scripts/trunk/mitm-ssl.pl

#!/usr/bin/perl
# SSL Man-In-The-Middle v0.1. Copyright (C) Vlatko Kosturjak, Kost
# Distributed under GPL v2+.

use strict;
use POSIX;
use IO::Socket::SSL;
use Getopt::Long;

my $localport;
my $localaddr;
my $help;
my $host;
my $port;
my $daemon;
my $buffersize= 2048;
my $logtype;
my $logdir;
my $daemon;
my $serverkey; my $servercert; my $serverdh;

$| = 1;

my $goresult = GetOptions ( "lport=i" => \$localport,
                        "laddr=s" => \$localaddr,
                        "rport=i" => \$port,
                        "raddr=s" => \$host,
                        "logtype=i" => \$logtype,
                        "logdir=s" => \$logdir,
                        "daemon" => \$daemon,
                        "serverkey=s" => \$serverkey,
                        "servercert=s" => \$servercert,
                        "serverdh=s" => \$serverdh,
                        "help" => \$help
                );

if ($help) {
        print <<"END";
SSL Man-In-The-Middle v0.1. Copyright (C) Vlatko Kosturjak, Kost
Distributed under GPL v2+. 

Usage: $0 [OPTIONS]

        --lport <port>          Listening port (default 80)
        --laddr <address>       Listening address (default localhost)
        --rport <port>          Remote port to connect to (default 8080)
        --raddr <address>       Remote address to connect to (default localhost)
        --serverkey <file>      Certificate key file for local SSL server
        --servercert <file>     Certificate file for local SSL server
        --serverdh <file>       Diffie-Helman file for key exchange
        --log <type>            Type of log where 0 is no log (default 0)
        --logdir                Directory to log to (default .)
        --daemon                Daemonize (work in background)
        --help                  Display this help message
END
        exit;
}

# set default values
$localport=8080 unless ($localport);
$localaddr="127.0.0.1" unless ($localaddr);
$port=80 unless ($port);
$host="127.0.0.1" unless ($host);
$logdir="." unless ($logdir);

my %o = ( 'dir' => $logdir, 'port' => $localport, 'toport' => $port, 'tohost' => $host );

if ($daemon) {
    my $pid = fork;
    exit if $pid;
    die "$!" unless defined($pid);
    POSIX::setsid() or die "$!";
}

my $ah = IO::Socket::SSL->new(
    'LocalPort' => $localport,
    'LocalAddr' => $localaddr,
    'Reuse'     => 1,
    'Proto'     => 'tcp',
    'SSL_verify_mode' => '0',
    'SSLdhfile' => $serverdh,
    'SSL_cert_file' => $servercert,
    'SSL_key_file' => $serverkey,
    'Listen'    => 10
) || die "$!";

$SIG{'CHLD'} = 'IGNORE';
my $num = 0;

while (1) {
    my $ch = $ah->accept();
    if ( !$ch ) { print STDERR "cannot accept: $! ", IO::Socket::SSL::errstr(), "\n" ; next; }
    if ( !$ch ) { print STDERR "cannot accept: $!\n"; next; }
    ++$num;
    my $pid = fork();
    if ( !defined($pid) ) { print STDERR "cannot fork while(1) $!\n"; }
    elsif ( $pid == 0 ) { $ah->close(SSL_no_shutdown => 1); Run( \%o, $ch, $num ); }
    else { $ch->close(SSL_no_shutdown => 1); }
}

sub Run {
    my ( $o, $ch, $num ) = @_;
    my $th = IO::Socket::SSL->new(
        'PeerAddr' => $o->{'tohost'},
        'PeerPort' => $o->{'toport'},
        'SSL_use_cert' => '0',
        'SSL_verify_mode' => '0',
#       'SSL_cipher_list' => 'NUL:LOW:EXP:ADH',
        'SSL_version' => 'SSLv3', # SSLv3, SSLv2, TLSv1
        'Proto' => 'tcp'
    ); 
    if ( !$th ) { print "cannot connect th: $!"; exit 0; }
    else { print "connected!"; }
    my $fh;
    if ( $o->{'dir'} ) {
        $fh = Symbol::gensym();
        open( $fh, ">$o->{'dir'}/tunnel$num.log" ) or die "$!";
    }
    $ch->autoflush();
    $th->autoflush();
        my $httpheader="";
        my $httpbuf="";
    while ( $ch || $th ) {
        my $rin = "";
        vec( $rin, fileno($ch), 1 ) = 1 if $ch;
        vec( $rin, fileno($th), 1 ) = 1 if $th;
        my ( $rout, $eout );
        select( $rout = $rin, undef, $eout = $rin, 120 );
        if ( !$rout && !$eout ) { }
        my $cbuffer = "";
        my $tbuffer = "";

        if ( $ch
            && ( vec( $eout, fileno($ch), 1 ) || vec( $rout, fileno($ch), 1 ) )
          )
        {
            my $result = sysread( $ch, $tbuffer, $buffersize );
            if ( !defined($result) ) {
                print STDERR "$!\n";
                exit 0;
            }
            if ( $result == 0 ) { exit 0; }
        }
        if ( $th
            && ( vec( $eout, fileno($th), 1 ) || vec( $rout, fileno($th), 1 ) )
          )
        {
            my $result = sysread( $th, $cbuffer, $buffersize );
            if ( !defined($result) ) { print STDERR "$!\n"; exit 0; }
            if ( $result == 0 ) { exit 0; }
        }
        if ( $fh && $tbuffer ) { ( print $fh "[c]".$tbuffer."[/c]" ); }
        while ( my $len = length($tbuffer) ) {
            my $res = syswrite( $th, $tbuffer, $len );
            if ( $res > 0 ) { $tbuffer = substr( $tbuffer, $res ); }
            else { print STDERR "$!\n"; }
        }
        if ( $fh && $cbuffer ) { ( print $fh "[s]".$cbuffer."[/s]"); }
        while ( my $len = length($cbuffer) ) {
            my $res = syswrite( $ch, $cbuffer, $len );
            if ( $res > 0 ) { $cbuffer = substr( $cbuffer, $res ); }
            else { print STDERR "$!\n"; }
        }
    }
}

1	dpavlin	126	#!/usr/bin/perl
2			# SSL Man-In-The-Middle v0.1. Copyright (C) Vlatko Kosturjak, Kost
3			# Distributed under GPL v2+.
4
5			use strict;
6			use POSIX;
7			use IO::Socket::SSL;
8			use Getopt::Long;
9
10			my $localport;
11			my $localaddr;
12			my $help;
13			my $host;
14			my $port;
15			my $daemon;
16			my $buffersize= 2048;
17			my $logtype;
18			my $logdir;
19			my $daemon;
20			my $serverkey; my $servercert; my $serverdh;
21
22			$\| = 1;
23
24			my $goresult = GetOptions ( "lport=i" => \$localport,
25			"laddr=s" => \$localaddr,
26			"rport=i" => \$port,
27			"raddr=s" => \$host,
28			"logtype=i" => \$logtype,
29			"logdir=s" => \$logdir,
30			"daemon" => \$daemon,
31			"serverkey=s" => \$serverkey,
32			"servercert=s" => \$servercert,
33			"serverdh=s" => \$serverdh,
34			"help" => \$help
35			);
36
37			if ($help) {
38			print <<"END";
39			SSL Man-In-The-Middle v0.1. Copyright (C) Vlatko Kosturjak, Kost
40			Distributed under GPL v2+.
41
42			Usage: $0 [OPTIONS]
43
44			--lport <port> Listening port (default 80)
45			--laddr <address> Listening address (default localhost)
46			--rport <port> Remote port to connect to (default 8080)
47			--raddr <address> Remote address to connect to (default localhost)
48			--serverkey <file> Certificate key file for local SSL server
49			--servercert <file> Certificate file for local SSL server
50			--serverdh <file> Diffie-Helman file for key exchange
51			--log <type> Type of log where 0 is no log (default 0)
52			--logdir Directory to log to (default .)
53			--daemon Daemonize (work in background)
54			--help Display this help message
55			END
56			exit;
57			}
58
59			# set default values
60			$localport=8080 unless ($localport);
61			$localaddr="127.0.0.1" unless ($localaddr);
62			$port=80 unless ($port);
63			$host="127.0.0.1" unless ($host);
64			$logdir="." unless ($logdir);
65
66			my %o = ( 'dir' => $logdir, 'port' => $localport, 'toport' => $port, 'tohost' => $host );
67
68			if ($daemon) {
69			my $pid = fork;
70			exit if $pid;
71			die "$!" unless defined($pid);
72			POSIX::setsid() or die "$!";
73			}
74
75			my $ah = IO::Socket::SSL->new(
76			'LocalPort' => $localport,
77			'LocalAddr' => $localaddr,
78			'Reuse' => 1,
79			'Proto' => 'tcp',
80			'SSL_verify_mode' => '0',
81			'SSLdhfile' => $serverdh,
82			'SSL_cert_file' => $servercert,
83			'SSL_key_file' => $serverkey,
84			'Listen' => 10
85			) \|\| die "$!";
86
87			$SIG{'CHLD'} = 'IGNORE';
88			my $num = 0;
89
90			while (1) {
91			my $ch = $ah->accept();
92	dpavlin	128	if ( !$ch ) { print STDERR "cannot accept: $! ", IO::Socket::SSL::errstr(), "\n" ; next; }
93	dpavlin	126	if ( !$ch ) { print STDERR "cannot accept: $!\n"; next; }
94			++$num;
95			my $pid = fork();
96			if ( !defined($pid) ) { print STDERR "cannot fork while(1) $!\n"; }
97			elsif ( $pid == 0 ) { $ah->close(SSL_no_shutdown => 1); Run( \%o, $ch, $num ); }
98			else { $ch->close(SSL_no_shutdown => 1); }
99			}
100
101			sub Run {
102			my ( $o, $ch, $num ) = @_;
103			my $th = IO::Socket::SSL->new(
104			'PeerAddr' => $o->{'tohost'},
105			'PeerPort' => $o->{'toport'},
106			'SSL_use_cert' => '0',
107			'SSL_verify_mode' => '0',
108			# 'SSL_cipher_list' => 'NUL:LOW:EXP:ADH',
109			'SSL_version' => 'SSLv3', # SSLv3, SSLv2, TLSv1
110			'Proto' => 'tcp'
111			);
112			if ( !$th ) { print "cannot connect th: $!"; exit 0; }
113			else { print "connected!"; }
114			my $fh;
115			if ( $o->{'dir'} ) {
116			$fh = Symbol::gensym();
117			open( $fh, ">$o->{'dir'}/tunnel$num.log" ) or die "$!";
118			}
119			$ch->autoflush();
120			$th->autoflush();
121			my $httpheader="";
122			my $httpbuf="";
123			while ( $ch \|\| $th ) {
124			my $rin = "";
125			vec( $rin, fileno($ch), 1 ) = 1 if $ch;
126			vec( $rin, fileno($th), 1 ) = 1 if $th;
127			my ( $rout, $eout );
128			select( $rout = $rin, undef, $eout = $rin, 120 );
129			if ( !$rout && !$eout ) { }
130			my $cbuffer = "";
131			my $tbuffer = "";
132
133			if ( $ch
134			&& ( vec( $eout, fileno($ch), 1 ) \|\| vec( $rout, fileno($ch), 1 ) )
135			)
136			{
137			my $result = sysread( $ch, $tbuffer, $buffersize );
138			if ( !defined($result) ) {
139			print STDERR "$!\n";
140			exit 0;
141			}
142			if ( $result == 0 ) { exit 0; }
143			}
144			if ( $th
145			&& ( vec( $eout, fileno($th), 1 ) \|\| vec( $rout, fileno($th), 1 ) )
146			)
147			{
148			my $result = sysread( $th, $cbuffer, $buffersize );
149			if ( !defined($result) ) { print STDERR "$!\n"; exit 0; }
150			if ( $result == 0 ) { exit 0; }
151			}
152			if ( $fh && $tbuffer ) { ( print $fh "[c]".$tbuffer."[/c]" ); }
153			while ( my $len = length($tbuffer) ) {
154			my $res = syswrite( $th, $tbuffer, $len );
155			if ( $res > 0 ) { $tbuffer = substr( $tbuffer, $res ); }
156			else { print STDERR "$!\n"; }
157			}
158			if ( $fh && $cbuffer ) { ( print $fh "[s]".$cbuffer."[/s]"); }
159			while ( my $len = length($cbuffer) ) {
160			my $res = syswrite( $ch, $cbuffer, $len );
161			if ( $res > 0 ) { $cbuffer = substr( $cbuffer, $res ); }
162			else { print STDERR "$!\n"; }
163			}
164			}
165			}
166