/[scripts]/trunk/mitm-ssl.pl
This is repository of my old source code which isn't updated any more. Go to git.rot13.org for current projects!
ViewVC logotype

Contents of /trunk/mitm-ssl.pl

Parent Directory Parent Directory | Revision Log Revision Log


Revision 133 - (show annotations)
Fri Jan 8 13:52:41 2010 UTC (11 years, 6 months ago) by dpavlin
File MIME type: text/plain
File size: 5179 byte(s)
hexdump communication in realtime on STDERR

1 #!/usr/bin/perl
2 # SSL Man-In-The-Middle v0.1. Copyright (C) Vlatko Kosturjak, Kost
3 # Distributed under GPL v2+.
4
5 use strict;
6 use POSIX;
7 use IO::Socket::SSL qw(debug3);
8 use Getopt::Long;
9 use Time::HiRes qw(time);
10
11 my $debug = 0;
12
13 my $laddr = "127.0.0.1";
14 my $lport = 8080;
15 my $raddr = "127.0.0.1";
16 my $rport = 80;
17
18 my $logdir;
19
20 my $help;
21 my $daemon;
22 my $buffersize = 2048;
23 my $logtype;
24 my $daemon;
25 my $serverkey;
26 my $servercert;
27 my $serverdh;
28
29 $| = 1;
30
31 my $goresult = GetOptions(
32 "lport=i" => \$lport,
33 "laddr=s" => \$laddr,
34 "rport=i" => \$rport,
35 "raddr=s" => \$raddr,
36 "logtype=i" => \$logtype,
37 "logdir=s" => \$logdir,
38 "daemon" => \$daemon,
39 "serverkey=s" => \$serverkey,
40 "servercert=s" => \$servercert,
41 "serverdh=s" => \$serverdh,
42 "help" => \$help,
43 'debug!' => \$debug,
44 );
45
46 if ($help) {
47 print <<"END";
48 SSL Man-In-The-Middle v0.1. Copyright (C) Vlatko Kosturjak, Kost
49 Distributed under GPL v2+.
50
51 Usage: $0 [OPTIONS]
52
53 --lport <port> Listening port (default 80)
54 --laddr <address> Listening address (default localhost)
55 --rport <port> Remote port to connect to (default 8080)
56 --raddr <address> Remote address to connect to (default localhost)
57 --serverkey <file> Certificate key file for local SSL server
58 --servercert <file> Certificate file for local SSL server
59 --serverdh <file> Diffie-Helman file for key exchange
60 --log <type> Type of log where 0 is no log (default 0)
61 --logdir Directory to log to (default .)
62 --daemon Daemonize (work in background)
63 --help Display this help message
64 END
65 exit;
66 }
67
68 $Net::SSLeay::trace = 4 if $debug;
69
70 $logdir ||= "$laddr:$lport-$raddr:$rport";
71 $serverkey ||= "$logdir/ssl.key";
72 $servercert ||= "$logdir/ssl.cert";
73
74 mkdir $logdir;
75
76 system "openssl req -new -x509 -days 365 -nodes -out $servercert -keyout $serverkey"
77 if ! -e $serverkey && ! -e $servercert;
78
79
80 if ($daemon) {
81 my $pid = fork;
82 exit if $pid;
83 die "$!" unless defined($pid);
84 POSIX::setsid() or die "$!";
85 }
86
87 my $ah = IO::Socket::SSL->new(
88 'LocalPort' => $lport,
89 'LocalAddr' => $laddr,
90 'Reuse' => 1,
91 'Proto' => 'tcp',
92 'SSL_verify_mode' => '0',
93 'SSLdhfile' => $serverdh,
94 'SSL_cert_file' => $servercert,
95 'SSL_key_file' => $serverkey,
96 'Listen' => 10,
97 # 'SSL_version' => 'SSLv3', # SSLv3, SSLv2, TLSv1
98 # 'SSL_cipher_list' => 'RC4-MD5',
99 ) || die "$!";
100
101 $SIG{'CHLD'} = 'IGNORE';
102 my $num = 0;
103
104 while (1) {
105 my $ch = $ah->accept();
106 if ( !$ch ) {
107 print STDERR "cannot accept: $! ", IO::Socket::SSL::errstr(),
108 "\n";
109 next;
110 }
111 if ( !$ch ) { print STDERR "cannot accept: $!\n"; next; }
112 ++$num;
113 my $pid = fork();
114 if ( !defined($pid) ) { print STDERR "cannot fork while(1) $!\n"; }
115 elsif ( $pid == 0 ) {
116 $ah->close( SSL_no_shutdown => 1 );
117 Run( $ch, $num );
118 } else {
119 $ch->close( SSL_no_shutdown => 1 );
120 }
121 }
122
123 sub hexdump {
124 my $bytes = shift;
125 my $hex = unpack('H*', $bytes);
126 $hex =~ s/(.{8})/$1 /g;
127 return $hex;
128 }
129
130 sub Run {
131 my ( $ch, $num ) = @_;
132 my $th = IO::Socket::SSL->new(
133 'PeerAddr' => $raddr,
134 'PeerPort' => $rport,
135 # 'SSL_use_cert' => '0',
136 # 'SSL_verify_mode' => '0',
137
138 'SSL_version' => 'SSLv3', # SSLv3, SSLv2, TLSv1
139 'SSL_cipher_list' => 'RC4-MD5',
140 'Proto' => 'tcp'
141 );
142 if ( !$th ) { print "cannot connect $raddr:$rport th: $!"; exit 0; }
143 else { print "connected to $raddr:$rport\n"; }
144 my $fh;
145 if ( -d $logdir ) {
146 $fh = Symbol::gensym();
147 my $path = sprintf("%s/%15.5f", $logdir, Time::HiRes::time() );
148 open( $fh, '>', $path ) or die "$!";
149 }
150 $ch->autoflush();
151 $th->autoflush();
152 my $httpheader = "";
153 my $httpbuf = "";
154 while ( $ch || $th ) {
155 my $rin = "";
156 vec( $rin, fileno($ch), 1 ) = 1 if $ch;
157 vec( $rin, fileno($th), 1 ) = 1 if $th;
158 my ( $rout, $eout );
159 select( $rout = $rin, undef, $eout = $rin, 120 );
160 if ( !$rout && !$eout ) { }
161 my $cbuffer = "";
162 my $tbuffer = "";
163
164 if ($ch
165 && ( vec( $eout, fileno($ch), 1 )
166 || vec( $rout, fileno($ch), 1 ) )
167 )
168 {
169 my $result = sysread( $ch, $tbuffer, $buffersize );
170 if ( !defined($result) ) {
171 print STDERR "$!\n";
172 exit 0;
173 }
174 if ( $result == 0 ) { exit 0; }
175 }
176 if ($th
177 && ( vec( $eout, fileno($th), 1 )
178 || vec( $rout, fileno($th), 1 ) )
179 )
180 {
181 my $result = sysread( $th, $cbuffer, $buffersize );
182 if ( !defined($result) ) { print STDERR "$!\n"; exit 0; }
183 if ( $result == 0 ) { exit 0; }
184 }
185 if ( $fh && $tbuffer ) {
186 print $fh "\n# <<< client\n$tbuffer";
187 warn "C>S ", hexdump($tbuffer), "\n";
188 }
189 while ( my $len = length($tbuffer) ) {
190 my $res = syswrite( $th, $tbuffer, $len );
191 if ( $res > 0 ) { $tbuffer = substr( $tbuffer, $res ); }
192 else { print STDERR "$!\n"; }
193 }
194 if ( $fh && $cbuffer ) {
195 print $fh "\n# >>> server\n$cbuffer";
196 warn "S>C ", hexdump($cbuffer), "\n";
197 }
198 while ( my $len = length($cbuffer) ) {
199 my $res = syswrite( $ch, $cbuffer, $len );
200 if ( $res > 0 ) { $cbuffer = substr( $cbuffer, $res ); }
201 else { print STDERR "$!\n"; }
202 }
203 }
204 }
205

Properties

Name Value
svn:executable *

  ViewVC Help
Powered by ViewVC 1.1.26