Compare commits
14 Commits
b7a0d494fb
...
main
| Author | SHA1 | Date | |
|---|---|---|---|
 neru
|
df146989df | ||
|
neru
|
699dc354c8 | ||
|
neru
|
efca4fd3fd | ||
|
neru
|
4d54533f9a | ||
|
neru
|
558f964ce2 | ||
|
neru
|
409c41e196 | ||
|
neru
|
55202646ca | ||
|
neru
|
a9c1a30218 | ||
|
neru
|
6602a25188 | ||
|
neru
|
cd1146d0d8 | ||
|
neru
|
dad8cb55d7 | ||
|
neru
|
6ad87ecc18 | ||
|
neru
|
e0e0eb5f12 | ||
|
neru
|
c0adefeda1 |
@@ -45,6 +45,7 @@ set(WOLFSSL_ALPN ON CACHE BOOL "" FORCE)
|
|||||||
set(WOLFSSL_CERTGEN ON CACHE BOOL "" FORCE)
|
set(WOLFSSL_CERTGEN ON CACHE BOOL "" FORCE)
|
||||||
set(WOLFSSL_CERTEXT ON CACHE BOOL "" FORCE)
|
set(WOLFSSL_CERTEXT ON CACHE BOOL "" FORCE)
|
||||||
set(WOLFSSL_KEYGEN ON CACHE BOOL "" FORCE)
|
set(WOLFSSL_KEYGEN ON CACHE BOOL "" FORCE)
|
||||||
|
set(WOLFSSL_SNI ON CACHE BOOL "" FORCE)
|
||||||
set(WOLFSSL_EXAMPLES OFF CACHE BOOL "" FORCE)
|
set(WOLFSSL_EXAMPLES OFF CACHE BOOL "" FORCE)
|
||||||
set(WOLFSSL_CRYPT_TESTS OFF CACHE BOOL "" FORCE)
|
set(WOLFSSL_CRYPT_TESTS OFF CACHE BOOL "" FORCE)
|
||||||
set(BUILD_SHARED_LIBS OFF CACHE BOOL "" FORCE)
|
set(BUILD_SHARED_LIBS OFF CACHE BOOL "" FORCE)
|
||||||
@@ -54,6 +55,8 @@ FetchContent_MakeAvailable(wolfssl)
|
|||||||
target_compile_definitions(wolfssl PUBLIC
|
target_compile_definitions(wolfssl PUBLIC
|
||||||
-DWOLFSSL_ALT_NAMES
|
-DWOLFSSL_ALT_NAMES
|
||||||
-DWOLFSSL_ALPN
|
-DWOLFSSL_ALPN
|
||||||
|
-DWOLFSSL_HAVE_MIN
|
||||||
|
-DWOLFSSL_HAVE_MAX
|
||||||
)
|
)
|
||||||
|
|
||||||
# ---------------------
|
# ---------------------
|
||||||
@@ -81,6 +84,10 @@ if (TINYMITM_LOGS OR $CACHE{TINYMITM_LOGS})
|
|||||||
target_compile_definitions(tinymitm PUBLIC TINYMITM_LOGS)
|
target_compile_definitions(tinymitm PUBLIC TINYMITM_LOGS)
|
||||||
endif()
|
endif()
|
||||||
|
|
||||||
|
if (WIN32)
|
||||||
|
target_link_libraries(tinymitm PRIVATE crypt32)
|
||||||
|
endif()
|
||||||
|
|
||||||
# ------------------------------
|
# ------------------------------
|
||||||
# test
|
# test
|
||||||
# ------------------------------
|
# ------------------------------
|
||||||
|
|||||||
@@ -6,7 +6,10 @@
|
|||||||
|
|
||||||
#if defined(_WIN64) || defined(_WIN32)
|
#if defined(_WIN64) || defined(_WIN32)
|
||||||
#define FD_SETSIZE 1024
|
#define FD_SETSIZE 1024
|
||||||
#define NOMINMAX
|
|
||||||
|
#ifndef NOMINMAX
|
||||||
|
#define NOMINMAX
|
||||||
|
#endif
|
||||||
|
|
||||||
#include <winsock2.h>
|
#include <winsock2.h>
|
||||||
#include <ws2tcpip.h>
|
#include <ws2tcpip.h>
|
||||||
@@ -14,7 +17,6 @@
|
|||||||
#define CLOSE_SOCKET closesocket
|
#define CLOSE_SOCKET closesocket
|
||||||
#define SHUT_RDWR SD_BOTH
|
#define SHUT_RDWR SD_BOTH
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#include <wolfssl/options.h>
|
#include <wolfssl/options.h>
|
||||||
#include <wolfssl/ssl.h>
|
#include <wolfssl/ssl.h>
|
||||||
#include "ssl.h"
|
#include "ssl.h"
|
||||||
@@ -194,7 +196,7 @@ bool TinyMITMProxy::init()
|
|||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
TINYMITM_WRITELOG(verbose, "wolfssl context creation");
|
TINYMITM_WRITELOG(verbose, "wolfssl context creation");
|
||||||
_clientCtx = wolfSSL_CTX_new(wolfTLSv1_3_client_method());
|
_clientCtx = wolfSSL_CTX_new(wolfTLS_client_method());
|
||||||
if (!_clientCtx)
|
if (!_clientCtx)
|
||||||
{
|
{
|
||||||
TINYMITM_WRITELOG(error, "failed to create wolfssl context");
|
TINYMITM_WRITELOG(error, "failed to create wolfssl context");
|
||||||
@@ -435,6 +437,12 @@ void TinyMITMProxy::handleClient(SOCKET clientSocket)
|
|||||||
wolfSSL_set_fd(clientSSL.get(), (int)clientGuard);
|
wolfSSL_set_fd(clientSSL.get(), (int)clientGuard);
|
||||||
wolfSSL_set_fd(remoteSSL.get(), (int)remoteGuard);
|
wolfSSL_set_fd(remoteSSL.get(), (int)remoteGuard);
|
||||||
|
|
||||||
|
char alpnList[] = "http/1.1";
|
||||||
|
wolfSSL_UseALPN(remoteSSL.get(), alpnList, static_cast<word32>(strlen(alpnList)),
|
||||||
|
WOLFSSL_ALPN_CONTINUE_ON_MISMATCH);
|
||||||
|
wolfSSL_UseALPN(clientSSL.get(), alpnList, static_cast<word32>(strlen(alpnList)),
|
||||||
|
WOLFSSL_ALPN_CONTINUE_ON_MISMATCH);
|
||||||
|
|
||||||
wolfSSL_UseSNI(remoteSSL.get(), WOLFSSL_SNI_HOST_NAME, host.c_str(), (unsigned short)host.size());
|
wolfSSL_UseSNI(remoteSSL.get(), WOLFSSL_SNI_HOST_NAME, host.c_str(), (unsigned short)host.size());
|
||||||
|
|
||||||
setNonBlocking(clientGuard, true);
|
setNonBlocking(clientGuard, true);
|
||||||
@@ -457,10 +465,10 @@ void TinyMITMProxy::handleClient(SOCKET clientSocket)
|
|||||||
if (isConnect) return wolfSSL_read(ssl, b, sz);
|
if (isConnect) return wolfSSL_read(ssl, b, sz);
|
||||||
return ::recv(s, b, sz, 0);
|
return ::recv(s, b, sz, 0);
|
||||||
};
|
};
|
||||||
auto sslWrite = [&](WOLFSSL* ssl, SOCKET s, const char* b, int sz) -> int {
|
// auto sslWrite = [&](WOLFSSL* ssl, SOCKET s, const char* b, int sz) -> int {
|
||||||
if (isConnect) return wolfSSL_write(ssl, b, sz);
|
// if (isConnect) return wolfSSL_write(ssl, b, sz);
|
||||||
return ::send(s, b, sz, 0);
|
// return ::send(s, b, sz, 0);
|
||||||
};
|
// };
|
||||||
auto sslPending = [&](WOLFSSL* ssl) -> int {
|
auto sslPending = [&](WOLFSSL* ssl) -> int {
|
||||||
if (isConnect) return wolfSSL_pending(ssl);
|
if (isConnect) return wolfSSL_pending(ssl);
|
||||||
return 0;
|
return 0;
|
||||||
|
|||||||
@@ -6,6 +6,8 @@
|
|||||||
#include <seallib/log.h>
|
#include <seallib/log.h>
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#include <condition_variable>
|
||||||
|
#include <mutex>
|
||||||
#include <thread>
|
#include <thread>
|
||||||
#include <atomic>
|
#include <atomic>
|
||||||
#include <queue>
|
#include <queue>
|
||||||
|
|||||||
@@ -13,13 +13,12 @@
|
|||||||
#ifdef _WIN32
|
#ifdef _WIN32
|
||||||
#include <windows.h>
|
#include <windows.h>
|
||||||
#include <wincrypt.h>
|
#include <wincrypt.h>
|
||||||
#pragma comment(lib, "crypt32.lib")
|
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
/*
|
/*
|
||||||
CertificateManager implementation
|
CertificateManager implementation
|
||||||
*/
|
*/
|
||||||
CertificateManager::CertificateManager() : _rng(new WC_RNG()), _caKey(nullptr), _sessionKey(nullptr) {}
|
CertificateManager::CertificateManager() : _caKey(nullptr), _sessionKey(nullptr), _rng(new WC_RNG()) {}
|
||||||
|
|
||||||
CertificateManager::~CertificateManager()
|
CertificateManager::~CertificateManager()
|
||||||
{
|
{
|
||||||
@@ -84,12 +83,28 @@ WOLFSSL_CTX* CertificateManager::createHostContext(const std::string& host)
|
|||||||
cert->serial[2] = (hash >> 8) & 0xFF;
|
cert->serial[2] = (hash >> 8) & 0xFF;
|
||||||
cert->serial[3] = hash & 0xFF;
|
cert->serial[3] = hash & 0xFF;
|
||||||
|
|
||||||
// SAN
|
/*
|
||||||
strncpy_s(reinterpret_cast<char*>(cert->altNames), sizeof(cert->altNames), hostTrimmed.c_str(), _TRUNCATE);
|
SAN
|
||||||
cert->altNamesSz = static_cast<word16>(hostTrimmed.length());
|
*/
|
||||||
|
memset(cert->altNames, 0, CTC_MAX_ALT_SIZE);
|
||||||
|
|
||||||
|
// sequence
|
||||||
|
cert->altNames[0] = 0x30;
|
||||||
|
cert->altNames[1] = static_cast<byte>(hostTrimmed.length() + 2);
|
||||||
|
|
||||||
|
//dNSName tag & len
|
||||||
|
cert->altNames[2] = 0x82;
|
||||||
|
cert->altNames[3] = static_cast<byte>(hostTrimmed.length());
|
||||||
|
|
||||||
|
// actual data
|
||||||
|
memcpy(&cert->altNames[4], hostTrimmed.c_str(), hostTrimmed.length());
|
||||||
|
|
||||||
|
// sz: seq hdr (2) + dNSName hdr (2) + hostName
|
||||||
|
cert->altNamesSz = 4 + static_cast<int>(hostTrimmed.length());
|
||||||
|
cert->altNamesCrit = 0;
|
||||||
|
|
||||||
wc_SetSubjectKeyIdFromPublicKey(cert.get(), _sessionKey.get(), nullptr);
|
wc_SetSubjectKeyIdFromPublicKey(cert.get(), _sessionKey.get(), nullptr);
|
||||||
wc_SetAuthKeyIdFromCert(cert.get(), _caCertDer.data(), _caCertDer.size());
|
wc_SetAuthKeyIdFromCert(cert.get(), _caCertDer.data(), static_cast<int>(_caCertDer.size()));
|
||||||
|
|
||||||
/*
|
/*
|
||||||
cert sign
|
cert sign
|
||||||
@@ -132,7 +147,7 @@ bool CertificateManager::installCertificate()
|
|||||||
(DWORD)_caCertDer.size());
|
(DWORD)_caCertDer.size());
|
||||||
|
|
||||||
if (!certCtx) return false;
|
if (!certCtx) return false;
|
||||||
HCERTSTORE rootStore = CertOpenStore(CERT_STORE_PROV_SYSTEM, 0, NULL, CERT_SYSTEM_STORE_CURRENT_USER, L"Root");
|
HCERTSTORE rootStore = CertOpenStore(CERT_STORE_PROV_SYSTEM, 0, 0, CERT_SYSTEM_STORE_CURRENT_USER, L"Root");
|
||||||
bool success = false;
|
bool success = false;
|
||||||
if (rootStore)
|
if (rootStore)
|
||||||
{
|
{
|
||||||
@@ -185,8 +200,10 @@ bool CertificateManager::generateAndSaveCA(const char* caName, int days, const s
|
|||||||
cert->serialSz = 1;
|
cert->serialSz = 1;
|
||||||
cert->serial[0] = 1;
|
cert->serial[0] = 1;
|
||||||
|
|
||||||
|
cert->selfSigned = 1;
|
||||||
|
|
||||||
wc_SetSubjectKeyIdFromPublicKey(cert.get(), _caKey.get(), 0);
|
wc_SetSubjectKeyIdFromPublicKey(cert.get(), _caKey.get(), 0);
|
||||||
wc_SetAuthKeyIdFromCert(cert.get(), _caCertDer.data(), _caCertDer.size());
|
wc_SetAuthKeyIdFromPublicKey(cert.get(), _caKey.get(), 0);
|
||||||
|
|
||||||
/*
|
/*
|
||||||
CA sign
|
CA sign
|
||||||
|
|||||||
@@ -11,7 +11,7 @@ class ConOutSink : public ILogSink
|
|||||||
public:
|
public:
|
||||||
virtual void receiveLog(LogType type, std::string_view loggerName, std::string_view msg) override
|
virtual void receiveLog(LogType type, std::string_view loggerName, std::string_view msg) override
|
||||||
{
|
{
|
||||||
std::cout << "[" << loggerName << "] " << seallib::getLogTypeColor(type) << "["
|
std::cout << "[" << loggerName << "] " << seallib::getLogTypeColor(type) << "["
|
||||||
<< seallib::getLogTypeName(type) << "]"
|
<< seallib::getLogTypeName(type) << "]"
|
||||||
<< "\x1b[0m " << msg << std::endl;
|
<< "\x1b[0m " << msg << std::endl;
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user