sslsplit
sslsplit copied to clipboard
Transparent SSL/TLS interception
Add ability to handle connections proxied over HTTP CONNECT. Depending on the URI scheme, handle them like http://, https://, ws:// or wss://. Depends on #40 and #216.
Dependencies: - #216 WebSockets (minimal) Tasks: - [ ] Parse binary framing protocol resulting in decoded WebSockets messages - [ ] Handle associated buffering challenges - [ ] Introduce a...
Add an optional feature to allow SSLsplit to strip the STARTTLS flag in EHLO responses. For a start, connection type `smtp` and command line flag controlling STARTTLS stripping; later SSLsplit...
Use the NPN hooks available with OpenSSL 1.0.1 to at least print what protocols the client has requested.
Provide support for ALPN extensions (HTTP/2)
SSLsplit should cease supporting legacy ciphers by default, e.g. export ciphers. This also includes weak temporary RSA and DH keys and default generated RSA leaf key size. It should be...
The debug log is currently very chaotic. To add a connection identifier to all log entries pertaining to the same connection will add to correlate log entries to the respective...
The cipher suites requested by the client should be used in the connection towards the server, as long as they can be handled by sslsplit and the version of OpenSSL...
Hello. Thank you for this product. Are there any plans to support url filtering? Maybe just integration with [ufdbGuard](https://www.urlfilterdb.com/products/ufdbguard.html) or similar software. This would be great. Best regards, Pavel.
I would like to add full support for response buffering and manipulation. My needs are to fully *buffer* particular responses dependent on findings in headers (for example: Content-Type) and possibly...