Code Monkey home page Code Monkey logo

Comments (11)

sonertari avatar sonertari commented on June 12, 2024

Can you disable (comment out) the call to the function bufferevent_openssl_set_allow_dirty_shutdown() in pxy_conn_autossl_peek_and_upgrade() in the file pxyconn.c, and then recompile and try if it is going to crash still? That seems to be one of the main differences in autossl between 0.5.4 and 0.5.5.

Btw, I guess the command line you have provided is not the actual command line you have used, because it is missing the -c option. Otherwise, sslsplit would quit with an error like "no CA cert specified (-c)". And I am surprised that the version of OpenSSL on osx is so old.

from sslsplit.

faperea avatar faperea commented on June 12, 2024

Same problem here. I commented out the line and the problem persists!

from sslsplit.

faperea avatar faperea commented on June 12, 2024

I tried with "ssl" and it stops also:

Initialized 16 connection handling threads
Started 16 connection handling threads
Starting main event loop.
SNI peek: [n/a] [complete]
Child pid 12268 killed by signal 11

from sslsplit.

sonertari avatar sonertari commented on June 12, 2024

Can you try the underlying-bevs-issue#303 branch and report back please? It has a couple of fixes for autossl at least.

Otherwise, enabling the DEBUG_PROXY switch in GNUmakefile can probably give us more info.

from sslsplit.

faperea avatar faperea commented on June 12, 2024

Already tested the branch underlying-bevs-issue#303 and the failure continues. This is with "ssl":

Initialized 16 connection handling threads
Started 16 connection handling threads
Starting main event loop.
Garbage collecting caches started.
Garbage collecting caches done.
SNI peek: [n/a] [complete]
Child pid 2792 killed by signal 11

And this with "autossl":

Initialized 16 connection handling threads
Started 16 connection handling threads
Starting main event loop.
Connecting to [10.233.18.25]:12697
tcp 192.168.23.99 40975 10.233.18.25 12697
TCP connected to [10.233.18.25]:12697
TCP connected from [192.168.23.99]:40975
Checking for a client hello
Peek found ClientHello
Child pid 2851 killed by signal 11

from sslsplit.

faperea avatar faperea commented on June 12, 2024

This is with DEBUG_PROXY switch in GNUmakefile enabled. Let me know if you require more info:

Initialized 16 connection handling threads
Started 16 connection handling threads
Starting main event loop.
0x55ae931a0200             pxy_conn_ctx_new
            0x55ae931a0470 pxy_bufferevent_setup
Connecting to [10.233.18.25]:12697
0x55ae931a0200 0x55ae931a0470 eventcb dst connected
            0x7fa81c000cd0 pxy_bufferevent_setup
tcp 192.168.23.99 50021 10.233.18.25 12697
TCP connected to [10.233.18.25]:12697
TCP connected from [192.168.23.99]:50021
0x55ae931a0200 0x7fa81c000cd0 src readcb
Checking for a client hello
Peek found ClientHello
Child pid 4101 killed by signal 11

from sslsplit.

sonertari avatar sonertari commented on June 12, 2024

Unfortunately, those debug logs do not help either (I guess you have started sslsplit with the -D option, right?). The debug logs in sslsplit are not verbose.

So the other option are:

  • Use gdb: You can generate a dump file to use with gdb, and obtain a backtrace on the same system that sslsplit crashes. This is supposed to give us the exact location in the source code where the crash happens.
  • Try SSLproxy: SSLproxy supports the split mode of operation similar to sslsplit with the same proxyspec syntax, and provides very verbose debug logs, so if it crashes too we may get more info. Plus, if sslproxy does not crash, so we know it is really sslsplit. And other possibilities.
  • macOS: I should gain access to an osx test machine, reproduce those crashes, and try to fix myself (these crashes happen on an osx, right?). But this seems unlikely.

from sslsplit.

sonertari avatar sonertari commented on June 12, 2024

Btw, I don't know your xnu version, but another possibility is that this may be about the header files under xnu. Please see the xnu folder in the sources.

from sslsplit.

sonertari avatar sonertari commented on June 12, 2024

If this issue is on macOS Mojave 10.14.6 (which is the system the OP was using), can you please try the xnu-4903.270.47 branch? Since I don't have a macOS machine, this is a stab in the dark.

from sslsplit.

zentheripper avatar zentheripper commented on June 12, 2024

Hi,

1.) I have reproduced this issue on Kali Linux VM. When I use Ubuntu 20.04 VM and the exact same software and setup, sslsplit does not crash.

Scenario:
sslsplit listen on port 4042 for SSL connection and forward to 4041. When I start application which is configured to connect to 4042 sslsplit crashes - this only happens on Kali, on Ubuntu with exact same software it doesn't happen.

Command:
─# sslsplit -c CA-cert.pem -k CA-key.pem ssl 192.168.203.134 4042 192.168.203.132 4041 -X first_agent_connect_kali.pcap

I have attached output of sslsplit -V and neofetch for both VMs in Kali_System.txt and Ubuntu_System.txt

2.) I have tried to use ssl-proxy but it doesn't work for my scenario, and I also need to dump decrypted traffic to pcap file which ssl-proxy I think is not capable of

I have attached output of ssl-proxy and log of application used to connect to it in ssl-proxy.txt.
Connecting app log says "SSL certificate verification failed: unsupported certificate purpose" / SSL-PROXY says "TLS handshake error from 192.168.203.134:47962: local error: tls: bad record MAC"

3.) I've used gdb but when I issued bt - there was no backtrace. Although I was able to find a coredump and have used coredumpctl to dump it. Attached coredump sslsplit_coredump and also gdb output and coredumpctl output in gdb_coredump.txt

You will find all attachments in the .zip file
attachments.zip

Please tell me if any additional info is needed.

P.S. - I have updated and upgraded both VMs and rebooted before repeating test

from sslsplit.

zentheripper avatar zentheripper commented on June 12, 2024

Update:
I've cloned github repository for sslsplit and now it's working fine in Kali Linux
Output of sslsplit -V for the working scenario:

# /home/kali/Downloads/sslsplit/sslsplit -V
SSLsplit 0.5.5-12-ge17de84 (built 2022-07-22)
Copyright (c) 2009-2019, Daniel Roethlisberger <[email protected]>
https://www.roe.ch/SSLsplit
Build info: V:GIT
Features: -DHAVE_NETFILTER
NAT engines: netfilter* tproxy
netfilter: IP_TRANSPARENT IP6T_SO_ORIGINAL_DST
Local process info support: no
compiled against OpenSSL 3.0.3 3 May 2022 (30000030)
rtlinked against OpenSSL 3.0.3 3 May 2022 (30000030)
OpenSSL has support for TLS extensions
TLS Server Name Indication (SNI) supported
OpenSSL is thread-safe with THREADID
OpenSSL has engine support
Using SSL_MODE_RELEASE_BUFFERS
SSL/TLS protocol availability: tls10 tls11 tls12 
SSL/TLS algorithm availability: !SHA0 RSA DSA ECDSA DH ECDH EC
OpenSSL option availability: SSL_OP_NO_COMPRESSION SSL_OP_NO_TICKET SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION SSL_OP_TLS_ROLLBACK_BUG
compiled against libevent 2.1.12-stable
rtlinked against libevent 2.1.12-stable
compiled against libnet 1.1.6
rtlinked against libnet 1.1.6
compiled against libpcap n/a
rtlinked against libpcap 1.10.1 (with TPACKET_V3)

Output for the non-working one:

┌──(root㉿kali)-[/etc/sslsplit]
└─# sslsplit -V
SSLsplit 0.5.5 (built 2021-12-26)
Copyright (c) 2009-2019, Daniel Roethlisberger <[email protected]>
https://www.roe.ch/SSLsplit
Build info: V:FILE HDIFF:1 N:83c4edf
Features: -DHAVE_NETFILTER
NAT engines: netfilter* tproxy
netfilter: IP_TRANSPARENT IP6T_SO_ORIGINAL_DST
Local process info support: no
compiled against OpenSSL 1.1.1n  15 Mar 2022 (101010ef)
rtlinked against OpenSSL 1.1.1o  3 May 2022 (101010ff)
OpenSSL has support for TLS extensions
TLS Server Name Indication (SNI) supported
OpenSSL is thread-safe with THREADID
OpenSSL has engine support
Using SSL_MODE_RELEASE_BUFFERS
SSL/TLS protocol availability: tls10 tls11 tls12 
SSL/TLS algorithm availability: !SHA0 RSA DSA ECDSA DH ECDH EC
OpenSSL option availability: SSL_OP_NO_COMPRESSION SSL_OP_NO_TICKET SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION SSL_OP_TLS_ROLLBACK_BUG
compiled against libevent 2.1.12-stable
rtlinked against libevent 2.1.12-stable
compiled against libnet 1.1.6
rtlinked against libnet 1.1.6
compiled against libpcap n/a
rtlinked against libpcap 1.10.1 (with TPACKET_V3)
6 CPU cores detected

Seems like I was using a pretty old version and wasn't aware of it.

But on Ubuntu VM I am also using old build and it's surprisingly working:

root@ubuntu:/home/nxlog# sslsplit -V
SSLsplit 0.5.5 (built 2019-08-31)
Copyright (c) 2009-2019, Daniel Roethlisberger <[email protected]>
https://www.roe.ch/SSLsplit
Build info: V:FILE HDIFF:0 N:83c4edf
Features: -DHAVE_NETFILTER
NAT engines: netfilter* tproxy
netfilter: IP_TRANSPARENT IP6T_SO_ORIGINAL_DST
Local process info support: no
compiled against OpenSSL 1.1.1c  28 May 2019 (1010103f)
rtlinked against OpenSSL 1.1.1f  31 Mar 2020 (1010106f)
OpenSSL has support for TLS extensions
TLS Server Name Indication (SNI) supported
OpenSSL is thread-safe with THREADID
OpenSSL has engine support
Using SSL_MODE_RELEASE_BUFFERS
SSL/TLS protocol availability: tls10 tls11 tls12 
SSL/TLS algorithm availability: !SHA0 RSA DSA ECDSA DH ECDH EC
OpenSSL option availability: SSL_OP_NO_COMPRESSION SSL_OP_NO_TICKET SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION SSL_OP_TLS_ROLLBACK_BUG
compiled against libevent 2.1.11-stable
rtlinked against libevent 2.1.11-stable
compiled against libnet 1.1.6
rtlinked against libnet 1.1.6
compiled against libpcap n/a
rtlinked against libpcap 1.9.1 (with TPACKET_V3)
12 CPU cores detected

from sslsplit.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.