README.md

SSL proxy

License

This software is available under MIT license, see LICENSE.txt.

Dependencies

• recent Erlang distribution (tested on Erlang/OTP 17 [erts-6.2])

Configuration

The file config.txt contains the configuration, which is read at startup.

• listen_port is the TCP port to listen on
• ca_key_file and ca_cert_file are the private key and certificate of a CA that is accepted by the clients to be attacked with MITM, both in PEM format

Building

erlc *.erl

Running

$ erl -s sslproxy
Erlang/OTP 17 [erts-6.2] [source] [64-bit] [smp:4:4] [async-threads:10] [kernel-poll:false]

Eshell V6.2  (abort with ^G)
1> Opened PCAP output file /tmp/sslproxy-11107-g2gDYgAABYdiAA7Ga2IADDWM.pcap

The PCAP file name contains the PID or the erlang process and a timestamp for uniqueness, and the file will contain the plaintext of everything that went through the proxy.

Known bugs and limitations

• Encrypted private keys are NOT supported, PEM files should contain -----BEGIN PRIVATE KEY-----.
• Erlang SSL/TLS implementations cannot handle X.509 certificates with a country field of more than two characters, both as a client and as a server. This unfortunately also means that Burp certificates with PortSwigger as their "country" cannot be used by this tool.
• Only version 4 IP addresses are supported.