Daniel Roethlisberger
Daniel Roethlisberger
Dependencies: - #216 WebSockets (minimal) Tasks: - [ ] Parse binary framing protocol resulting in decoded WebSockets messages - [ ] Handle associated buffering challenges - [ ] Introduce a...
Add an optional feature to allow SSLsplit to strip the STARTTLS flag in EHLO responses. For a start, connection type `smtp` and command line flag controlling STARTTLS stripping; later SSLsplit...
Use the NPN hooks available with OpenSSL 1.0.1 to at least print what protocols the client has requested.
SSLsplit should cease supporting legacy ciphers by default, e.g. export ciphers. This also includes weak temporary RSA and DH keys and default generated RSA leaf key size. It should be...
The debug log is currently very chaotic. To add a connection identifier to all log entries pertaining to the same connection will add to correlate log entries to the respective...
The cipher suites requested by the client should be used in the connection towards the server, as long as they can be handled by sslsplit and the version of OpenSSL...
Implement some flexible and configurable (or even scriptable) way to make modifications to requests and/or responses and possibly allow regex based inclusion/exclusion of certain requests by header matching (client fingerprinting).
SSLsplit currently only supports transparently intercepting connections. It would be useful to also support configuration as HTTP or SOCKS proxy (see #93). This however would require quite a rewrite of...
Local process information support is currently only available on Mac OS X. Support for other platforms should be added to `proc.c`.
Currently, SSLsplit does not validate the upstream server certificates and silently accepts hostname mismatches, untrusted roots, expired certificates, self-signed certificates etc. This is intended and appropriate for the intended use...