This software is available under MIT license, see
- recent Erlang distribution (tested on
Erlang/OTP 17 [erts-6.2])
config.txt contains the configuration, which is read at startup.
listen_portis the TCP port to listen on
ca_cert_fileare the private key and certificate of a CA that is accepted by the clients to be attacked with MITM, both in PEM format
$ erl -s sslproxy Erlang/OTP 17 [erts-6.2] [source] [64-bit] [smp:4:4] [async-threads:10] [kernel-poll:false] Eshell V6.2 (abort with ^G) 1> Opened PCAP output file /tmp/sslproxy-11107-g2gDYgAABYdiAA7Ga2IADDWM.pcap
The PCAP file name contains the PID or the erlang process and a timestamp for uniqueness, and the file will contain the plaintext of everything that went through the proxy.
Known bugs and limitations
- Encrypted private keys are NOT supported, PEM files should contain
-----BEGIN PRIVATE KEY-----.
- Erlang SSL/TLS implementations cannot handle X.509 certificates with a country field of more than two characters, both as a client and as a server. This unfortunately also means that Burp certificates with
PortSwiggeras their "country" cannot be used by this tool.
- Only version 4 IP addresses are supported.