tlspretense 0.6.1

data/lib/tlspretense/version.rb

@@ -0,0 +1,3 @@
+module TLSPretense
+  VERSION = '0.6.1'
+end

data/packetthief_examples/em_ssl_test.rb

@@ -0,0 +1,73 @@
+#!/usr/bin/env ruby
+
+$: << 'lib'
+
+require 'rubygems'
+require 'eventmachine'
+require 'packetthief' # needs root
+
+
+# Note that this does not forward the encrypted traffic at all, so it isn't a
+# full proxy. It just demonstrates that we can terminate the SSL connection
+# that we have redirected.
+#
+# Also, you will need to supply your own certificate chain and private key file.
+#
+# A single connection:
+#     Connected
+#     starting TLS
+#     Connection closed
+#
+# A second connection, where the client accepts the certificate:
+#     Connected
+#     starting TLS
+#     SSL handshake completed
+#     Received data
+module SSLTester
+  def initialize(chainfile, keyfile)
+    puts "Connected"
+    @chainfile = chainfile
+    @keyfile = keyfile
+  end
+
+  def connection_completed
+    puts "Connection completed."
+  end
+
+  def post_init
+    puts "starting TLS"
+    start_tls(:private_key_file => @keyfile, :cert_chain_file => @chainfile, :verify_peer => false)
+  end
+
+  def ssl_handshake_completed
+    puts "SSL handshake completed"
+  end
+
+  def receive_data(data)
+    puts "Received data"
+  end
+
+  def unbind
+    puts "Connection closed"
+  end
+end
+
+
+PacketThief.redirect(:to_ports => 54321).where(:protocol => :tcp, :dest_port => 443).run
+EM.run {
+  EM.start_server('', 54321, SSLTester, 'chain.pem', 'key.pem')
+
+  Signal.trap("TERM") do
+    puts "Received SIGTERM"
+    PacketThief.revert
+    exit
+  end
+
+  Signal.trap("INT") do
+    puts "Received SIGINT"
+    PacketThief.revert
+    exit
+  end
+
+}
+PacketThief.revert

data/packetthief_examples/redirector.rb

@@ -0,0 +1,29 @@
+#!/usr/bin/env ruby
+
+$: << 'lib'
+
+require 'rubygems'
+require 'eventmachine'
+require 'packetthief' # needs root
+
+PacketThief.redirect(:to_ports => 54321).where(:protocol => :tcp, :dest_port => 80, :in_interface => 'en1').run
+
+at_exit { puts "Exiting"; PacketThief.revert }
+
+Signal.trap("TERM") do
+  puts "Received SIGTERM"
+  exit
+end
+
+Signal.trap("INT") do
+  puts "Received SIGINT"
+  exit
+end
+
+
+EM.run do
+
+  EM.start_server('', 54321, PacketThief::Handlers::ProxyRedirector, 'localhost', 8080)
+
+end
+PacketThief.revert

data/packetthief_examples/setup_iptables.sh

@@ -0,0 +1,24 @@
+#!/bin/sh
+# Sample script for setting up iptables/netfilter for use with PacketThief. It
+# creates a NAT on the external interface, and it manually configures the
+# internal interface. A more advanced setup with a DHCP server could make it
+# easier by auto-configuring clients.
+external=eth0
+internal=eth1
+
+iptables --flush
+iptables --table nat --flush
+iptables --delete-chain
+iptables --table nat --delete-chain
+
+
+echo "Manually setup the internal network's nic"
+ifconfig $internal 192.168.0.1 netmask 255.255.255.0 
+
+echo "enabling packet forwarding"
+echo 1 > /proc/sys/net/ipv4/ip_forward
+
+echo "applying basic iptables rules for NATing"
+iptables -t nat -A POSTROUTING -o $external -j MASQUERADE
+
+echo "Done! PacketThief will create and destroy the rules for redirecting traffic."

data/packetthief_examples/ssl_client_simple.rb

@@ -0,0 +1,27 @@
+#!/usr/bin/env ruby
+# This example just shows how to call the SSLServer class with PacketThief. All
+# it does is receive data -- it does not attempt to send data on.
+#
+# TODO: Make the dest configurable
+# TODO: Pull input form stdin
+
+$: << 'lib'
+
+require 'rubygems'
+require 'eventmachine'
+require 'packetthief' # needs root
+
+
+EM.run do
+
+  PacketThief::Handlers::SSLClient.connect('www.isecpartners.com', 443) do |h|
+    h.ctx.verify_mode = OpenSSL::SSL::VERIFY_NONE
+#    h.ctx.ssl_version = :TLSv1_client
+
+    def h.tls_successful_handshake
+      puts @sslsocket.peer_cert_chain.inspect
+      close_connection
+    end
+  end
+
+end

data/packetthief_examples/ssl_server_simple.rb

@@ -0,0 +1,44 @@
+#!/usr/bin/env ruby
+# This example just shows how to call the SSLServer class with PacketThief. All
+# it does is receive data -- it does not attempt to send data on.
+
+$: << 'lib'
+
+require 'rubygems'
+require 'eventmachine'
+require 'packetthief' # needs root
+
+if ARGV.length != 2
+  puts "script chain.pem key.pem"
+  exit 1
+end
+
+chain = PacketThief::Util.cert_chain(File.read(ARGV[0]))
+puts "Certificate chain:"
+p chain
+cert = chain.shift
+key = OpenSSL::PKey.read(File.read(ARGV[1]))
+
+PacketThief.redirect(:to_ports => 54321).where(:protocol => :tcp, :dest_port => 443, :in_interface => 'en1').run
+at_exit { puts "Exiting"; PacketThief.revert }
+Signal.trap("TERM") do
+  puts "Received SIGTERM"
+  exit
+end
+Signal.trap("INT") do
+  puts "Received SIGINT"
+  exit
+end
+
+EM.run do
+
+  PacketThief::Handlers::SSLServer.start('', 54321) do |h|
+    puts "extra block"
+    h.ctx.cert = cert
+    h.ctx.extra_chain_cert = chain
+    h.ctx.key = key
+  end
+
+
+end
+PacketThief.revert

data/packetthief_examples/ssl_smart_proxy.rb

@@ -0,0 +1,115 @@
+#!/usr/bin/env ruby
+
+$: << 'lib'
+
+require 'rubygems'
+require 'eventmachine'
+require 'packetthief' # needs root
+
+class VerboseProxy < PacketThief::Handlers::SSLSmartProxy
+
+  def client_desc
+    "Client #{client_host}:#{client_port}->#{dest_host}:#{dest_port} (#{dest_hostname})"
+  end
+
+  def dest_desc
+    "Dest #{dest_host}:#{dest_port}(#{dest_hostname})->#{client_host}:#{client_port}"
+  end
+
+  def servername_cb(sslsock, hostname)
+    puts "#{client_desc} request hostname: #{hostname}"
+    super(sslsock, hostname)
+  end
+
+  def client_connected
+    puts "#{client_desc} connected and TLS handshake succeeded"
+    super
+  end
+
+  def client_handshake_failed(e)
+    puts "TLS handshake from #{client_desc} failed: #{e}"
+  end
+
+  def client_recv(data)
+    puts "#{client_desc} says (#{data.length}): #{data.inspect}"
+#    @seenclientdata ||= false
+#    unless @seenclientdata
+#      puts "#{client_desc} says (#{data.length}): #{data.split("\r\n\r\n",2)[0]}"
+#      puts ""
+#      @seenclientdata = true
+#    else
+#      puts "#{client_desc} says (#{data.length}): #{data[0,20].inspect}"
+#    end
+    super(data)
+  end
+
+  def client_closed
+    puts "#{client_desc} closed"
+  end
+
+  def dest_connected
+    puts "#{dest_desc} connected"
+    puts "Remote certificates: #{dest_cert_chain.inspect}"
+  end
+
+  def dest_handshake_failed(e)
+    puts "TLS handshake to #{dest_desc} handshake failed: #{e}"
+  end
+
+  def dest_recv(data)
+    puts "#{dest_desc} says (#{data.length}): #{data.inspect}"
+#    @seendestdata ||= false
+#    unless @seendestdata
+#      puts "#{dest_desc} says (#{data.length}): #{data.split("\r\n\r\n",2)[0]}"
+#      puts ""
+#      @seendestdata = true
+#    else
+#      puts "#{dest_desc} says (#{data.length}): #{data[0,20].inspect}"
+#    end
+    super(data)
+  end
+
+  def dest_closed
+    puts "#{dest_desc} closed"
+  end
+
+end
+
+if ARGV.length != 2
+  puts "script cacert.pem key.pem"
+  exit 1
+end
+cacert = OpenSSL::X509::Certificate.new(File.read(ARGV[0]))
+key = OpenSSL::PKey.read(File.read(ARGV[1]))
+
+
+PacketThief.redirect(:to_ports => 54321).where(:protocol => :tcp, :dest_port => 443, :in_interface => 'en1').run
+#PacketThief.redirect(:to_ports => 54321).where(:protocol => :tcp, :dest_port => 443, :in_interface => 'vmnet1').run
+#PacketThief.redirect(:to_ports => 54321).where(:protocol => :tcp, :dest_port => 443, :in_interface => 'vmnet8').run
+#PacketThief.redirect(:to_ports => 54322).where(:protocol => :tcp, :dest_port => 80, :in_interface => 'en1').run
+
+at_exit { puts "Exiting"; PacketThief.revert }
+
+Signal.trap("TERM") do
+  puts "Received SIGTERM"
+  exit
+end
+
+Signal.trap("INT") do
+  puts "Received SIGINT"
+  exit
+end
+
+EM.run do
+
+  VerboseProxy.start('', 54321, cacert, key) do |h|
+#    h.ctx.ssl_version = :TLSv1_server
+  end
+  EM.start_server('', 54322, PacketThief::Handlers::TransparentProxy) do |h|
+    def h.client_recv(data)
+      puts "HTTP: #{data}"
+    end
+  end
+
+end
+PacketThief.revert

data/packetthief_examples/ssl_transparent_proxy.rb

@@ -0,0 +1,97 @@
+#!/usr/bin/env ruby
+
+$: << 'lib'
+
+require 'rubygems'
+require 'eventmachine'
+require 'packetthief' # needs root
+
+class VerboseProxy < PacketThief::Handlers::SSLTransparentProxy
+
+  def client_desc
+    "Client #{client_host}:#{client_port}->#{dest_host}:#{dest_port} (#{dest_hostname})"
+  end
+
+  def dest_desc
+    "Dest #{dest_host}:#{dest_port}(#{dest_hostname})->#{client_host}:#{client_port}"
+  end
+
+  def servername_cb(sslsock, hostname)
+    puts "#{client_desc} request hostname: #{hostname}"
+    super(sslsock, hostname)
+  end
+
+  def client_connected
+    puts "#{client_desc} connected and TLS handshake succeeded"
+    super
+  end
+
+  def client_handshake_failed(e)
+    puts "TLS handshake from #{client_desc} failed: #{e}"
+  end
+
+  def client_recv(data)
+    puts "#{client_desc} says: #{data[0,20].inspect}"
+    super(data)
+  end
+
+  def client_closed
+    puts "#{client_desc} closing"
+  end
+
+  def dest_connected
+    puts "#{dest_desc} connected"
+    puts "Remote certificates: #{dest_cert_chain.inspect}"
+  end
+
+  def dest_handshake_failed(e)
+    puts "TLS handshake to #{dest_desc} handshake failed: #{e}"
+  end
+
+  def dest_recv(data)
+    puts "#{dest_desc} says: #{data[0,20].inspect}"
+    super(data)
+  end
+
+  def dest_closed
+    puts "#{dest_desc} closing"
+  end
+
+end
+
+
+if ARGV.length != 2
+  puts "script chain.pem key.pem"
+  exit 1
+end
+
+chain = PacketThief::Util.cert_chain(File.read(ARGV[0]))
+puts "Certificate chain:"
+p chain
+cert = chain.shift
+key = OpenSSL::PKey.read(File.read(ARGV[1]))
+
+
+#PacketThief.redirect(:to_ports => 54321).where(:protocol => :tcp, :dest_port => 80, :in_interface => 'en1').run
+PacketThief.redirect(:to_ports => 54321).where(:protocol => :tcp, :dest_port => 443, :in_interface => 'en1').run
+at_exit { puts "Exiting"; PacketThief.revert }
+Signal.trap("TERM") do
+  puts "Received SIGTERM"
+  exit
+end
+Signal.trap("INT") do
+  puts "Received SIGINT"
+  exit
+end
+
+EM.run do
+
+  VerboseProxy.start('', 54321) do |h|
+    h.ctx.cert = cert
+    h.ctx.extra_chain_cert = chain
+    h.ctx.key = key
+#    h.ctx.ssl_version = :TLSv1_server
+  end
+
+end
+PacketThief.revert

data/packetthief_examples/transparent_proxy.rb

@@ -0,0 +1,56 @@
+#!/usr/bin/env ruby
+
+$: << 'lib'
+
+require 'rubygems'
+require 'eventmachine'
+require 'packetthief' # needs root
+
+PacketThief.redirect(:to_ports => 54321).where(:protocol => :tcp, :dest_port => 80, :in_interface => 'en1').run
+PacketThief.redirect(:to_ports => 54321).where(:protocol => :tcp, :dest_port => 443, :in_interface => 'en1').run
+
+at_exit { puts "Exiting"; PacketThief.revert }
+
+Signal.trap("TERM") do
+  puts "Received SIGTERM"
+  exit
+end
+
+Signal.trap("INT") do
+  puts "Received SIGINT"
+  exit
+end
+
+class VerboseProxy < PacketThief::Handlers::TransparentProxy
+
+  def client_connected
+    puts "Client #{client_host}:#{client_port}->#{dest_host}:#{dest_port} connected"
+    connect_to_dest
+  end
+
+  def client_recv(data)
+    puts "Client #{client_host}:#{client_port}->#{dest_host}:#{dest_port} says: #{data[0,20].inspect}"
+    send_to_dest data
+  end
+
+  def dest_recv(data)
+    puts "Dest #{client_host}:#{client_port}->#{dest_host}:#{dest_port} says: #{data[0,20].inspect}"
+    send_to_client data
+  end
+
+  def client_closed
+    puts "Client #{client_host}:#{client_port}->#{dest_host}:#{dest_port} closing"
+  end
+
+  def dest_closed
+    puts "Dest #{client_host}:#{client_port}->#{dest_host}:#{dest_port} closing"
+  end
+
+end
+
+EM.run do
+
+  EM.start_server('', 54321, VerboseProxy)
+
+end
+PacketThief.revert