sslsplit
sslsplit copied to clipboard
Transparent SSL/TLS interception
It appears that sslsplit by default strips all "Accept-Encoding" headers preventing content encoding features from working. This can create a problem for some misbehaving web servers and prevents SSLSplit from...
Would be great to have support for using sslsplit with an upstream HTTPS proxy (by using the CONNECT method).
Implement some flexible and configurable (or even scriptable) way to make modifications to requests and/or responses and possibly allow regex based inclusion/exclusion of certain requests by header matching (client fingerprinting).
Hi. I was wondering how easy it would be to add an option (or if there already is one that I'm missing) to allow for forwarding decrypted traffic rather than...
In order to troubleshoot an imap stream with an imap server that supports the COMPRESS DEFLATE options, it would be nice to have an imap proxyspec that can deal with...
SSLsplit currently only supports transparently intercepting connections. It would be useful to also support configuration as HTTP or SOCKS proxy (see #93). This however would require quite a rewrite of...
Local process information support is currently only available on Mac OS X. Support for other platforms should be added to `proc.c`.
Currently, SSLsplit does not validate the upstream server certificates and silently accepts hostname mismatches, untrusted roots, expired certificates, self-signed certificates etc. This is intended and appropriate for the intended use...
Now that we have the ability to write out all the generated certificates, we can use this to make a disk cache. I've thought up a few ways we could...
Add per-proxyspec options facility to control content mangling features such as OCSP denial, HTTP header removal, HTTP downgrade to 1.0, STARTTLS removal (#57) or similar features. Possibly also extend this...