1 |
#!/usr/bin/perl |
2 |
# SSL Man-In-The-Middle v0.1. Copyright (C) Vlatko Kosturjak, Kost |
3 |
# Distributed under GPL v2+. |
4 |
|
5 |
use strict; |
6 |
use POSIX; |
7 |
use IO::Socket::SSL qw(debug3); |
8 |
use Getopt::Long; |
9 |
use Time::HiRes qw(time); |
10 |
|
11 |
my $debug = 0; |
12 |
|
13 |
my $laddr = "127.0.0.1"; |
14 |
my $lport = 8080; |
15 |
my $raddr = "127.0.0.1"; |
16 |
my $rport = 80; |
17 |
|
18 |
my $logdir; |
19 |
|
20 |
my $help; |
21 |
my $daemon; |
22 |
my $buffersize = 2048; |
23 |
my $logtype; |
24 |
my $daemon; |
25 |
my $serverkey; |
26 |
my $servercert; |
27 |
my $serverdh; |
28 |
|
29 |
$| = 1; |
30 |
|
31 |
my $goresult = GetOptions( |
32 |
"lport=i" => \$lport, |
33 |
"laddr=s" => \$laddr, |
34 |
"rport=i" => \$rport, |
35 |
"raddr=s" => \$raddr, |
36 |
"logtype=i" => \$logtype, |
37 |
"logdir=s" => \$logdir, |
38 |
"daemon" => \$daemon, |
39 |
"serverkey=s" => \$serverkey, |
40 |
"servercert=s" => \$servercert, |
41 |
"serverdh=s" => \$serverdh, |
42 |
"help" => \$help, |
43 |
'debug!' => \$debug, |
44 |
); |
45 |
|
46 |
if ($help) { |
47 |
print <<"END"; |
48 |
SSL Man-In-The-Middle v0.1. Copyright (C) Vlatko Kosturjak, Kost |
49 |
Distributed under GPL v2+. |
50 |
|
51 |
Usage: $0 [OPTIONS] |
52 |
|
53 |
--lport <port> Listening port (default 80) |
54 |
--laddr <address> Listening address (default localhost) |
55 |
--rport <port> Remote port to connect to (default 8080) |
56 |
--raddr <address> Remote address to connect to (default localhost) |
57 |
--serverkey <file> Certificate key file for local SSL server |
58 |
--servercert <file> Certificate file for local SSL server |
59 |
--serverdh <file> Diffie-Helman file for key exchange |
60 |
--log <type> Type of log where 0 is no log (default 0) |
61 |
--logdir Directory to log to (default .) |
62 |
--daemon Daemonize (work in background) |
63 |
--help Display this help message |
64 |
END |
65 |
exit; |
66 |
} |
67 |
|
68 |
$Net::SSLeay::trace = 4 if $debug; |
69 |
|
70 |
$logdir ||= "$laddr:$lport-$raddr:$rport"; |
71 |
$serverkey ||= "$logdir/ssl.key"; |
72 |
$servercert ||= "$logdir/ssl.cert"; |
73 |
|
74 |
mkdir $logdir; |
75 |
|
76 |
system "openssl req -new -x509 -days 365 -nodes -out $servercert -keyout $serverkey" |
77 |
if ! -e $serverkey && ! -e $servercert; |
78 |
|
79 |
|
80 |
if ($daemon) { |
81 |
my $pid = fork; |
82 |
exit if $pid; |
83 |
die "$!" unless defined($pid); |
84 |
POSIX::setsid() or die "$!"; |
85 |
} |
86 |
|
87 |
my $ah = IO::Socket::SSL->new( |
88 |
'LocalPort' => $lport, |
89 |
'LocalAddr' => $laddr, |
90 |
'Reuse' => 1, |
91 |
'Proto' => 'tcp', |
92 |
'SSL_verify_mode' => '0', |
93 |
'SSLdhfile' => $serverdh, |
94 |
'SSL_cert_file' => $servercert, |
95 |
'SSL_key_file' => $serverkey, |
96 |
'Listen' => 10, |
97 |
# 'SSL_version' => 'SSLv3', # SSLv3, SSLv2, TLSv1 |
98 |
# 'SSL_cipher_list' => 'RC4-MD5', |
99 |
) || die "$!"; |
100 |
|
101 |
$SIG{'CHLD'} = 'IGNORE'; |
102 |
my $num = 0; |
103 |
|
104 |
while (1) { |
105 |
my $ch = $ah->accept(); |
106 |
if ( !$ch ) { |
107 |
print STDERR "cannot accept: $! ", IO::Socket::SSL::errstr(), |
108 |
"\n"; |
109 |
next; |
110 |
} |
111 |
if ( !$ch ) { print STDERR "cannot accept: $!\n"; next; } |
112 |
++$num; |
113 |
my $pid = fork(); |
114 |
if ( !defined($pid) ) { print STDERR "cannot fork while(1) $!\n"; } |
115 |
elsif ( $pid == 0 ) { |
116 |
$ah->close( SSL_no_shutdown => 1 ); |
117 |
Run( $ch, $num ); |
118 |
} else { |
119 |
$ch->close( SSL_no_shutdown => 1 ); |
120 |
} |
121 |
} |
122 |
|
123 |
sub hexdump { |
124 |
my $bytes = shift; |
125 |
my $hex = unpack('H*', $bytes); |
126 |
$hex =~ s/(.{8})/$1 /g; |
127 |
return $hex; |
128 |
} |
129 |
|
130 |
sub Run { |
131 |
my ( $ch, $num ) = @_; |
132 |
my $th = IO::Socket::SSL->new( |
133 |
'PeerAddr' => $raddr, |
134 |
'PeerPort' => $rport, |
135 |
# 'SSL_use_cert' => '0', |
136 |
# 'SSL_verify_mode' => '0', |
137 |
|
138 |
'SSL_version' => 'SSLv3', # SSLv3, SSLv2, TLSv1 |
139 |
'SSL_cipher_list' => 'RC4-MD5', |
140 |
'Proto' => 'tcp' |
141 |
); |
142 |
if ( !$th ) { print "cannot connect $raddr:$rport th: $!"; exit 0; } |
143 |
else { print "connected to $raddr:$rport\n"; } |
144 |
my $fh; |
145 |
if ( -d $logdir ) { |
146 |
$fh = Symbol::gensym(); |
147 |
my $path = sprintf("%s/%15.5f", $logdir, Time::HiRes::time() ); |
148 |
open( $fh, '>', $path ) or die "$!"; |
149 |
} |
150 |
$ch->autoflush(); |
151 |
$th->autoflush(); |
152 |
my $httpheader = ""; |
153 |
my $httpbuf = ""; |
154 |
while ( $ch || $th ) { |
155 |
my $rin = ""; |
156 |
vec( $rin, fileno($ch), 1 ) = 1 if $ch; |
157 |
vec( $rin, fileno($th), 1 ) = 1 if $th; |
158 |
my ( $rout, $eout ); |
159 |
select( $rout = $rin, undef, $eout = $rin, 120 ); |
160 |
if ( !$rout && !$eout ) { } |
161 |
my $cbuffer = ""; |
162 |
my $tbuffer = ""; |
163 |
|
164 |
if ($ch |
165 |
&& ( vec( $eout, fileno($ch), 1 ) |
166 |
|| vec( $rout, fileno($ch), 1 ) ) |
167 |
) |
168 |
{ |
169 |
my $result = sysread( $ch, $tbuffer, $buffersize ); |
170 |
if ( !defined($result) ) { |
171 |
print STDERR "$!\n"; |
172 |
exit 0; |
173 |
} |
174 |
if ( $result == 0 ) { exit 0; } |
175 |
} |
176 |
if ($th |
177 |
&& ( vec( $eout, fileno($th), 1 ) |
178 |
|| vec( $rout, fileno($th), 1 ) ) |
179 |
) |
180 |
{ |
181 |
my $result = sysread( $th, $cbuffer, $buffersize ); |
182 |
if ( !defined($result) ) { print STDERR "$!\n"; exit 0; } |
183 |
if ( $result == 0 ) { exit 0; } |
184 |
} |
185 |
if ( $fh && $tbuffer ) { |
186 |
print $fh "\n# <<< client\n$tbuffer"; |
187 |
warn "C>S ", hexdump($tbuffer), "\n"; |
188 |
} |
189 |
while ( my $len = length($tbuffer) ) { |
190 |
my $res = syswrite( $th, $tbuffer, $len ); |
191 |
if ( $res > 0 ) { $tbuffer = substr( $tbuffer, $res ); } |
192 |
else { print STDERR "$!\n"; } |
193 |
} |
194 |
if ( $fh && $cbuffer ) { |
195 |
print $fh "\n# >>> server\n$cbuffer"; |
196 |
warn "S>C ", hexdump($cbuffer), "\n"; |
197 |
} |
198 |
while ( my $len = length($cbuffer) ) { |
199 |
my $res = syswrite( $ch, $cbuffer, $len ); |
200 |
if ( $res > 0 ) { $cbuffer = substr( $cbuffer, $res ); } |
201 |
else { print STDERR "$!\n"; } |
202 |
} |
203 |
} |
204 |
} |
205 |
|