Comments (3)
I see #23 now, but I'm still not sure how to setup iptables/netfilter to get this working.
from sslsplit.
Well, you need to tell your kernel not to interfer with connections originating from sslsplit
locally, otherwise that creates an endless loop of connections. As outlined in #23, there are many ways to do that, depending on your setup. Try limiting the redirection rules to the network interface that the connections are coming in on, for an easy solution. In case you are trying to run sslsplit
on the same system as the browser, on Linux Netfilter you can solve that by running sslsplit
under a different account than the browser and then using the owner
module to only apply the redirection rules to the user the browser runs as. If you have a working iptables config for running it locally, feel free to submit a patch to the manual page or post it here to share it, that might be useful for others.
Not a bug, closing the issue.
from sslsplit.
Looking at this issue years later, using owner module to differentiate the traffic makes sense. Maybe marking the sslsplit traffic could be another solution? Adding an option to set a fwmark on sslsplit traffic so the marked traffic won't be caught by the REDIRECT rule we put.
For anyone looking for an easy way out:
Run sslsplit as root.
iptables -t nat -A OUTPUT -d <attackedIP> -p tcp -m owner --gid-owner <yourUserName> --dport 443 -j REDIRECT --to-ports 8443
from sslsplit.
Related Issues (20)
- sslsplit(1) man page: format issue of -A option description HOT 1
- HTTPS failing because ClientHello cannot be parsed HOT 2
- Openssl 3.0 HOT 4
- Error from src bufferevent HOT 7
- How will sslsplit handle quic? HOT 5
- An error was encountered while using HTTPS spec: peeking did not yield a (truncated) clienthello message, aborting connection HOT 5
- evbuffer_get_length of autossl in environment where sender speed is slower than receiver (Buffer watermarking not working in autossl) HOT 28
- [solved] Problems to build sslsplit HOT 1
- Connection not found in NAT state table, aborting connection HOT 7
- Keep source IP using TPROXY HOT 9
- Error from src bufferevent: 0:- 337092801:193:no shared cipher:20:SSL routines:378:tls_post_process_client_hello HOT 3
- tests fail without network connection HOT 1
- Failed to lookup target ether, without error from logpkt_ether_lookup HOT 7
- Bind to specific interface
- Downloading specific file results in "Terminating connection (out of memory)!" even when unencrypted HOT 3
- intercept localhost traffic HOT 1
- Compiling Statically linked binaries not possible anymore ?
- selective TLS interception HOT 1
- Musl build error: Undefined reference to [`fts_open, fts_read, fts_set, fts_close]
- SSLKEYLOGFILE can not support TLSv1.3 HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from sslsplit.