A simple python socket server supports both raw tcp and ssl, simultaneously.
Real implementation of multiple techniques to resolve the problem.
It came up while I was working on other side project (which is pending now
So I would like to amplify it, and share my little work.
Btw, why are you here?
... a long time ago in a galaxy far, far away
🖖... there is a mysterious scroll 📜...
This is a message from 2020. Please use ...
pip -r requirements.txt
Pick your experiment server
python <file> --help
MSGPEEKtechnique include these experiments
server_msgpeek_once.py server_msgpeek_forever.py server_msgpeek_twisted.py
- Hijack TLS handshake technique
- A demo web service based on 1st technique and twisted framework. Please generate a valid certificate for your wanted hostname (tutorial below), trust its chain - how? - and DO NOT forget to change
😁. I already provided a sample hostname
web.weirdsocket.comas default and a root certificate to trust.
nc localhost 9999
python client.py --help
> Create a self-signed root CA openssl genrsa -out rootCA.key 4096 openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 1024 -out rootCA.crt > Generate Key for domain openssl genrsa -out web.weirdsocket.com.key 4096 > Generate CSR (check out 'san.conf' in cert directory) with SAN extension (Chrome requirement 🤐) openssl req -new -out web.weirdsocket.com.csr -key web.weirdsocket.com.key -config san.conf > Sign with our rootCA (check out 'san.conf' in cert directory) openssl x509 -req -days 3650 -in web.weirdsocket.com.csr -CA rootCA.crt -CAkey rootCA.key -CAcreateserial -out web.weirdsocket.com.crt -extensions v3_req -extfile san.conf > Debug openssl req -text -noout -in web.weirdsocket.com.csr openssl x509 -text -noout -in web.weirdsocket.com.crt > Note - Because the chain has only 2 nodes, so no need to create fullchain - SAN is required by Chrome to trust the certificate, so if you don't want to mess with it just create/sign a certficate with CommonName (CN) == your donmain name. Ref below.
all techniques used in this project are implemented at experiment level, do not use in production.