This software is available under MIT license, see LICENSE.txt
.
- recent Erlang distribution (tested on
Erlang/OTP 17 [erts-6.2]
)
The file config.txt
contains the configuration, which is read at startup.
listen_port
is the TCP port to listen onca_key_file
andca_cert_file
are the private key and certificate of a CA that is accepted by the clients to be attacked with MITM, both in PEM format
erlc *.erl
$ erl -s sslproxy
Erlang/OTP 17 [erts-6.2] [source] [64-bit] [smp:4:4] [async-threads:10] [kernel-poll:false]
Eshell V6.2 (abort with ^G)
1> Opened PCAP output file /tmp/sslproxy-11107-g2gDYgAABYdiAA7Ga2IADDWM.pcap
The PCAP file name contains the PID or the erlang process and a timestamp for uniqueness, and the file will contain the plaintext of everything that went through the proxy.
- Encrypted private keys are NOT supported, PEM files should contain
-----BEGIN PRIVATE KEY-----
. - Erlang SSL/TLS implementations cannot handle X.509 certificates with a country field of more than two characters, both as a client and as a server. This unfortunately also means that Burp certificates with
PortSwigger
as their "country" cannot be used by this tool. - Only version 4 IP addresses are supported.