Commit aa862f3a authored by Raphaël Hertzog's avatar Raphaël Hertzog

Import Upstream version 0.8

parent 1800f08e
sslsniff 0.7
------------
* Fixed networking shuttling bugs (thanks Daniel Roethlisberger)
* Added basic interoperability for BSD pf (thanks Daniel Roethlisberger)
sslsniff 0.6
------------
* Added support for null prefix attack vulnerability.
......
......@@ -57,7 +57,8 @@ bool FingerprintManager::isValidTarget(ip::address &address) {
std::vector<std::string>::iterator iter = validAgents.begin();
while (iter != validAgents.end()) {
if (*iter == "ff" && (userAgent->find("Firefox") != std::string::npos) && (userAgent->find("Firefox/3.5") == std::string::npos)) return true;
if (*iter == "ff" && (userAgent->find("Firefox") != std::string::npos)) return true;
else if (*iter == "ios" && (userAgent->find("iPhone") != std::string::npos)) return true;
else if (*iter == "ie" && (userAgent->find("MSIE") != std::string::npos)) return true;
else if (*iter == "safari" && (userAgent->find("Safari") != std::string::npos)) return true;
else if (*iter == "opera" && (userAgent->find("Opera") != std::string::npos)) return true;
......
......@@ -36,7 +36,8 @@ bin_PROGRAMS = sslsniff$(EXEEXT)
subdir = .
DIST_COMMON = README $(am__configure_deps) $(srcdir)/Makefile.am \
$(srcdir)/Makefile.in $(top_srcdir)/configure AUTHORS COPYING \
ChangeLog INSTALL NEWS depcomp install-sh missing
ChangeLog INSTALL NEWS config.guess config.sub depcomp \
install-sh ltmain.sh missing
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
......
sslsniff v0.7
sslsniff v0.8
Moxie Marlinspike <moxie@thoughtcrime.org>
------------------------------------
......@@ -7,14 +7,14 @@ REQUIRES: openssl, libboost1.35-dev, libboost-filesystem1.35-dev,
The three steps to get this running are:
* Download and run sslsniff-0.6.tar.gz
* Download and run sslsniff-0.8.tar.gz
* Setup iptables (or pf on BSD)
* Run arpspoof (or whatever method you'd like to use to redirect traffic).
Installing sslsniff
-------------------
* Unpack sslsniff-0.6.tar.gz, run "./configure" and "make". (You'll have
* Unpack sslsniff-0.8.tar.gz, run "./configure" and "make". (You'll have
to make some changes to build on BSD systems, see below under "Setting up
pf")
* There are two ways to run this: in "authority" mode or "targeted" mode.
......@@ -32,7 +32,7 @@ Installing sslsniff
instead of a CA cert.
You would run sslsniff as:
./sslsniff -a -p <$listenPort> -w <$logFile> -c <$caCert>
./sslsniff -a -s <$listenPort> -w <$logFile> -c <$caCert>
Targeted Mode:
......@@ -47,7 +47,7 @@ Installing sslsniff
wildcard cert remains)
You would run sslsniff as:
./sslsniff -t -p <$listenPort> -w <$logFile> -m IPSCACLASEA1.crt \
./sslsniff -t -s <$listenPort> -w <$logFile> -m IPSCACLASEA1.crt \
-c <$certDir>
Other options:
......@@ -134,7 +134,3 @@ sslsniff then either sends a forged certificate if available
(targeted certificate mode), or it dynamically forges a certificate and signs
it with your authoritative certificate (authority mode).
Thanks
-----------------
Jake Appelbaum for suggestions with this README.
\ No newline at end of file
......@@ -26,7 +26,7 @@ X509* SSLBridge::getServerCertificate() {
return SSL_get_peer_certificate(serverSession);
}
void SSLBridge::buildClientContext(SSL_CTX *context, Certificate *leaf, Certificate *chain) {
void SSLBridge::buildClientContext(SSL_CTX *context, Certificate *leaf, std::list<Certificate*> *chain) {
SSL_CTX_sess_set_new_cb(context, &SessionCache::setNewSessionIdTramp);
SSL_CTX_sess_set_get_cb(context, &SessionCache::getSessionIdTramp);
......@@ -39,8 +39,15 @@ void SSLBridge::buildClientContext(SSL_CTX *context, Certificate *leaf, Certific
throw SSLConnectionError();
}
if (chain != NULL)
SSL_CTX_add_extra_chain_cert(context, chain->getCert());
std::list<Certificate*>::iterator i = chain->begin();
std::list<Certificate*>::iterator end = chain->end();
for (;i != end; i++) {
SSL_CTX_add_extra_chain_cert(context, (*i)->getCert());
}
// if (chain != NULL)
// SSL_CTX_add_extra_chain_cert(context, chain->getCert());
SSL_CTX_set_mode(context, SSL_MODE_AUTO_RETRY);
}
......@@ -64,7 +71,9 @@ void SSLBridge::setServerName() {
}
void SSLBridge::handshakeWithClient(CertificateManager &manager, bool wildcardOK) {
Certificate *leaf, *chain;
Certificate *leaf;
std::list<Certificate*> *chain;
ip::tcp::endpoint endpoint = getRemoteEndpoint();
manager.getCertificateForTarget(endpoint, wildcardOK, getServerCertificate(), &leaf, &chain);
......
......@@ -34,6 +34,7 @@
#include <sys/types.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <list>
#include <map>
#include "util/Util.hpp"
......@@ -71,7 +72,7 @@ private:
SessionCache *cache;
X509* getServerCertificate();
void buildClientContext(SSL_CTX *context, Certificate *leaf, Certificate *chain);
void buildClientContext(SSL_CTX *context, Certificate *leaf, std::list<Certificate*> *chain);
int isAvailable(int revents);
int isClosed(int revents);
int forwardData(SSL *from, SSL *to);
......
......@@ -20,9 +20,18 @@
#include "AuthorityCertificateManager.hpp"
AuthorityCertificateManager::AuthorityCertificateManager(std::string &file) {
AuthorityCertificateManager::AuthorityCertificateManager(std::string &file, std::string &chain) {
path certPath(file);
path chainPath(chain);
this->authority = readCredentialsFromFile(certPath, false);
chainList.push_back(this->authority);
if (!chain.empty()) {
Certificate *chain = readCredentialsFromFile(chainPath, false);
chainList.push_back(chain);
}
this->leafPair = buildKeysForClient();
}
......@@ -41,7 +50,7 @@ void AuthorityCertificateManager::getCertificateForTarget(boost::asio::ip::tcp::
bool wildcardOK,
X509 *serverCertificate,
Certificate **cert,
Certificate **chain)
std::list<Certificate*> **chainList)
{
X509_NAME *serverName = X509_get_subject_name(serverCertificate);
X509_NAME *issuerName = X509_get_subject_name(authority->getCert());
......@@ -63,7 +72,8 @@ void AuthorityCertificateManager::getCertificateForTarget(boost::asio::ip::tcp::
leaf->setKey(this->leafPair);
*cert = leaf;
*chain = this->authority;
*chainList = &(this->chainList);
// *chain = this->authority;
}
unsigned int AuthorityCertificateManager::generateRandomSerial() {
......
......@@ -37,19 +37,20 @@ class AuthorityCertificateManager : public CertificateManager {
private:
Certificate *authority;
std::list<Certificate*> chainList;
EVP_PKEY *leafPair;
EVP_PKEY* buildKeysForClient();
unsigned int generateRandomSerial();
public:
AuthorityCertificateManager(std::string &file);
AuthorityCertificateManager(std::string &file, std::string &chain);
virtual bool isOCSPAddress(boost::asio::ip::tcp::endpoint &endpoint);
virtual void getCertificateForTarget(boost::asio::ip::tcp::endpoint &endpoint,
bool wildcardOK,
X509 *serverCertificate,
Certificate **cert, Certificate **chain);
Certificate **cert, std::list<Certificate*> **chain);
virtual bool isValidTarget(boost::asio::ip::tcp::endpoint &endpoint, bool wildcardOK);
......
......@@ -28,6 +28,7 @@
#include <openssl/rand.h>
#include <string>
#include <list>
#include <boost/filesystem.hpp>
#include <boost/asio.hpp>
......@@ -43,7 +44,7 @@ public:
virtual void getCertificateForTarget(boost::asio::ip::tcp::endpoint &endpoint,
bool wildcardOK,
X509 *serverCertificate, Certificate **cert,
Certificate **chain) = 0;
std::list<Certificate*> **chainCerts) = 0;
protected:
Certificate* readCredentialsFromFile(const path &file, bool resolve);
......
......@@ -39,8 +39,11 @@ TargetedCertificateManager::TargetedCertificateManager(std::string &directory,
path chainPath(chain);
if (!exists(certDir)) throw NoCertificateDirectoryException();
if (chain.empty()) this->chain = NULL;
else this->chain = readCredentialsFromFile(chainPath, false);
if (!chain.empty()) {
Certificate *chain = readCredentialsFromFile(chainPath, false);
chainList.push_back(chain);
}
directory_iterator end_itr;
......@@ -89,10 +92,11 @@ void TargetedCertificateManager::getCertificateForTarget(boost::asio::ip::tcp::e
bool wildcardOK,
X509 *serverCertificate,
Certificate **cert,
Certificate **chain)
std::list<Certificate*> **chainList)
{
boost::asio::ip::address address = endpoint.address();
*chain = this->chain;
*chainList = &(this->chainList);
// *chain = this->chain;
std::list<Certificate*>::iterator i = certificates.begin();
std::list<Certificate*>::iterator end = certificates.end();
......
......@@ -39,7 +39,8 @@ using namespace boost::filesystem;
class TargetedCertificateManager : public CertificateManager {
private:
Certificate *chain;
// Certificate *chain;
std::list<Certificate*> chainList;
std::list<Certificate*> certificates;
public:
......@@ -54,7 +55,7 @@ public:
bool wildcardOK,
X509 *serverCertificate,
Certificate **cert,
Certificate **chain);
std::list<Certificate*> **chainCerts);
};
......
This diff is collapsed.
This diff is collapsed.
......@@ -2498,7 +2498,7 @@ fi
# Define the identity of the package.
PACKAGE=sslsniff
VERSION=0.7
VERSION=0.8
cat >>confdefs.h <<_ACEOF
......
AC_INIT(sslsniff.cpp)
AM_INIT_AUTOMAKE(sslsniff,0.7)
AM_INIT_AUTOMAKE(sslsniff,0.8)
AC_PROG_CC
AC_PROG_CXX
AC_PROG_INSTALL
......
This diff is collapsed.
......@@ -47,7 +47,7 @@ static void printUsage(char *command) {
"-u <updateLocation>\tLoction of any Firefox XML update files.\n"
"-m <certificateChain>\tLocation of any intermediary certificates.\n"
"-h <port>\t\tPort to listen on for HTTP interception (required for\n\t\t\tfingerprinting).\n"
"-f <ff,ie,safari,opera>\tOnly intercept requests from the specified browser(s).\n"
"-f <ff,ie,safari,opera,ios>\tOnly intercept requests from the specified browser(s).\n"
"-d\t\t\tDeny OCSP requests for our certificates.\n"
"-p\t\t\tOnly log HTTP POSTs\n"
"-e <url>\t\tIntercept Mozilla Addon Updates\n"
......@@ -63,8 +63,6 @@ static bool isOptionsValid(Options &options) {
!options.fingerprintList.empty()) return false; // Fingerprinting but no http port.
else if (options.httpListenPort != -1 &&
options.fingerprintList.empty()) return false; // Http port but no fingerprinting.
else if (!options.targetedMode &&
!options.chainLocation.empty()) return false; // CA mode with a chain cert.
else if (!options.addonLocation.empty() &&
options.addonHash.empty()) return false;
else return true;
......@@ -116,7 +114,8 @@ static void initializeLogging(Options &options) {
static CertificateManager* initializeCertificateManager(Options &options) {
if (options.targetedMode) return new TargetedCertificateManager(options.certificateLocation,
options.chainLocation);
else return new AuthorityCertificateManager(options.certificateLocation);
else return new AuthorityCertificateManager(options.certificateLocation,
options.chainLocation);
}
int main(int argc, char* argv[]) {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment