Example listener python script. Not responding.

[LeosSire]

Big fan of your's and Roe's work.

For the benefit of understanding and clarification I have put together a cheeky little python script for inspecting the traffic and how a listener should work. It's receiving headers great, but the response never seems to receive and clients report connection issues.

I've scoured your readme and the below should work. If you could shed some light from an education purpose it would be greatly appreciated.

Using Linux Mint server as an AP.

Running SSLsplit with command: sudo sslproxy -k ./certs/ca.key -c ./certs/ca.crt -P ssl 0.0.0.0 8443 up:8080 When running with https command results in consistent HelloConnect errors. :-(

IPTables rules:

iptables -t nat -A PREROUTING -i wlan -p tcp --dport 80 -j REDIRECT --to-port 8443
iptables -t nat -A PREROUTING -i wlan -p tcp --dport 443 -j REDIRECT --to-port 8443
ip6tables -t nat -A PREROUTING -i wlan -p tcp --dport 80 -j REDIRECT --to-port 8443
ip6tables -t nat -A PREROUTING -i wlan -p tcp --dport 443 -j REDIRECT --to-port 8443

Python script:

import socket

# Create a TCP/IP socket
server_socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
server_socket.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)

# Bind the socket to the localhost address and a specified port
server_address = ('localhost', 8080)
server_socket.bind(server_address)

# Listen for incoming client connections (maximum of 1 waiting client)
server_socket.listen(1)
print('Server listening on port', server_address[1])

while True:
    # Wait for a connection
    print('Waiting for a connection...')
    connection, client_address = server_socket.accept()

    try:
        print('Connection from', client_address)
        # Receive data from the client
        dataStore = ""
        ctr = 1
        while True:
            print("Recieveing data")

            data = connection.recv(1024)
            print("Recieved data length:", len(data))
            if not data:
                break
            if dataStore == "":
                print("Set dataStore")
                dataStore = data
            else:
                print("Appended to dataStore")
                dataStore = dataStore + data
            try:
                print("Decoding data")
                decodedData = data.decode()
                print('Received:', decodedData.replace("\\r\\n", "\r\n"))
            except Exception as ex:
                print('Decode Exception', ex)

            if len(data) < 1024:
                break

        #  =================== Return data ======================
        # Create a socket object for sending packets over UDP
        response_socket = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)

        # Send a message to the target IP address and port
        response_socket.sendto(dataStore, client_address)
        print("Returned ", len(dataStore), " to ", client_address)
        print("-----------------------------------------------------------------------------------")

        # Close the socket
        response_socket.close()

    finally:
        # Clean up the connection
        connection.close()

Example responses: Python listener:

* Waiting for a connection...
* Connection from ('127.0.0.1', 49972)
* Recieveing data
* Recieved data length: 612
* Set dataStore
* Decoding data
* Received: GET /wiki/Alan_Jope HTTP/1.1
SSLproxy: [127.0.0.1]:45101,[10.42.0.254]:59674,[91.198.174.192]:443,s
Host: en.m.wikipedia.org
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Cookie: enwikiwmE-sessionTickLastTickTime=1678652795235; enwikiwmE-sessionTickTickCount=1; WMF-Last-Access-Global=12-Mar-2023; WMF-DP=b98; WMF-Last-Access=12-Mar-2023
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 15_7_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.6.4 Mobile/15E148 Safari/604.1
Accept-Language: en-GB,en;q=0.9
Accept-Encoding: gzip, deflate, br
Connection: close

* Returned  612  to  ('127.0.0.1', 49972)

SSLproxy:

CONN: ssl 10.42.0.254 59683 91.198.174.192 443 sni:en.m.wikipedia.org names:*.wikipedia.org/*.wikipedia.org/wikimedia.org/mediawiki.org/wikibooks.org/wikidata.org/wikinews.org/wikiquote.org/wikisource.org/wikiversity.org/wikivoyage.org/wiktionary.org/wikimediafoundation.org/w.wiki/wmfusercontent.org/*.m.wikipedia.org/*.wikimedia.org/*.m.wikimedia.org/*.planet.wikimedia.org/*.mediawiki.org/*.m.mediawiki.org/*.wikibooks.org/*.m.wikibooks.org/*.wikidata.org/*.m.wikidata.org/*.wikinews.org/*.m.wikinews.org/*.wikiquote.org/*.m.wikiquote.org/*.wikisource.org/*.m.wikisource.org/*.wikiversity.org/*.m.wikiversity.org/*.wikivoyage.org/*.m.wikivoyage.org/*.wiktionary.org/*.m.wiktionary.org/*.wikimediafoundation.org/*.wmfusercontent.org/wikipedia.org/wikifunctions.org/*.wikifunctions.org sproto:TLSv1.3:TLS_AES_128_GCM_SHA256 dproto:TLSv1.3:TLS_AES_256_GCM_SHA384 origcrt:91D4DDDD2FF918E01907D86BC75454F11A8F2CDC usedcrt:8E146A2A0965132108BD8227A3212F5181B18B32 user:-

[sonertari]

The listening program should return the packets back to sslproxy on the server side. For example, in your sample output above, your Python script should start a connection to [127.0.0.1]:45101 and give that packet back to sslproxy listening at that address. Also, it should keep that connection open, because sslproxy will send the server responses back to your Python script over that same address. (I don't see your script doing any parsing of the SSLproxy line or starting such connections.) Note that you can find a sample listening program here.

[LeosSire]

Good afternoon Sonertari, I have been looking at lp and its awesome, I'm trying to access the content of each page (I believe this is called ctx->file when logging.

Then I log to files -L option the content appears to be encrypted. Is this correct? Event for simple a simple GET which should return html, it returns this.

Why am I seeing this? It appears to be encrypted. There are some svg's in separate files which are decoded. But I didn't check they may have been http (no s).

[sonertari]

I guess they are compressed. See "content-encoding: gzip" on your screenshot?