droe
HTTPS failing because ClientHello cannot be parsed
[root@c240-wzp2322007 ~]# curl -v -x -x 172.29.148.11:10025 --key /root/ca.key -cert --tlsv1.2 /root/ca.crt https://172.22.254.126
- About to connect() to proxy 172.29.148.11 port 8443 (#0)
- Trying 172.29.148.11...
- Connected to 172.29.148.11 (172.29.148.11) port 8443 (#0)
- Establish HTTP proxy tunnel to 172.22.254.126:443
CONNECT 172.22.254.126:443 HTTP/1.1 Host: 172.22.254.126:443 User-Agent: curl/7.29.0 Proxy-Connection: Keep-Alive
- Recv failure: Connection reset by peer
- Received HTTP code 0 from proxy after CONNECT
- Connection #0 to host 172.29.148.11 left intact curl: (56) Recv failure: Connection reset by peer
sslsplit -D -l connections.log -j /tmp/sslsplit/ -S /tmp/sslsplit/ -P -k /home/mimathew/MyClient1.key -c /home/mimathew/MyClient1.pem autossl 172.29.148.11 10025 https 172.29.148.11 8443 173.36.240.184 443 http 172.29.148.11 8080 173.36.240.184 80
TCP disconnected to [172.29.148.11]:10025
TCP disconnected from [172.29.148.11]:40139
Checking for a client hello
parsing buffer of sz 120
candidate at offset 0
: 43 : 4f : 4e : 4e
TCP disconnected to [172.29.148.11]:10025
TCP disconnected from [172.29.148.11]:40137
: 45 : 43 : 54 : 20
TCP disconnected to [172.29.148.11]:10025
: 31 : 37 : 32 : 2e
TCP disconnected to [172.29.148.11]:10025
TCP disconnected from [172.29.148.11]:40133
: 32 : 32 : 2e : 32 : 35
TCP disconnected to [172.29.148.11]:10025
TCP disconnected from [172.29.148.11]:40131
: 34
TCP disconnected from [172.29.148.11]:40135
: 2e : 31 : 32 : 36 : 3a : 34 : 34 : 33 : 20 : 48 : 54 : 54 : 50 : 2f : 31 : 2e
TCP disconnected to [172.29.148.11]:10025
TCP disconnected to [172.29.148.11]:10025
: 31 : 0d : 0a
TCP disconnected from [172.29.148.11]:40129
TCP disconnected to [172.29.148.11]:10025
TCP disconnected from [172.29.148.11]:40125
: 48 : 6f
TCP disconnected from [172.29.148.11]:40127
: 73 : 74 : 3a : 20 : 31 : 37 : 32 : 2e : 32 : 32 : 2e : 32 : 35 : 34 : 2e : 31 : 32 : 36 : 3a : 34 : 34 : 33 : 0d : 0a : 55 : 73 : 65 : 72 : 2d : 41 : 67 : 65 : 6e : 74 : 3a : 20 : 63 : 75 : 72 : 6c : 2f : 37 : 2e : 32 : 39 : 2e : 30 : 0d : 0a : 50 : 72 : 6f : 78 : 79 : 2d : 43 : 6f : 6e : 6e : 65 : 63 : 74 : 69 : 6f : 6e : 3a : 20 : 4b : 65 : 65 : 70 : 2d : 41 : 6c : 69 : 76 : 65 : 0d : 0a : 0d : 0a ===> No match: rv 1, *clienthello NULL
Peek found no ClientHello
Received privsep req type 00 sz 1 on srvsock 15
Received privsep req type 00 sz 1 on srvsock 13
Child pid 175217 exited with status 0
Sslsplit fails to find ClientHello. This goes on in a loop and SSLSplit finally exits.
When I give a fwdaddr, then the issue of packet looping goes away. How can this work for SSL requests coming for multiple unknown destination servers? Perhaps, I am configuring something wrong.
I see that you have a proxyspec like autossl 172.29.148.11 10025 in your sslsplit command line, but then you also use the same IP:port pair 172.29.148.11:10025 as the proxy in your curl command line. That's not how you are supposed to redirect traffic to sslsplit. You should redirect traffic using a packet filtering rule, such as the following on OpenBSD/pf:
pass in log quick on $int_if proto tcp from $int_net to !$int_if port submission divert-to lo port 8466
Note that the above rule does not redirect the traffic destined to $int_if. But in your setup you do redirect it, and in fact, that's why you get an infinite redirection, I think. I have never used autossl with http/s, and the above pf rule is for smtp, but they should be similar. You can find sample packet filter rules on the sslsplit man page.
