search

sonertari / SSLproxy

Transparent SSL/TLS proxy for decrypting and diverting network traffic to other programs, such as UTM services, for deep SSL inspection
BSD 2-Clause "Simplified" License
385 stars 100 forks source link

fully transparent inline mode #65

Open Byeonghong-Son opened 4 months ago

Byeonghong-Son commented 4 months ago

Hello

I want to mirror only decoded (HTTP) packets that act as a fully transparent proxy for sslproxy. (sslproxy operates in an inline mode, such as a bridge, not a router or gateway)

client(HTTS) router(gateway)

sslproxy box(inline mode) -- Mirror Port(HTTP Plain Text Packet-- Packet Capture Box | (HTTS)Server

I tried to configure an online mode that works completely transparent without setting up public or private ip using nft, iptables, tproxy, etc., but failed.

A fully transparent inline configuration is required with SSL proxy.

Please give me an example of how to set it up if the related configuration is possible and thank you.

piolug93 commented 2 months ago

You must create DNAT for incoming packets to sslproxy host:port and SNAT from outgoing packets from sslproxy.