search

sonertari / SSLproxy

Transparent SSL/TLS proxy for decrypting and diverting network traffic to other programs, such as UTM services, for deep SSL inspection
BSD 2-Clause "Simplified" License
377 stars 98 forks source link

Question: change SSL/TLS connection data #55

Closed vicnetto closed 1 year ago

vicnetto commented 1 year ago

Hello,

I have successfully executed the program with the specified parameters:

sudo sslproxy -k ca.key -c ca.crt -l connect.log -L /log ssl 127.0.0.1 8443 up:8080 -D

It works like a charm. However, I have observed that the SSL connection does not traverse through the external program. Only the network traffic between the two endpoints is intercepted (which is in line with the documentation).

My question is, does SSLProxy offer the capability to modify the exchanged messages within the TLS connection, for example, the ClientHello?

Thank you in advance!

sonertari commented 1 year ago

One of the purposes of SSLproxy is to divert the packets to a listening program, so the program can modify the packets. But if you want to modify ClientHello, you would need to modify the C sources of SSLproxy. So, only the packets are diverted to listening programs.

Your listening program (external program) was supposed to receive the packets. There seems to be an issue there. What listening program are you using? What does it do?

vicnetto commented 1 year ago

I believe I did not explain correctly what I was seeking, and I apologize for that.

All the packets are passing correctly through the external program without any issues. However, I would like the TLS handshake to also go through the same external program.

However, based on your response, I can understand that this functionality is not possible, without modifying the C sources of SSLProxy.

Thank you very much for your response!

sonertari commented 1 year ago

Yes, that's correct. Cheers