1 |
dpavlin |
126 |
#!/usr/bin/perl |
2 |
|
|
# SSL Man-In-The-Middle v0.1. Copyright (C) Vlatko Kosturjak, Kost |
3 |
|
|
# Distributed under GPL v2+. |
4 |
|
|
|
5 |
|
|
use strict; |
6 |
|
|
use POSIX; |
7 |
|
|
use IO::Socket::SSL; |
8 |
|
|
use Getopt::Long; |
9 |
|
|
|
10 |
|
|
my $localport; |
11 |
|
|
my $localaddr; |
12 |
|
|
my $help; |
13 |
|
|
my $host; |
14 |
|
|
my $port; |
15 |
|
|
my $daemon; |
16 |
|
|
my $buffersize= 2048; |
17 |
|
|
my $logtype; |
18 |
|
|
my $logdir; |
19 |
|
|
my $daemon; |
20 |
|
|
my $serverkey; my $servercert; my $serverdh; |
21 |
|
|
|
22 |
|
|
$| = 1; |
23 |
|
|
|
24 |
|
|
my $goresult = GetOptions ( "lport=i" => \$localport, |
25 |
|
|
"laddr=s" => \$localaddr, |
26 |
|
|
"rport=i" => \$port, |
27 |
|
|
"raddr=s" => \$host, |
28 |
|
|
"logtype=i" => \$logtype, |
29 |
|
|
"logdir=s" => \$logdir, |
30 |
|
|
"daemon" => \$daemon, |
31 |
|
|
"serverkey=s" => \$serverkey, |
32 |
|
|
"servercert=s" => \$servercert, |
33 |
|
|
"serverdh=s" => \$serverdh, |
34 |
|
|
"help" => \$help |
35 |
|
|
); |
36 |
|
|
|
37 |
|
|
if ($help) { |
38 |
|
|
print <<"END"; |
39 |
|
|
SSL Man-In-The-Middle v0.1. Copyright (C) Vlatko Kosturjak, Kost |
40 |
|
|
Distributed under GPL v2+. |
41 |
|
|
|
42 |
|
|
Usage: $0 [OPTIONS] |
43 |
|
|
|
44 |
|
|
--lport <port> Listening port (default 80) |
45 |
|
|
--laddr <address> Listening address (default localhost) |
46 |
|
|
--rport <port> Remote port to connect to (default 8080) |
47 |
|
|
--raddr <address> Remote address to connect to (default localhost) |
48 |
|
|
--serverkey <file> Certificate key file for local SSL server |
49 |
|
|
--servercert <file> Certificate file for local SSL server |
50 |
|
|
--serverdh <file> Diffie-Helman file for key exchange |
51 |
|
|
--log <type> Type of log where 0 is no log (default 0) |
52 |
|
|
--logdir Directory to log to (default .) |
53 |
|
|
--daemon Daemonize (work in background) |
54 |
|
|
--help Display this help message |
55 |
|
|
END |
56 |
|
|
exit; |
57 |
|
|
} |
58 |
|
|
|
59 |
|
|
# set default values |
60 |
|
|
$localport=8080 unless ($localport); |
61 |
|
|
$localaddr="127.0.0.1" unless ($localaddr); |
62 |
|
|
$port=80 unless ($port); |
63 |
|
|
$host="127.0.0.1" unless ($host); |
64 |
|
|
$logdir="." unless ($logdir); |
65 |
|
|
|
66 |
|
|
my %o = ( 'dir' => $logdir, 'port' => $localport, 'toport' => $port, 'tohost' => $host ); |
67 |
|
|
|
68 |
|
|
if ($daemon) { |
69 |
|
|
my $pid = fork; |
70 |
|
|
exit if $pid; |
71 |
|
|
die "$!" unless defined($pid); |
72 |
|
|
POSIX::setsid() or die "$!"; |
73 |
|
|
} |
74 |
|
|
|
75 |
|
|
my $ah = IO::Socket::SSL->new( |
76 |
|
|
'LocalPort' => $localport, |
77 |
|
|
'LocalAddr' => $localaddr, |
78 |
|
|
'Reuse' => 1, |
79 |
|
|
'Proto' => 'tcp', |
80 |
|
|
'SSL_verify_mode' => '0', |
81 |
|
|
'SSLdhfile' => $serverdh, |
82 |
|
|
'SSL_cert_file' => $servercert, |
83 |
|
|
'SSL_key_file' => $serverkey, |
84 |
|
|
'Listen' => 10 |
85 |
|
|
) || die "$!"; |
86 |
|
|
|
87 |
|
|
$SIG{'CHLD'} = 'IGNORE'; |
88 |
|
|
my $num = 0; |
89 |
|
|
|
90 |
|
|
while (1) { |
91 |
|
|
my $ch = $ah->accept(); |
92 |
dpavlin |
128 |
if ( !$ch ) { print STDERR "cannot accept: $! ", IO::Socket::SSL::errstr(), "\n" ; next; } |
93 |
dpavlin |
126 |
if ( !$ch ) { print STDERR "cannot accept: $!\n"; next; } |
94 |
|
|
++$num; |
95 |
|
|
my $pid = fork(); |
96 |
|
|
if ( !defined($pid) ) { print STDERR "cannot fork while(1) $!\n"; } |
97 |
|
|
elsif ( $pid == 0 ) { $ah->close(SSL_no_shutdown => 1); Run( \%o, $ch, $num ); } |
98 |
|
|
else { $ch->close(SSL_no_shutdown => 1); } |
99 |
|
|
} |
100 |
|
|
|
101 |
|
|
sub Run { |
102 |
|
|
my ( $o, $ch, $num ) = @_; |
103 |
|
|
my $th = IO::Socket::SSL->new( |
104 |
|
|
'PeerAddr' => $o->{'tohost'}, |
105 |
|
|
'PeerPort' => $o->{'toport'}, |
106 |
|
|
'SSL_use_cert' => '0', |
107 |
|
|
'SSL_verify_mode' => '0', |
108 |
|
|
# 'SSL_cipher_list' => 'NUL:LOW:EXP:ADH', |
109 |
|
|
'SSL_version' => 'SSLv3', # SSLv3, SSLv2, TLSv1 |
110 |
|
|
'Proto' => 'tcp' |
111 |
|
|
); |
112 |
|
|
if ( !$th ) { print "cannot connect th: $!"; exit 0; } |
113 |
|
|
else { print "connected!"; } |
114 |
|
|
my $fh; |
115 |
|
|
if ( $o->{'dir'} ) { |
116 |
|
|
$fh = Symbol::gensym(); |
117 |
|
|
open( $fh, ">$o->{'dir'}/tunnel$num.log" ) or die "$!"; |
118 |
|
|
} |
119 |
|
|
$ch->autoflush(); |
120 |
|
|
$th->autoflush(); |
121 |
|
|
my $httpheader=""; |
122 |
|
|
my $httpbuf=""; |
123 |
|
|
while ( $ch || $th ) { |
124 |
|
|
my $rin = ""; |
125 |
|
|
vec( $rin, fileno($ch), 1 ) = 1 if $ch; |
126 |
|
|
vec( $rin, fileno($th), 1 ) = 1 if $th; |
127 |
|
|
my ( $rout, $eout ); |
128 |
|
|
select( $rout = $rin, undef, $eout = $rin, 120 ); |
129 |
|
|
if ( !$rout && !$eout ) { } |
130 |
|
|
my $cbuffer = ""; |
131 |
|
|
my $tbuffer = ""; |
132 |
|
|
|
133 |
|
|
if ( $ch |
134 |
|
|
&& ( vec( $eout, fileno($ch), 1 ) || vec( $rout, fileno($ch), 1 ) ) |
135 |
|
|
) |
136 |
|
|
{ |
137 |
|
|
my $result = sysread( $ch, $tbuffer, $buffersize ); |
138 |
|
|
if ( !defined($result) ) { |
139 |
|
|
print STDERR "$!\n"; |
140 |
|
|
exit 0; |
141 |
|
|
} |
142 |
|
|
if ( $result == 0 ) { exit 0; } |
143 |
|
|
} |
144 |
|
|
if ( $th |
145 |
|
|
&& ( vec( $eout, fileno($th), 1 ) || vec( $rout, fileno($th), 1 ) ) |
146 |
|
|
) |
147 |
|
|
{ |
148 |
|
|
my $result = sysread( $th, $cbuffer, $buffersize ); |
149 |
|
|
if ( !defined($result) ) { print STDERR "$!\n"; exit 0; } |
150 |
|
|
if ( $result == 0 ) { exit 0; } |
151 |
|
|
} |
152 |
|
|
if ( $fh && $tbuffer ) { ( print $fh "[c]".$tbuffer."[/c]" ); } |
153 |
|
|
while ( my $len = length($tbuffer) ) { |
154 |
|
|
my $res = syswrite( $th, $tbuffer, $len ); |
155 |
|
|
if ( $res > 0 ) { $tbuffer = substr( $tbuffer, $res ); } |
156 |
|
|
else { print STDERR "$!\n"; } |
157 |
|
|
} |
158 |
|
|
if ( $fh && $cbuffer ) { ( print $fh "[s]".$cbuffer."[/s]"); } |
159 |
|
|
while ( my $len = length($cbuffer) ) { |
160 |
|
|
my $res = syswrite( $ch, $cbuffer, $len ); |
161 |
|
|
if ( $res > 0 ) { $cbuffer = substr( $cbuffer, $res ); } |
162 |
|
|
else { print STDERR "$!\n"; } |
163 |
|
|
} |
164 |
|
|
} |
165 |
|
|
} |
166 |
|
|
|