Generic HTTPS proxy for logging non-HTTP traffic
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
.gitignore
LICENSE.txt
README.md
certcloner.erl
config.txt
pcap_writer.erl
sslproxy.erl

README.md

SSL proxy

License

This software is available under MIT license, see LICENSE.txt.

Dependencies

  • recent Erlang distribution (tested on Erlang/OTP 17 [erts-6.2])

Configuration

The file config.txt contains the configuration, which is read at startup.

  • listen_port is the TCP port to listen on
  • ca_key_file and ca_cert_file are the private key and certificate of a CA that is accepted by the clients to be attacked with MITM, both in PEM format

Building

erlc *.erl

Running

$ erl -s sslproxy
Erlang/OTP 17 [erts-6.2] [source] [64-bit] [smp:4:4] [async-threads:10] [kernel-poll:false]

Eshell V6.2  (abort with ^G)
1> Opened PCAP output file /tmp/sslproxy-11107-g2gDYgAABYdiAA7Ga2IADDWM.pcap

The PCAP file name contains the PID or the erlang process and a timestamp for uniqueness, and the file will contain the plaintext of everything that went through the proxy.

Known bugs and limitations

  • Encrypted private keys are NOT supported, PEM files should contain -----BEGIN PRIVATE KEY-----.
  • Erlang SSL/TLS implementations cannot handle X.509 certificates with a country field of more than two characters, both as a client and as a server. This unfortunately also means that Burp certificates with PortSwigger as their "country" cannot be used by this tool.
  • Only version 4 IP addresses are supported.