262]
 [id: 0xaec6ce88, L:/0:0:0:0:0:0:0:0:1212] READ COMPLETE
[id: 0xaec6ce88, L:/0:0:0:0:0:0:0:0:1212] READ: [id: 0x9a149822, L:/127.0.0.1:1212 - R:/127.0.0.1:42264]
 [id: 0xaec6ce88, L:/0:0:0:0:0:0:0:0:1212] READ COMPLETE

Server on 1212 received: 

GET /search?q=www.google.com&oq=www.&aqs=chrome.4.69i60j69i57j0i271l3j69i60.30345j0j4&sourceid=chrome&ie=UTF-8 HTTP/1.1
SSLproxy: [127.0.0.1]:41631,[10.42.0.144]:53362,[172.217.23.100]:443,s
Host: www.google.com
Connection: close
Cache-Control: max-age=0
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Google Chrome";v="92"
sec-ch-ua-mobile: ?0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
X-Client-Data: CIS2yQEIorbJAQipncoBCNCgygEIkLnKAQj29soBCIyeywEIoKDLAQjc8ssBCO/yywEIkPTLAQjO9ssBCLT4ywEInvnLAQjK+csBCPH5ywEI8vnLAQiv+ssBCO/6ywEIwvvLAQi//MsBGLryywEYkPXLAQ==
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate, br
Accept-Language: de-DE,de;q=0.9,en-US;q=0.8,en;q=0.7
Cookie: CONSENT=PENDING+725; NID=220=b1c2ob8yANJ1GbzZZKuJ-tPl7_SnG7WBA6SH09HqTp1xuJMqElevpqQ878iuBdUh0cxalWqEp4XO4j2mjqAnYwHPaAXUAPDUqpH23UY1RXlrxpVHAKVrY5n4zOnKvmcTRs6JA_2LcrIdZClVlIcz6dDx4uJct_tDNdD56WTnFSo

SSLproxy: [127.0.0.1]:41631,[10.42.0.144]:53362,[172.217.23.100]:443,s

port : 41631

Connected to Address of the dynamic assigned port of SSLproxy /127.0.0.1:41631

- [id: 0x91bbbb11] REGISTERED
- [id: 0x91bbbb11] CONNECT: /127.0.0.1:41631

id: 0x91bbbb11, L:/127.0.0.1:39186 - R:/127.0.0.1:41631] ACTIVE

[id: 0x91bbbb11, L:/127.0.0.1:39186 - R:/127.0.0.1:41631] WRITE: 1222B
         +-------------------------------------------------+
         |  0  1  2  3  4  5  6  7  8  9  a  b  c  d  e  f |
+--------+-------------------------------------------------+----------------+
|00000000| 47 45 54 20 2f 73 65 61 72 63 68 3f 71 3d 77 77 |GET /search?q=ww|
|00000010| 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 26 6f 71 3d |w.google.com&oq=|
|00000020| 77 77 77 2e 26 61 71 73 3d 63 68 72 6f 6d 65 2e |www.&aqs=chrome.|
|00000030| 34 2e 36 39 69 36 30 6a 36 39 69 35 37 6a 30 69 |4.69i60j69i57j0i|
|00000040| 32 37 31 6c 33 6a 36 39 69 36 30 2e 33 30 33 34 |271l3j69i60.3034|
|00000050| 35 6a 30 6a 34 26 73 6f 75 72 63 65 69 64 3d 63 |5j0j4&sourceid=c|
|00000060| 68 72 6f 6d 65 26 69 65 3d 55 54 46 2d 38 20 48 |hrome&ie=UTF-8 H|
|00000070| 54 54 50 2f 31 2e 31 0d 0a 53 53 4c 70 72 6f 78 |TTP/1.1..SSLprox|
|00000080| 79 3a 20 5b 31 32 37 2e 30 2e 30 2e 31 5d 3a 34 |y: [127.0.0.1]:4|
|00000090| 31 36 33 31 2c 5b 31 30 2e 34 32 2e 30 2e 31 34 |1631,[10.42.0.14|
|000000a0| 34 5d 3a 35 33 33 36 32 2c 5b 31 37 32 2e 32 31 |4]:53362,[172.21|
|000000b0| 37 2e 32 33 2e 31 30 30 5d 3a 34 34 33 2c 73 0d |7.23.100]:443,s.|
|000000c0| 0a 48 6f 73 74 3a 20 77 77 77 2e 67 6f 6f 67 6c |.Host: www.googl|
|000000d0| 65 2e 63 6f 6d 0d 0a 43 6f 6e 6e 65 63 74 69 6f |e.com..Connectio|
|000000e0| 6e 3a 20 63 6c 6f 73 65 0d 0a 43 61 63 68 65 2d |n: close..Cache-|
|000000f0| 43 6f 6e 74 72 6f 6c 3a 20 6d 61 78 2d 61 67 65 |Control: max-age|
|00000100| 3d 30 0d 0a 73 65 63 2d 63 68 2d 75 61 3a 20 22 |=0..sec-ch-ua: "|
|00000110| 43 68 72 6f 6d 69 75 6d 22 3b 76 3d 22 39 32 22 |Chromium";v="92"|
|:::::::::

[id: 0x91bbbb11, L:/127.0.0.1:39186 - R:/127.0.0.1:41631] FLUSH
 [id: 0x91bbbb11, L:/127.0.0.1:39186 - R:/127.0.0.1:41631] READ: 2048B
         +-------------------------------------------------+
         |  0  1  2  3  4  5  6  7  8  9  a  b  c  d  e  f |
+--------+-------------------------------------------------+----------------+
|00000000| 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d |HTTP/1.1 200 OK.|
|00000010| 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 |.Content-Type: t|
|00000020| 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 |ext/html; charse|
|00000030| 74 3d 55 54 46 2d 38 0d 0a 44 61 74 65 3a 20 53 |t=UTF-8..Date: S|
|00000040| 61 74 2c 20 30 37 20 41 75 67 20 32 30 32 31 20 |at, 07 Aug 2021 |
|00000050| 31 34 3a 35 39 3a 32 31 20 47 4d 54 0d 0a 45 78 |14:59:21 GMT..Ex|
|00000060| 70 69 72 65 73 3a 20 2d 31 0d 0a 43 61 63 68 65 |pires: -1..Cache|
|00000070| 2d 43 6f 6e 74 72 6f 6c 3a 20 70 72 69 76 61 74 |-Control: privat|
|00000080| 65 2c 20 6d 61 78 2d 61 67 65 3d 30 0d 0a 42 46 |e, max-age=0..BF|
|00000090| 43 61 63 68 65 2d 4f 70 74 2d 49 6e 3a 20 75 6e |Cache-Opt-In: un|
|000000a0| 6c 6f 61 64 0d 0a 50 33 50 3a 20 43 50 3d 22 54 |load..P3P: CP="T|
|000000b0| 68 69 73 20 69 73 20 6e 6f 74 20 61 20 50 33 50 |his is not a P3P|
|000000c0| 20 70 6f 6c 69 63 79 21 20 53 65 65 20 67 2e 63 | policy! See g.c|
|000000d0| 6f 2f 70 33 70 68 65 6c 70 20 66 6f 72 20 6d 6f |o/p3phelp for mo|
|000000e0| 72 65 20 69 6e 66 6f 2e 22 0d 0a 43 6f 6e 74 65 |re info."..Conte|
|000000f0| 6e 74 2d 45 6e 63 6f 64 69 6e 67 3a 20 62 72 0d |nt-Encoding: br.|
|00000100| 0a 53 65 72 76 65 72 3a 20 67 77 73 0d 0a 58 2d |.Server: gws..X-|
|00000110| 58 53 53 2d 50 72 6f 74 65 63 74 69 6f 6e 3a 20 |XSS-Protection: |
|00000120| 30 0d 0a 58 2d 46 72 61 6d 65 2d 4f 70 74 69 6f |0..X-Frame-Optio|
|00000130| 6e 73 3a 20 53 41 4d 45 4f 52 49 47 49 4e 0d 0a |ns: SAMEORIGIN..|
|00000140| 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e |Transfer-Encodin|
|00000150| 67 3a 20 63 68 75 6e 6b 65 64 0d 0a 41 6c 74 2d |g: chunked..Alt-|
|00000160| 53 76 63 3a 20 68 33 3d 22 3a 34 34 33 22 3b 20 |Svc: h3=":443"; |
|00000170| 6d 61 3d 32 35 39 32 30 30 30 2c 68 33 2d 32 39 |ma=2592000,h3-29|
|00000180| 3d 22 3a 34 34 33 22 3b 20 6d 61 3d 32 35 39 32 |=":443"; ma=2592|
|00000190| 30 30 30 2c 68 33 2d 54 30 35 31 3d 22 3a 34 34 |000,h3-T051=":44|
|000001a0| 33 22 3b 20 6d 61 3d 32 35 39 32 30 30 30 2c 68 |3"; ma=2592000,h|
|000001b0| 33 2d 51 30 35 30 3d 22 3a 34 34 33 22 3b 20 6d |3-Q050=":443"; m|
|000001c0| 61 3d 32 35 39 32 30 30 30 2c 68 33 2d 51 30 34 |a=2592000,h3-Q04|
|000001d0| 36 3d 22 3a 34 34 33 22 3b 20 6d 61 3d 32 35 39 |6=":443"; ma=259|
|000001e0| 32 30 30 30 2c 68 33 2d 51 30 34 33 3d 22 3a 34 |2000,h3-Q043=":4|
|000001f0| 34 33 22 3b 20 6d 61 3d 32 35 39 32 30 30 30 2c |43"; ma=2592000,|
|00000200| 71 75 69 63 3d 22 3a 34 34 33 22 3b 20 6d 61 3d |quic=":443"; ma=|
|00000210| 32 35 39 32 30 30 30 3b 20 76 3d 22 34 36 2c 34 |2592000; v="46,4|
|00000220| 33 22 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 |3"..Connection: |
|00000230| 63 6c 6f 73 65 0d 0a 0d 0a 31 36 38 65 0d 0a a3 |close....168e...|
::::::::::
 [id: 0x91bbbb11, L:/127.0.0.1:39186 - R:/127.0.0.1:41631] WRITE: 2048B

So at the moment i get the HTTP response from from the dynamic assigned port( 41631) (HTTP 200 see in the log message) and send it back to the dyanmic assigend (41631) but i dont get a new packet from 1222 (SSLproxy)

So do i unterstand it the way it works right ?

  1. That for example i recieve from the SSLProxy at port 1222 a GET (www.google.com) Request within this Request there is the SSLProxyLine [127.0.0.1]:41631,[10.42.0.144]:53362,[172.217.23.100]:443,s

  2. so i send the Request(GET) to [127.0.0.1]:41631 back

  3. and at the same time i listen to the dynamic assigned address [127.0.0.1]:41631 so the SSLproxy sends me Response from Google server (200 ok)

4.and then i send the recivied Response(200 ok) back to port 1222

And then the Procces starts again and the SSLProxy start to sends a new Client Packet to port 1222 and so on.

is this right ? or do I not have to send anything back to the dynamic generate port ?

Thanks for your fast help in this matter

sonertari commented 3 years ago

The steps 1-4 seem correct, but the sample outputs of your lp and the paragraph starting with "So at the moment ..." seem wrong. Because I guess you send the HTTP Response (200 OK) back to 41631, the dynamically assigned port of SSLproxy, which is on the server side. You should send the HTTP Response to the client side, to the SSLproxy port connected to your lp on the port 1222 (I cannot see that port anywhere in the output of your lp).

In short, I think you don't do the step 4 of your explanations (the step 4 is correct, but you sent the HTTP response to the wrong side). Please see the Mode of Operation diagram on the README of SSLproxy.

Btw, the verbose logs do not have extra information in this case.

Lo0815 commented 3 years ago

Ok i got it. Thank you very much for your support. I have one last question: is there a point or feature where I can see which old connection can be closed ?