sonertari
commented
1 year ago You don't mention any listening program in your report.
So I think you need two things:
- Redirect https traffic to port 10443, which I hope/assume you already do
- Run a listening program at port 443, which I think you don't
But you can run sslproxy in split mode too, in which case you don't need a listening program. So I don't know the details of your setup, but you can try the following proxyspec:
https 127.0.0.1 10443 127.0.0.1 443
Or use the IP address of your http server in place of the second 127.0.0.1 above.
Btw, perhaps you need sslsplit, not sslproxy?
love200103223
[root@iZuf62gz7wcz2kez5kk495Z ~]# sslproxy -k /root/ssl/httpd.key -c /root/ssl/httpd.crt https 0.0.0.0 10443 up:443 -X q.pcap -D4
SSLproxy v0.9.4 (built 2023-04-20)
Copyright (c) 2017-2022, Soner Tari sonertari@gmail.com
https://github.com/sonertari/SSLproxy
Copyright (c) 2009-2019, Daniel Roethlisberger daniel@roe.ch
https://www.roe.ch/SSLsplit
Build info: V:GIT
Features: -DHAVE_NETFILTER
NAT engines: netfilter* tproxy
netfilter: IP_TRANSPARENT IP6T_SO_ORIGINAL_DST
Local process info support: no
compiled against OpenSSL 1.0.2k 26 Jan 2017 (100020bf)
rtlinked against OpenSSL 1.0.2k-fips 26 Jan 2017 (100020bf)
OpenSSL has support for TLS extensions
TLS Server Name Indication (SNI) supported
OpenSSL is thread-safe with THREADID
OpenSSL has engine support
Using SSL_MODE_RELEASE_BUFFERS
SSL/TLS protocol availability: ssl3 tls10 tls11 tls12
SSL/TLS algorithm availability: SHA0 RSA DSA ECDSA DH ECDH EC
OpenSSL option availability: SSL_OP_NO_COMPRESSION SSL_OP_NO_TICKET SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION SSL_OP_TLS_ROLLBACK_BUG
compiled against libevent 2.1.12-stable
rtlinked against libevent 2.1.12-stable
compiled against libnet 1.1.6
rtlinked against libnet 1.1.6
compiled against libpcap n/a
rtlinked against libpcap 1.5.3
compiled against sqlite 3.7.5
rtlinked against sqlite 3.7.5
4 CPU cores detected
Generated 2048 bit RSA key for leaf certs.
Global conn opts: negotiate|ALL:-aNULL|TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256|no ecdhcurve|no leafcrlurl|remove_http_referer|verify_peer|no user_auth_url|300|8192
proxyspecs:
divert addr= [127.0.0.1]:443
return addr= [127.0.0.1]:0
opts= conn opts: negotiate|ALL:-aNULL|TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256|no ecdhcurve|no leafcrlurl|remove_http_referer|verify_peer|no user_auth_url|300|8192
divert||
Loaded Global CA: '/C=cn/ST=cn/O=cn/OU=cn/CN=cn'
Loaded ProxySpec CA: '/C=cn/ST=cn/O=cn/OU=cn/CN=cn'
SSL/TLS leaf certificates taken from:
Privsep fastpath disabled
Created self-pipe [r=4,w=5]
Created chld-pipe [r=6,w=7]
Created socketpair 0 [p=8,c=9]
Created socketpair 1 [p=10,c=11]
Created socketpair 2 [p=12,c=13]
Created socketpair 3 [p=14,c=15]
Created socketpair 4 [p=16,c=17]
Created socketpair 5 [p=18,c=19]
Privsep parent pid 2578
Privsep child pid 2579
Using libevent backend 'epoll'
Event base supports: edge yes, O(1) yes, anyfd no
Received privsep req type 03 sz 9 on srvsock 8
Dropped privs to user nobody group - chroot -
Received privsep req type 00 sz 1 on srvsock 10
Received privsep req type 00 sz 1 on srvsock 12
Received privsep req type 00 sz 1 on srvsock 14
Inserted events:
0xfeae88 [fd 5] Read Persist Internal
0xfeb060 [fd 7] Read Persist Internal
0xfea1b8 [fd 8] Read Persist
0xfebb20 [sig 1] Signal Persist
0xfebc50 [sig 2] Signal Persist
0xfeb9f0 [sig 3] Signal Persist
0xfebeb0 [sig 10] Signal Persist
0xfebd80 [sig 13] Signal Persist
0xfeb290 [sig 15] Signal Persist
0xfec000 [fd -1] Persist Timeout=1682239211.430419
Active events:
Initialized 8 connection handling threads
Received privsep req type 00 sz 1 on srvsock 18
Started 8 connection handling threads
Starting main event loop.
SNI peek: [n/a] [complete], fd=43
Connecting to [172.16.0.167]:10443
SNI peek: [n/a] [complete], fd=45
Connecting to [172.16.0.167]:10443
SNI peek: [n/a] [complete], fd=47
Connecting to [172.16.0.167]:10443
SNI peek: [n/a] [complete], fd=49
Connecting to [172.16.0.167]:10443
SNI peek: [n/a] [complete], fd=51
Connecting to [172.16.0.167]:10443
SNI peek: [n/a] [complete], fd=53
Connecting to [172.16.0.167]:10443
SNI peek: [n/a] [complete], fd=55
Connecting to [172.16.0.167]:10443
SNI peek: [n/a] [complete], fd=57
Connecting to [172.16.0.167]:10443
SNI peek: [n/a] [complete], fd=59
Connecting to [172.16.0.167]:10443
SNI peek: [n/a] [complete], fd=61
Connecting to [172.16.0.167]:10443
SNI peek: [n/a] [complete], fd=62
Connecting to [172.16.0.167]:10443
SNI peek: [n/a] [complete], fd=65
Connecting to [172.16.0.167]:10443
SNI peek: [n/a] [complete], fd=66
Connecting to [172.16.0.167]:10443
SNI peek: [n/a] [complete], fd=69
Connecting to [172.16.0.167]:10443
SNI peek: [n/a] [complete], fd=71
Connecting to [172.16.0.167]:10443
SNI peek: [n/a] [complete], fd=73
Connecting to [172.16.0.167]:10443
SNI peek: [n/a] [complete], fd=75
Connecting to [172.16.0.167]:10443
SNI peek: [n/a] [complete], fd=77
Connecting to [172.16.0.167]:10443
SNI peek: [n/a] [complete], fd=79
Connecting to [172.16.0.167]:10443
SNI peek: [n/a] [complete], fd=81
Connecting to [172.16.0.167]:10443
SNI peek: [n/a] [complete], fd=83