sslsplit
sslsplit copied to clipboard
Transparent SSL/TLS interception
If possible, it would be useful for sslsplit to (optionally?) add a HTTP header to indicate the originating client. The method I am familiar with: X-Forwarded-For However, it appears that...
Current libnet/libpcap ARP lookup in packet mirroring mode works well enough and is portable, but it would be beneficial to eventually improve on it in two ways: - Support IPv6...
Refactor the grown mess that is the current log subsystem into a driver model, where code is structured in separate drivers plus a central management part that is decoupled from...
Measure the performance lost due to the current pthread mutex protected queues and decide whether the complexity of implementing a lockless queue as cross-platform as possible is worth it.
Refactor the NAT engine subsystem into a driver model, where client code does not need to juggle multiple callbacks and where there is a cleaner separation of specific NAT engine...
For autossl, detect if the underlying protocol is HTTP and handle as http/https instead of tcp/ssl. A minimal solution could be an autohttps proxyspec that switches to http instead of...
HTTP mode header manipulation, such as stripping headers potentially problematic for MitM attacks, is currently hardcoded within the `http`/`https` modes. Make each optional header manipulation configurable on both the command...
Dependencies: - #40 proxy core refactoring - #210 Actively manage number of open file descriptors - #215 PCAP logging Tasks: - [ ] Implement minimal subset of HTTP/2 protocol needed...
Look into ways of MitM-ing SNI encryption. Might need changes to proxy state machine or might be impossible to do with the OpenSSL API. Needs significant research. Depends on #220...
Dependencies: - #218 HTTP/2 (minimal) Tasks: - [ ] Implement demuxing streams it into separate request/response streams and calling the same HTTP callbacks as the HTTP/1.x protocol driver for logging...