| 1 |
#!/usr/bin/perl |
| 2 |
# SSL Man-In-The-Middle v0.1. Copyright (C) Vlatko Kosturjak, Kost |
| 3 |
# Distributed under GPL v2+. |
| 4 |
|
| 5 |
use strict; |
| 6 |
use POSIX; |
| 7 |
use IO::Socket::SSL; |
| 8 |
use Getopt::Long; |
| 9 |
|
| 10 |
my $localport; |
| 11 |
my $localaddr; |
| 12 |
my $help; |
| 13 |
my $host; |
| 14 |
my $port; |
| 15 |
my $daemon; |
| 16 |
my $buffersize = 2048; |
| 17 |
my $logtype; |
| 18 |
my $logdir; |
| 19 |
my $daemon; |
| 20 |
my $serverkey; |
| 21 |
my $servercert; |
| 22 |
my $serverdh; |
| 23 |
|
| 24 |
$| = 1; |
| 25 |
|
| 26 |
my $goresult = GetOptions( |
| 27 |
"lport=i" => \$localport, |
| 28 |
"laddr=s" => \$localaddr, |
| 29 |
"rport=i" => \$port, |
| 30 |
"raddr=s" => \$host, |
| 31 |
"logtype=i" => \$logtype, |
| 32 |
"logdir=s" => \$logdir, |
| 33 |
"daemon" => \$daemon, |
| 34 |
"serverkey=s" => \$serverkey, |
| 35 |
"servercert=s" => \$servercert, |
| 36 |
"serverdh=s" => \$serverdh, |
| 37 |
"help" => \$help |
| 38 |
); |
| 39 |
|
| 40 |
if ($help) { |
| 41 |
print <<"END"; |
| 42 |
SSL Man-In-The-Middle v0.1. Copyright (C) Vlatko Kosturjak, Kost |
| 43 |
Distributed under GPL v2+. |
| 44 |
|
| 45 |
Usage: $0 [OPTIONS] |
| 46 |
|
| 47 |
--lport <port> Listening port (default 80) |
| 48 |
--laddr <address> Listening address (default localhost) |
| 49 |
--rport <port> Remote port to connect to (default 8080) |
| 50 |
--raddr <address> Remote address to connect to (default localhost) |
| 51 |
--serverkey <file> Certificate key file for local SSL server |
| 52 |
--servercert <file> Certificate file for local SSL server |
| 53 |
--serverdh <file> Diffie-Helman file for key exchange |
| 54 |
--log <type> Type of log where 0 is no log (default 0) |
| 55 |
--logdir Directory to log to (default .) |
| 56 |
--daemon Daemonize (work in background) |
| 57 |
--help Display this help message |
| 58 |
END |
| 59 |
exit; |
| 60 |
} |
| 61 |
|
| 62 |
# set default values |
| 63 |
$localport = 8080 unless ($localport); |
| 64 |
$localaddr = "127.0.0.1" unless ($localaddr); |
| 65 |
$port = 80 unless ($port); |
| 66 |
$host = "127.0.0.1" unless ($host); |
| 67 |
$logdir = "." unless ($logdir); |
| 68 |
|
| 69 |
my %o = ( |
| 70 |
'dir' => $logdir, |
| 71 |
'port' => $localport, |
| 72 |
'toport' => $port, |
| 73 |
'tohost' => $host |
| 74 |
); |
| 75 |
|
| 76 |
if ($daemon) { |
| 77 |
my $pid = fork; |
| 78 |
exit if $pid; |
| 79 |
die "$!" unless defined($pid); |
| 80 |
POSIX::setsid() or die "$!"; |
| 81 |
} |
| 82 |
|
| 83 |
my $ah = IO::Socket::SSL->new( |
| 84 |
'LocalPort' => $localport, |
| 85 |
'LocalAddr' => $localaddr, |
| 86 |
'Reuse' => 1, |
| 87 |
'Proto' => 'tcp', |
| 88 |
'SSL_verify_mode' => '0', |
| 89 |
'SSLdhfile' => $serverdh, |
| 90 |
'SSL_cert_file' => $servercert, |
| 91 |
'SSL_key_file' => $serverkey, |
| 92 |
'Listen' => 10 |
| 93 |
) || die "$!"; |
| 94 |
|
| 95 |
$SIG{'CHLD'} = 'IGNORE'; |
| 96 |
my $num = 0; |
| 97 |
|
| 98 |
while (1) { |
| 99 |
my $ch = $ah->accept(); |
| 100 |
if ( !$ch ) { |
| 101 |
print STDERR "cannot accept: $! ", IO::Socket::SSL::errstr(), |
| 102 |
"\n"; |
| 103 |
next; |
| 104 |
} |
| 105 |
if ( !$ch ) { print STDERR "cannot accept: $!\n"; next; } |
| 106 |
++$num; |
| 107 |
my $pid = fork(); |
| 108 |
if ( !defined($pid) ) { print STDERR "cannot fork while(1) $!\n"; } |
| 109 |
elsif ( $pid == 0 ) { |
| 110 |
$ah->close( SSL_no_shutdown => 1 ); |
| 111 |
Run( \%o, $ch, $num ); |
| 112 |
} else { |
| 113 |
$ch->close( SSL_no_shutdown => 1 ); |
| 114 |
} |
| 115 |
} |
| 116 |
|
| 117 |
sub Run { |
| 118 |
my ( $o, $ch, $num ) = @_; |
| 119 |
my $th = IO::Socket::SSL->new( |
| 120 |
'PeerAddr' => $o->{'tohost'}, |
| 121 |
'PeerPort' => $o->{'toport'}, |
| 122 |
'SSL_use_cert' => '0', |
| 123 |
'SSL_verify_mode' => '0', |
| 124 |
|
| 125 |
# 'SSL_cipher_list' => 'NUL:LOW:EXP:ADH', |
| 126 |
'SSL_version' => 'SSLv3', # SSLv3, SSLv2, TLSv1 |
| 127 |
'Proto' => 'tcp' |
| 128 |
); |
| 129 |
if ( !$th ) { print "cannot connect th: $!"; exit 0; } |
| 130 |
else { print "connected!"; } |
| 131 |
my $fh; |
| 132 |
if ( $o->{'dir'} ) { |
| 133 |
$fh = Symbol::gensym(); |
| 134 |
open( $fh, ">$o->{'dir'}/tunnel$num.log" ) or die "$!"; |
| 135 |
} |
| 136 |
$ch->autoflush(); |
| 137 |
$th->autoflush(); |
| 138 |
my $httpheader = ""; |
| 139 |
my $httpbuf = ""; |
| 140 |
while ( $ch || $th ) { |
| 141 |
my $rin = ""; |
| 142 |
vec( $rin, fileno($ch), 1 ) = 1 if $ch; |
| 143 |
vec( $rin, fileno($th), 1 ) = 1 if $th; |
| 144 |
my ( $rout, $eout ); |
| 145 |
select( $rout = $rin, undef, $eout = $rin, 120 ); |
| 146 |
if ( !$rout && !$eout ) { } |
| 147 |
my $cbuffer = ""; |
| 148 |
my $tbuffer = ""; |
| 149 |
|
| 150 |
if ($ch |
| 151 |
&& ( vec( $eout, fileno($ch), 1 ) |
| 152 |
|| vec( $rout, fileno($ch), 1 ) ) |
| 153 |
) |
| 154 |
{ |
| 155 |
my $result = sysread( $ch, $tbuffer, $buffersize ); |
| 156 |
if ( !defined($result) ) { |
| 157 |
print STDERR "$!\n"; |
| 158 |
exit 0; |
| 159 |
} |
| 160 |
if ( $result == 0 ) { exit 0; } |
| 161 |
} |
| 162 |
if ($th |
| 163 |
&& ( vec( $eout, fileno($th), 1 ) |
| 164 |
|| vec( $rout, fileno($th), 1 ) ) |
| 165 |
) |
| 166 |
{ |
| 167 |
my $result = sysread( $th, $cbuffer, $buffersize ); |
| 168 |
if ( !defined($result) ) { print STDERR "$!\n"; exit 0; } |
| 169 |
if ( $result == 0 ) { exit 0; } |
| 170 |
} |
| 171 |
if ( $fh && $tbuffer ) { |
| 172 |
( print $fh "[c]" . $tbuffer . "[/c]" ); |
| 173 |
} |
| 174 |
while ( my $len = length($tbuffer) ) { |
| 175 |
my $res = syswrite( $th, $tbuffer, $len ); |
| 176 |
if ( $res > 0 ) { $tbuffer = substr( $tbuffer, $res ); } |
| 177 |
else { print STDERR "$!\n"; } |
| 178 |
} |
| 179 |
if ( $fh && $cbuffer ) { |
| 180 |
( print $fh "[s]" . $cbuffer . "[/s]" ); |
| 181 |
} |
| 182 |
while ( my $len = length($cbuffer) ) { |
| 183 |
my $res = syswrite( $ch, $cbuffer, $len ); |
| 184 |
if ( $res > 0 ) { $cbuffer = substr( $cbuffer, $res ); } |
| 185 |
else { print STDERR "$!\n"; } |
| 186 |
} |
| 187 |
} |
| 188 |
} |
| 189 |
|
Parent Directory
| 
Revision Log