sonertari / sslproxy Goto Github PK

Transparent SSL/TLS proxy for decrypting and diverting network traffic to other programs, such as UTM services, for deep SSL inspection

License: BSD 2-Clause "Simplified" License

Makefile 0.60% C 98.21% Python 0.19% Shell 0.03% Roff 0.97%

mitm ssl-inspection ssl-proxy sslsplit tls-proxy transparent-proxy

sslproxy's People

Contributors

Stargazers

Watchers

Forkers

tuxxon secretnonempty sonywork primmus rhamblet ylkcy silv4fox bikram990 alieismy zk2013 ramparam k0rv1n mcfactor govnotest supair rotbot9k opensesamedoors skyformat99 vic4key ultrapower8 cppsky hghazal dongcai008 kernal-gh andmisfits89 xzvb12 cdotsasa jaydave wbglil iprotocolsec fwu313 ro9ueadmin ltgrp cute sumerzhang studio501 wenhuancai nei313 mvclaudianobj fatihusta adcds bbbking jorson-chen kramelec xdcs100 ronmhoward liuxycn dk47os3r ekapujiw2002 product vn-os blackcounter leonschmitt huangyingting lo0815 battlefor fiveways qingchen1984 j4ckzh0u jonz-secops jeff-cn piolug93 s0duku udhayakumar-in8 chenlilong84 youlianchun capuanob wikipikimiki ducbang barisunsalhn raynorscorpion mbhudson luwenpeng zhoyo21th zero-feng pullpaul 33dotsec notsilverhoft flylinfan chennqqi saradark jerrywang1974 hartvon weiweidetutu seahorse9891 thinkst-cs yufu8 starrysec gali1 quftot geekybo95 mht6426 danezzenad sharktrade rationalaai

sslproxy's Issues

How to divert traffic to some other program, please post some example or guidline?

  In response to the proxy description "diverting network traffic to other programs, such as UTM services, for deep SSL inspection" . Please post some example of a program listener, or specify the point in the code. Thank you

Program
^^
/
v v
Client <-> SSLproxy <-> Server

Example listener python script. Not responding.

Big fan of your's and Roe's work.

For the benefit of understanding and clarification I have put together a cheeky little python script for inspecting the traffic and how a listener should work. It's receiving headers great, but the response never seems to receive and clients report connection issues.

I've scoured your readme and the below should work. If you could shed some light from an education purpose it would be greatly appreciated.

Using Linux Mint server as an AP.

Running SSLsplit with command: sudo sslproxy -k ./certs/ca.key -c ./certs/ca.crt -P ssl 0.0.0.0 8443 up:8080
When running with https command results in consistent HelloConnect errors. :-(

IPTables rules:

iptables -t nat -A PREROUTING -i wlan -p tcp --dport 80 -j REDIRECT --to-port 8443
iptables -t nat -A PREROUTING -i wlan -p tcp --dport 443 -j REDIRECT --to-port 8443
ip6tables -t nat -A PREROUTING -i wlan -p tcp --dport 80 -j REDIRECT --to-port 8443
ip6tables -t nat -A PREROUTING -i wlan -p tcp --dport 443 -j REDIRECT --to-port 8443

Python script:

import socket

# Create a TCP/IP socket
server_socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
server_socket.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)

# Bind the socket to the localhost address and a specified port
server_address = ('localhost', 8080)
server_socket.bind(server_address)

# Listen for incoming client connections (maximum of 1 waiting client)
server_socket.listen(1)
print('Server listening on port', server_address[1])

while True:
    # Wait for a connection
    print('Waiting for a connection...')
    connection, client_address = server_socket.accept()
    
    try:
        print('Connection from', client_address)
        # Receive data from the client
        dataStore = ""
        ctr = 1
        while True:
            print("Recieveing data")
            
            data = connection.recv(1024)
            print("Recieved data length:", len(data))
            if not data:
                break
            if dataStore == "":
                print("Set dataStore")
                dataStore = data
            else:
                print("Appended to dataStore")
                dataStore = dataStore + data
            try:
                print("Decoding data")
                decodedData = data.decode()
                print('Received:', decodedData.replace("\\r\\n", "\r\n"))
            except Exception as ex:
                print('Decode Exception', ex)
            
            if len(data) < 1024:
                break
            
        #  =================== Return data ======================
        # Create a socket object for sending packets over UDP
        response_socket = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)

        # Send a message to the target IP address and port
        response_socket.sendto(dataStore, client_address)
        print("Returned ", len(dataStore), " to ", client_address)
        print("-----------------------------------------------------------------------------------")

        # Close the socket
        response_socket.close()
            
    finally:
        # Clean up the connection
        connection.close()

Example responses:
Python listener:

* Waiting for a connection...
* Connection from ('127.0.0.1', 49972)
* Recieveing data
* Recieved data length: 612
* Set dataStore
* Decoding data
* Received: GET /wiki/Alan_Jope HTTP/1.1
SSLproxy: [127.0.0.1]:45101,[10.42.0.254]:59674,[91.198.174.192]:443,s
Host: en.m.wikipedia.org
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Cookie: enwikiwmE-sessionTickLastTickTime=1678652795235; enwikiwmE-sessionTickTickCount=1; WMF-Last-Access-Global=12-Mar-2023; WMF-DP=b98; WMF-Last-Access=12-Mar-2023
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 15_7_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.6.4 Mobile/15E148 Safari/604.1
Accept-Language: en-GB,en;q=0.9
Accept-Encoding: gzip, deflate, br
Connection: close


* Returned  612  to  ('127.0.0.1', 49972)

SSLproxy:

CONN: ssl 10.42.0.254 59683 91.198.174.192 443 sni:en.m.wikipedia.org names:*.wikipedia.org/*.wikipedia.org/wikimedia.org/mediawiki.org/wikibooks.org/wikidata.org/wikinews.org/wikiquote.org/wikisource.org/wikiversity.org/wikivoyage.org/wiktionary.org/wikimediafoundation.org/w.wiki/wmfusercontent.org/*.m.wikipedia.org/*.wikimedia.org/*.m.wikimedia.org/*.planet.wikimedia.org/*.mediawiki.org/*.m.mediawiki.org/*.wikibooks.org/*.m.wikibooks.org/*.wikidata.org/*.m.wikidata.org/*.wikinews.org/*.m.wikinews.org/*.wikiquote.org/*.m.wikiquote.org/*.wikisource.org/*.m.wikisource.org/*.wikiversity.org/*.m.wikiversity.org/*.wikivoyage.org/*.m.wikivoyage.org/*.wiktionary.org/*.m.wiktionary.org/*.wikimediafoundation.org/*.wmfusercontent.org/wikipedia.org/wikifunctions.org/*.wikifunctions.org sproto:TLSv1.3:TLS_AES_128_GCM_SHA256 dproto:TLSv1.3:TLS_AES_256_GCM_SHA384 origcrt:91D4DDDD2FF918E01907D86BC75454F11A8F2CDC usedcrt:8E146A2A0965132108BD8227A3212F5181B18B32 user:-

does SSLproxy forward the SSL decrypted traffic to NIDS (for example to a suricata server) for analyze? is possible?

does SSLproxy forward the SSL decrypted traffic to NIDS (for example to a suricata server) for analyze?
is possible?

Issue guidelines wrt to networkengineering.stackexchange.com

I asked a question about this on Network Engineering, having read the guidelines here. They closed it, saying "Unfortunately, questions about hosts/servers and protocols above OSI layer-4 are off-topic here, as are product or resource recommendations. You could try to ask this question on Super User."

Confusing, since the wikipedia article says "Transport Layer Security (TLS) does not strictly fit inside the model either. It contains characteristics of the transport and presentation layers.".

Block all is not logged

I have filter rule Block from ip * to ip * log * and while traffic has been blocked i don't see that in logs. Below i send debug log where we see only SSL negotiation and connection to destination host without information about from connection from who initialized and information about block action.

SSLproxy  (built 2022-06-23)
------------------------------------------------------------------------------
WARNING: Something is wrong with the version compiled into sslproxy!
The version should contain a release number and/or a git commit reference.
If using a package, please report a bug to the distro package maintainer.
------------------------------------------------------------------------------
Copyright (c) 2017-2022, Soner Tari <[email protected]>
https://github.com/sonertari/SSLproxy
Copyright (c) 2009-2019, Daniel Roethlisberger <[email protected]>
https://www.roe.ch/SSLsplit
Build info: V:DIR N:56b3680
Features: -DHAVE_NETFILTER -DWITHOUT_USERAUTH
NAT engines: netfilter* tproxy
netfilter: IP_TRANSPARENT IP6T_SO_ORIGINAL_DST
Local process info support: no
compiled against OpenSSL 1.1.1n  15 Mar 2022 (101010ef)
rtlinked against OpenSSL 1.1.1n  15 Mar 2022 (101010ef)
OpenSSL has support for TLS extensions
TLS Server Name Indication (SNI) supported
OpenSSL is thread-safe with THREADID
OpenSSL has engine support
Using SSL_MODE_RELEASE_BUFFERS
SSL/TLS protocol availability: tls10 tls11 tls12 tls13
SSL/TLS algorithm availability: !SHA0 RSA DSA ECDSA DH ECDH EC
OpenSSL option availability: SSL_OP_NO_COMPRESSION SSL_OP_NO_TICKET SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION SSL_OP_TLS_ROLLBACK_BUG
compiled against libevent 2.1.12-stable
rtlinked against libevent 2.1.12-stable
compiled against libnet 1.1.6
rtlinked against libnet 1.1.6
compiled against libpcap n/a
rtlinked against libpcap 1.10.0 (with TPACKET_V3)
2 CPU cores detected
Generated 2048 bit RSA key for leaf certs.
Global conn opts: negotiate>=tls10<=tls13|ALL:!RC4|TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256|no ecdhcurve|no leafcrlurl|verify_peer|allow_wrong_host|validate_proto|8192
proxyspecs:
- listen=[0.0.0.0]:3129 ssl|http netfilter
opts= conn opts: negotiate>=tls10<=tls13|ALL:!RC4|TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256|no ecdhcurve|no leafcrlurl|verify_peer|allow_wrong_host|validate_proto|8192
split
macro $repositories = *.debian.org, packages.gitlab.com, ftp.de.debian.org, d20rj4el6vkp4c.cloudfront.net
filter rule 0: dstip=, dstport=, srcip=, exact=||, all=conns|sites|, action=|||block|, log=connect|master|cert|content|pcap|mirror, precedence=2
filter rule 1: dstip=, dstport=, srcip=10.10.10., exact=||, all=|sites|, action=|split|||, log=connect|master|cert|content|pcap|mirror, precedence=3
filter rule 2: dstip=, dstport=, srcip=10.1.20.4, exact=||ip, all=|sites|, action=|split|||, log=connect|master|cert|content|pcap|mirror, precedence=3
filter rule 3: dstip=, dstport=, srcip=10.1.10.103, exact=||ip, all=|sites|, action=|split|||, log=connect|master|cert|content|pcap|mirror, precedence=3
filter rule 4: host=*.debian.org, dstport=, srcip=, exact=site||, all=conns||, action=|split|||, log=connect|master|cert|content|pcap|mirror, precedence=2
filter rule 5: host=packages.gitlab.com, dstport=, srcip=, exact=site||, all=conns||, action=|split|||, log=connect|master|cert|content|pcap|mirror, precedence=2
filter rule 6: host=ftp.de.debian.org, dstport=, srcip=, exact=site||, all=conns||, action=|split|||, log=connect|master|cert|content|pcap|mirror, precedence=2
filter rule 7: host=d20rj4el6vkp4c.cloudfront.net, dstport=, srcip=, exact=site||, all=conns||, action=|split|||, log=connect|master|cert|content|pcap|mirror, precedence=2
filter=>
ip_filter_exact->
  ip 0 10.1.10.103 (exact)=
    ip all:
      0:  (all_sites, substring, action=|split|||, log=connect|master|cert|content|pcap|mirror, precedence=3)
  ip 1 10.1.20.4 (exact)=
    ip all:
      0:  (all_sites, substring, action=|split|||, log=connect|master|cert|content|pcap|mirror, precedence=3)
ip_filter_substring->
  ip 0 10.10.10. (substring)=
    ip all:
      0:  (all_sites, substring, action=|split|||, log=connect|master|cert|content|pcap|mirror, precedence=3)
filter_all->
    ip all:
      0:  (all_sites, substring, action=|||block|, log=connect|master|cert|content|pcap|mirror, precedence=2)
    host exact:
      0: *.debian.org (exact, action=|split|||, log=connect|master|cert|content|pcap|mirror, precedence=2)
      1: d20rj4el6vkp4c.cloudfront.net (exact, action=|split|||, log=connect|master|cert|content|pcap|mirror, precedence=2)
      2: ftp.de.debian.org (exact, action=|split|||, log=connect|master|cert|content|pcap|mirror, precedence=2)
      3: packages.gitlab.com (exact, action=|split|||, log=connect|master|cert|content|pcap|mirror, precedence=2)

- listen=[0.0.0.0]:3128 tcp|http netfilter
opts= conn opts: negotiate>=tls10<=tls13|ALL:!RC4|TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256|no ecdhcurve|no leafcrlurl|verify_peer|allow_wrong_host|validate_proto|8192
split
macro $repositories = *.debian.org, packages.gitlab.com, ftp.de.debian.org, d20rj4el6vkp4c.cloudfront.net
filter rule 0: dstip=, dstport=, srcip=, exact=||, all=conns|sites|, action=|||block|, log=connect|master|cert|content|pcap|mirror, precedence=2
filter rule 1: dstip=, dstport=, srcip=10.10.10., exact=||, all=|sites|, action=|split|||, log=connect|master|cert|content|pcap|mirror, precedence=3
filter rule 2: dstip=, dstport=, srcip=10.1.20.4, exact=||ip, all=|sites|, action=|split|||, log=connect|master|cert|content|pcap|mirror, precedence=3
filter rule 3: dstip=, dstport=, srcip=10.1.10.103, exact=||ip, all=|sites|, action=|split|||, log=connect|master|cert|content|pcap|mirror, precedence=3
filter rule 4: host=*.debian.org, dstport=, srcip=, exact=site||, all=conns||, action=|split|||, log=connect|master|cert|content|pcap|mirror, precedence=2
filter rule 5: host=packages.gitlab.com, dstport=, srcip=, exact=site||, all=conns||, action=|split|||, log=connect|master|cert|content|pcap|mirror, precedence=2
filter rule 6: host=ftp.de.debian.org, dstport=, srcip=, exact=site||, all=conns||, action=|split|||, log=connect|master|cert|content|pcap|mirror, precedence=2
filter rule 7: host=d20rj4el6vkp4c.cloudfront.net, dstport=, srcip=, exact=site||, all=conns||, action=|split|||, log=connect|master|cert|content|pcap|mirror, precedence=2
filter=>
ip_filter_exact->
  ip 0 10.1.10.103 (exact)=
    ip all:
      0:  (all_sites, substring, action=|split|||, log=connect|master|cert|content|pcap|mirror, precedence=3)
  ip 1 10.1.20.4 (exact)=
    ip all:
      0:  (all_sites, substring, action=|split|||, log=connect|master|cert|content|pcap|mirror, precedence=3)
ip_filter_substring->
  ip 0 10.10.10. (substring)=
    ip all:
      0:  (all_sites, substring, action=|split|||, log=connect|master|cert|content|pcap|mirror, precedence=3)
filter_all->
    ip all:
      0:  (all_sites, substring, action=|||block|, log=connect|master|cert|content|pcap|mirror, precedence=2)
    host exact:
      0: *.debian.org (exact, action=|split|||, log=connect|master|cert|content|pcap|mirror, precedence=2)
      1: d20rj4el6vkp4c.cloudfront.net (exact, action=|split|||, log=connect|master|cert|content|pcap|mirror, precedence=2)
      2: ftp.de.debian.org (exact, action=|split|||, log=connect|master|cert|content|pcap|mirror, precedence=2)
      3: packages.gitlab.com (exact, action=|split|||, log=connect|master|cert|content|pcap|mirror, precedence=2)

Loaded Global CA: '/C=cenzored/ST=cenzored/L=cenzored/O=cenzored/emailAddress=cenzored/CN=cenzored'
Loaded ProxySpec CA: '/C=cenzored/ST=cenzored/L=cenzored/O=cenzored/emailAddress=cenzored/CN=cenzored'
Loaded ProxySpec CA: '/C=cenzored/ST=cenzored/L=cenzored/O=cenzored/emailAddress=cenzored/CN=cenzored'
SSL/TLS leaf certificates taken from:
- Global generated on the fly
Privsep fastpath disabled
Created self-pipe [r=6,w=7]
Created chld-pipe [r=8,w=9]
Created socketpair 0 [p=10,c=11]
Created socketpair 1 [p=12,c=13]
Created socketpair 2 [p=14,c=15]
Created socketpair 3 [p=16,c=17]
Created socketpair 4 [p=18,c=19]
Created socketpair 5 [p=20,c=21]
Privsep parent pid 57314
Privsep child pid 57315
Using libevent backend 'epoll'
Event base supports: edge yes, O(1) yes, anyfd no
Received privsep req type 03 sz 9 on srvsock 10
Received privsep req type 03 sz 9 on srvsock 10
Received privsep req type 00 sz 1 on srvsock 10
Dropped privs to user proxy group proxy chroot -
Received privsep req type 00 sz 1 on srvsock 12
Received privsep req type 00 sz 1 on srvsock 16
Received privsep req type 00 sz 1 on srvsock 18
Received privsep req type 00 sz 1 on srvsock 20
Inserted events:
  0x5597949a2348 [fd  6] Read Persist Internal
  0x5597949a2520 [fd  8] Read Persist Internal
  0x5597949a25f8 [fd  9] Read Persist
  0x5597949a26b8 [fd  10] Read Persist
  0x55979499ac60 [sig 1] Signal Persist
  0x559794968f90 [sig 2] Signal Persist
  0x55979499b010 [sig 3] Signal Persist
  0x55979499ada0 [sig 10] Signal Persist
  0x55979499af80 [sig 13] Signal Persist
  0x55979499dc80 [sig 15] Signal Persist
  0x55979499ca40 [fd  -1] Persist Timeout=1656312391.110235
Active events:
Initialized 4 connection handling threads
Started 4 connection handling threads
Starting main event loop.
SNI peek: [api.bing.com] [complete], fd=28
Connecting to [13.107.5.80]:443
===> Original server certificate:
Subject DN: /CN=www.bing.com
Common Names: www.bing.com/www.bing.com/dict.bing.com.cn/*.platform.bing.com/*.bing.com/bing.com/ieonline.microsoft.com/*.windowssearch.com/cn.ieonline.microsoft.com/*.origin.bing.com/*.mm.bing.net/*.api.bing.com/ecn.dev.virtualearth.net/*.cn.bing.net/*.cn.bing.com/ssl-api.bing.com/ssl-api.bing.net/*.api.bing.net/*.bingapis.com/bingsandbox.com/feedback.microsoft.com/insertmedia.bing.office.net/r.bat.bing.com/*.r.bat.bing.com/*.dict.bing.com.cn/*.dict.bing.com/*.ssl.bing.com/*.appex.bing.com/*.platform.cn.bing.com/wp.m.bing.com/*.m.bing.com/global.bing.com/windowssearch.com/search.msn.com/*.bingsandbox.com/*.api.tiles.ditu.live.com/*.ditu.live.com/*.t0.tiles.ditu.live.com/*.t1.tiles.ditu.live.com/*.t2.tiles.ditu.live.com/*.t3.tiles.ditu.live.com/*.tiles.ditu.live.com/3d.live.com/api.search.live.com/beta.search.live.com/cnweb.search.live.com/dev.live.com/ditu.live.com/farecast.live.com/image.live.com/images.live.com/local.live.com.au/localsearch.live.com/ls4d.search.live.com/mail.live.com/mapindia.live.com/local.live.com/maps.live.com/maps.live.com.au/mindia.live.com/news.live.com/origin.cnweb.search.live.com/preview.local.live.com/search.live.com/test.maps.live.com/video.live.com/videos.live.com/virtualearth.live.com/wap.live.com/webmaster.live.com/webmasters.live.com/www.local.live.com.au/www.maps.live.com.au
Fingerprint: EB:39:0A:AB:CF:92:D2:3C:DE:A1CD:8A:8A:99:95:9D:76:38:39:BF
Certificate cache: MISS
===> Forged server certificate:
Subject DN: /CN=www.bing.com
Common Names: www.bing.com/www.bing.com/dict.bing.com.cn/*.platform.bing.com/*.bing.com/bing.com/ieonline.microsoft.com/*.windowssearch.com/cn.ieonline.microsoft.com/*.origin.bing.com/*.mm.bing.net/*.api.bing.com/ecn.dev.virtualearth.net/*.cn.bing.net/*.cn.bing.com/ssl-api.bing.com/ssl-api.bing.net/*.api.bing.net/*.bingapis.com/bingsandbox.com/feedback.microsoft.com/insertmedia.bing.office.net/r.bat.bing.com/*.r.bat.bing.com/*.dict.bing.com.cn/*.dict.bing.com/*.ssl.bing.com/*.appex.bing.com/*.platform.cn.bing.com/wp.m.bing.com/*.m.bing.com/global.bing.com/windowssearch.com/search.msn.com/*.bingsandbox.com/*.api.tiles.ditu.live.com/*.ditu.live.com/*.t0.tiles.ditu.live.com/*.t1.tiles.ditu.live.com/*.t2.tiles.ditu.live.com/*.t3.tiles.ditu.live.com/*.tiles.ditu.live.com/3d.live.com/api.search.live.com/beta.search.live.com/cnweb.search.live.com/dev.live.com/ditu.live.com/farecast.live.com/image.live.com/images.live.com/local.live.com.au/localsearch.live.com/ls4d.search.live.com/mail.live.com/mapindia.live.com/local.live.com/maps.live.com/maps.live.com.au/mindia.live.com/news.live.com/origin.cnweb.search.live.com/preview.local.live.com/search.live.com/test.maps.live.com/video.live.com/videos.live.com/virtualearth.live.com/wap.live.com/webmaster.live.com/webmasters.live.com/www.local.live.com.au/www.maps.live.com.au
Fingerprint: 70:CD:82:A4:5B:8C:9D:4C:4C:F898:09:4E:25:CE:3C:BF:85:5E:55
SSL session cache: MISS
Certificate cache: KEEP (SNI match or target mode)
HTTPS connected to [13.107.5.80]:443 TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
CLIENT_RANDOM 62B9518B458795A9B3017C8489C368D0DE435885D63450133B535AC62C204CEC F9431E72258B7E72EE77BA741C234179C9B0AB05175A5C4551BA6E8FFE10968D13913A8B9AD6CCCB14EF440E99F1DAA0
SSL_free() in state 00000001 = 0001 = SSLOK  (SSL negotiation finished successfully) [accept socket]
SSL_free() in state 00000001 = 0001 = SSLOK  (SSL negotiation finished successfully) [connect socket]
SNI peek: [api.bing.com] [complete], fd=28
Connecting to [13.107.5.80]:443
Attempt reuse dst SSL session
===> Original server certificate:
Subject DN: /CN=www.bing.com
Common Names: www.bing.com/www.bing.com/dict.bing.com.cn/*.platform.bing.com/*.bing.com/bing.com/ieonline.microsoft.com/*.windowssearch.com/cn.ieonline.microsoft.com/*.origin.bing.com/*.mm.bing.net/*.api.bing.com/ecn.dev.virtualearth.net/*.cn.bing.net/*.cn.bing.com/ssl-api.bing.com/ssl-api.bing.net/*.api.bing.net/*.bingapis.com/bingsandbox.com/feedback.microsoft.com/insertmedia.bing.office.net/r.bat.bing.com/*.r.bat.bing.com/*.dict.bing.com.cn/*.dict.bing.com/*.ssl.bing.com/*.appex.bing.com/*.platform.cn.bing.com/wp.m.bing.com/*.m.bing.com/global.bing.com/windowssearch.com/search.msn.com/*.bingsandbox.com/*.api.tiles.ditu.live.com/*.ditu.live.com/*.t0.tiles.ditu.live.com/*.t1.tiles.ditu.live.com/*.t2.tiles.ditu.live.com/*.t3.tiles.ditu.live.com/*.tiles.ditu.live.com/3d.live.com/api.search.live.com/beta.search.live.com/cnweb.search.live.com/dev.live.com/ditu.live.com/farecast.live.com/image.live.com/images.live.com/local.live.com.au/localsearch.live.com/ls4d.search.live.com/mail.live.com/mapindia.live.com/local.live.com/maps.live.com/maps.live.com.au/mindia.live.com/news.live.com/origin.cnweb.search.live.com/preview.local.live.com/search.live.com/test.maps.live.com/video.live.com/videos.live.com/virtualearth.live.com/wap.live.com/webmaster.live.com/webmasters.live.com/www.local.live.com.au/www.maps.live.com.au
Fingerprint: EB:39:0A:AB:CF:92:D2:3C:DE:A1CD:8A:8A:99:95:9D:76:38:39:BF
Certificate cache: HIT
===> Forged server certificate:
Subject DN: /CN=www.bing.com
Common Names: www.bing.com/www.bing.com/dict.bing.com.cn/*.platform.bing.com/*.bing.com/bing.com/ieonline.microsoft.com/*.windowssearch.com/cn.ieonline.microsoft.com/*.origin.bing.com/*.mm.bing.net/*.api.bing.com/ecn.dev.virtualearth.net/*.cn.bing.net/*.cn.bing.com/ssl-api.bing.com/ssl-api.bing.net/*.api.bing.net/*.bingapis.com/bingsandbox.com/feedback.microsoft.com/insertmedia.bing.office.net/r.bat.bing.com/*.r.bat.bing.com/*.dict.bing.com.cn/*.dict.bing.com/*.ssl.bing.com/*.appex.bing.com/*.platform.cn.bing.com/wp.m.bing.com/*.m.bing.com/global.bing.com/windowssearch.com/search.msn.com/*.bingsandbox.com/*.api.tiles.ditu.live.com/*.ditu.live.com/*.t0.tiles.ditu.live.com/*.t1.tiles.ditu.live.com/*.t2.tiles.ditu.live.com/*.t3.tiles.ditu.live.com/*.tiles.ditu.live.com/3d.live.com/api.search.live.com/beta.search.live.com/cnweb.search.live.com/dev.live.com/ditu.live.com/farecast.live.com/image.live.com/images.live.com/local.live.com.au/localsearch.live.com/ls4d.search.live.com/mail.live.com/mapindia.live.com/local.live.com/maps.live.com/maps.live.com.au/mindia.live.com/news.live.com/origin.cnweb.search.live.com/preview.local.live.com/search.live.com/test.maps.live.com/video.live.com/videos.live.com/virtualearth.live.com/wap.live.com/webmaster.live.com/webmasters.live.com/www.local.live.com.au/www.maps.live.com.au
Fingerprint: 70:CD:82:A4:5B:8C:9D:4C:4C:F898:09:4E:25:CE:3C:BF:85:5E:55
SSL session cache: HIT
Certificate cache: KEEP (SNI match or target mode)
HTTPS connected to [13.107.5.80]:443 TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
CLIENT_RANDOM 62B9518C6FF82CF21D5543F6A447200790277D27D8F7A753B7C86DF51B3DDA4E F9431E72258B7E72EE77BA741C234179C9B0AB05175A5C4551BA6E8FFE10968D13913A8B9AD6CCCB14EF440E99F1DAA0
SSL_free() in state 00000001 = 0001 = SSLOK  (SSL negotiation finished successfully) [accept socket]
SSL_free() in state 00000001 = 0001 = SSLOK  (SSL negotiation finished successfully) [connect socket]
SNI peek: [o2.pl] [complete], fd=28
Connecting to [212.77.98.29]:443
===> Original server certificate:
Subject DN: /CN=*.o2.pl
Common Names: *.o2.pl/*.o2.pl/o2.pl
Fingerprint: 31:A6:82:23:07:BE:BC:C6:79:AC80:FC:FD:BE:B6:1A:50:EB:56:2A
Certificate cache: MISS
===> Forged server certificate:
Subject DN: /CN=*.o2.pl
Common Names: *.o2.pl/*.o2.pl/o2.pl
Fingerprint: 9F:0F:69:AB:CC:03:90:76:3B:9B5D:F1:A4:40:0F:D5:DC:27:F6:28
SSL session cache: MISS
Certificate cache: KEEP (SNI match or target mode)
HTTPS connected to [212.77.98.29]:443 TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
CLIENT_RANDOM 62B951908059EED2785C36FDD1B3D7395EDA9939C3CABF3969EF205E8DB8AAD2 5EBB58AC19E570E59A41C2995121DE7FF182EE71AEF3C81957658CEC11811DF002AC09C5C07829B43DCCCD6FFF9F2B6E
SSL_free() in state 00000001 = 0001 = SSLOK  (SSL negotiation finished successfully) [accept socket]
SSL_free() in state 00000001 = 0001 = SSLOK  (SSL negotiation finished successfully) [connect socket]
SNI peek: [o2.pl] [complete], fd=28
Connecting to [212.77.98.29]:443
Attempt reuse dst SSL session
===> Original server certificate:
Subject DN: /CN=*.o2.pl
Common Names: *.o2.pl/*.o2.pl/o2.pl
Fingerprint: 31:A6:82:23:07:BE:BC:C6:79:AC80:FC:FD:BE:B6:1A:50:EB:56:2A
Certificate cache: HIT
===> Forged server certificate:
Subject DN: /CN=*.o2.pl
Common Names: *.o2.pl/*.o2.pl/o2.pl
Fingerprint: 9F:0F:69:AB:CC:03:90:76:3B:9B5D:F1:A4:40:0F:D5:DC:27:F6:28
SSL session cache: HIT
Certificate cache: KEEP (SNI match or target mode)
HTTPS connected to [212.77.98.29]:443 TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
CLIENT_RANDOM 62B95190D4F81DFC08C8B5F35F3D11BBAA7F484D013B13B284AD79A3E8E317EA 5EBB58AC19E570E59A41C2995121DE7FF182EE71AEF3C81957658CEC11811DF002AC09C5C07829B43DCCCD6FFF9F2B6E
SSL_free() in state 00000001 = 0001 = SSLOK  (SSL negotiation finished successfully) [accept socket]
SSL_free() in state 00000001 = 0001 = SSLOK  (SSL negotiation finished successfully) [connect socket]
STATS: thr=0, mld=0, mfd=0, mat=0, mct=0, iib=4048, iob=0, eib=0, eob=0, swm=0, uwm=0, to=0, err=0, si=0
STATS: thr=1, mld=0, mfd=0, mat=0, mct=0, iib=0, iob=0, eib=0, eob=0, swm=0, uwm=0, to=0, err=0, si=0
STATS: thr=2, mld=0, mfd=0, mat=0, mct=0, iib=0, iob=0, eib=0, eob=0, swm=0, uwm=0, to=0, err=0, si=0
STATS: thr=3, mld=0, mfd=0, mat=0, mct=0, iib=0, iob=0, eib=0, eob=0, swm=0, uwm=0, to=0, err=0, si=0
Received signal 2
Main event loop stopped (reason=2).
Received privsep req type 00 sz 1 on srvsock 14
Child pid 57315 exited with status 0

Own page for blocked request.

Hello, i searching information about set own page for blocked request and i don't see that function. Do you have plans for implement that ?

DPDK Support

Hi,

Please, advice is there any plan to integrate with DPDK ?
What are the max concurrent connections supported as per test/benchmarks?

Thank you,
Manoj M

Question: Google Quic Protocol

Hello
Is there support google quic protocol?

https://blog.cloudflare.com/the-road-to-quic/amp/

Thanks.

Cannot make on Linux

Hi there,

I tried to compile SSLproxy myself. With make I got the following error:

SSLproxy v0.5.4-dirty

Report bugs at https://github.com/droe/sslsplit/issues/new
Please supply this header for diagnostics when reporting build issues
Before reporting bugs, make sure to try the latest develop branch first:
% git clone -b develop https://github.com/droe/sslsplit.git

Via pkg-config: openssl libevent libevent_openssl libevent_pthreads
Build options: -DHAVE_NETFILTER
uname -a: Linux DietPi.local 4.9.77-v7+ #1081 SMP Wed Jan 17 16:15:20 GMT 2018 armv7l GNU/Linux

cc -c -isystem/usr/local/include -D_GNU_SOURCE -D"BNAME="sslproxy"" -D"PNAME="SSLproxy"" -D"VERSION="v0.5.4-dirty"" -D"BUILD_DATE="2018-02-15"" -D"FEATURES="-DHAVE_NETFILTER"" -D"BUILD_INFO="V:GIT"" -DHAVE_NETFILTER -pthread -std=c99 -Wall -Wextra -pedantic -D_FORTIFY_SOURCE=2 -fstack-protector-all -pthread -o version.o version.c
cc -L/usr/local/lib -pthread -o sslproxy cachemgr.o cachetgcrt.o logbuf.o url.o log.o cachefkcrt.o opts.o thrqueue.o pxyconn.o pxysslshut.o privsep.o logger.o nat.o base64.o version.o main.o cachessess.o util.o cache.o pxythrmgr.o dynbuf.o cert.o sys.o proxy.o proc.o ssl.o cachedsess.o -lssl -lcrypto -levent_openssl -levent_pthreads -levent
pxyconn.o: In function pxy_conn_setup': pxyconn.c:(.text+0x8d00): undefined reference to getdtablecount'
collect2: error: ld returned 1 exit status
GNUmakefile:411: recipe for target 'sslproxy' failed
make: *** [sslproxy] Error 1

For build problems, please supply:

Output of uname -a (Linux DietPi.local 4.9.77-v7+ #1081 SMP Wed Jan 17 16:15:20 GMT 2018 armv7l GNU/Linux)
Full output of failed make including the header (pls see above)
Version and origin of OpenSSL used (official openssl site, version 1.1.1-pre1)
Version and origin of libevent used (https://github.com/libevent/libevent)

I have been googling and found only information that the getdtablecount is a BSD system call function? As you can see I am compiling on Linux, not BSD. So I am really stuck here. Please help.

Thanks in advance!

How can a divert program identify packet direction for decrypted packets coming from server

Does SSLproxy open a different connection to divert program for decrypted packets that are on the response path from the downstream https server? How do I identify packet direction (to_server vs to_client) for packets in the same https connection in my divert program?

own written LP doesnt work with ssl option

Hi, i wrote my own lp in java with the lib (Netty), this works good as long as i specify https when starting the sslproxy, but when i specify ssl in the proxyspecs, my client browser website doesn't seem to load properly anymore. What could be the reason for this behavior?

when i specify
sslproxy -D -k test.key -c test.crt https 10.42.0.1 8443 up:1212 it works correctly

but when i specify
sslproxy -D -k test.key -c test.crt ssl 10.42.0.1 8443 up:1212
some sites doesnt load correctly anymore

Here are the debug output of SSLproxy for for one of these sites,

It seems that the website is never load completly

What are the differences in the packets sent to the LP when I specify https or ssl?

What am I missing?

Thanks in advance and Kind regards!

SSLproxy v0.9.2-dirty (built 2021-12-06)
Copyright (c) 2017-2021, Soner Tari <[email protected]>
https://github.com/sonertari/SSLproxy
Copyright (c) 2009-2019, Daniel Roethlisberger <[email protected]>
https://www.roe.ch/SSLsplit
Build info: V:GIT
Features: -DHAVE_NETFILTER
NAT engines: netfilter* tproxy
netfilter: IP_TRANSPARENT IP6T_SO_ORIGINAL_DST
Local process info support: no
compiled against OpenSSL 1.1.1f  31 Mar 2020 (1010106f)
rtlinked against OpenSSL 1.1.1f  31 Mar 2020 (1010106f)
OpenSSL has support for TLS extensions
TLS Server Name Indication (SNI) supported
OpenSSL is thread-safe with THREADID
OpenSSL has engine support
Using SSL_MODE_RELEASE_BUFFERS
SSL/TLS protocol availability: tls10 tls11 tls12 tls13 
SSL/TLS algorithm availability: !SHA0 RSA DSA ECDSA DH ECDH EC
OpenSSL option availability: SSL_OP_NO_COMPRESSION SSL_OP_NO_TICKET SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION SSL_OP_TLS_ROLLBACK_BUG
compiled against libevent 2.1.11-stable
rtlinked against libevent 2.1.11-stable
compiled against libnet 1.1.6
rtlinked against libnet 1.1.6
compiled against libpcap n/a
rtlinked against libpcap 1.9.1 (with TPACKET_V3)
compiled against sqlite 3.31.1
rtlinked against sqlite 3.31.1
4 CPU cores detected
Generated 2048 bit RSA key for leaf certs.
Global conn opts: negotiate>=tls10<=tls13|ALL:-aNULL|TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256|no ecdhcurve|no leafcrlurl|remove_http_referer|verify_peer|no user_auth_url|300|8192
proxyspecs:
- listen=[10.42.0.1]:8443 ssl netfilter
divert addr= [127.0.0.1]:1212
return addr= [127.0.0.1]:0
opts= conn opts: negotiate>=tls10<=tls13|ALL:-aNULL|TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256|no ecdhcurve|no leafcrlurl|remove_http_referer|verify_peer|no user_auth_url|300|8192
divert||
Loaded Global CA: '/C=DE/ST=Germany/L=Munich/O=TUM/OU=cool/CN=Cool/[email protected]'
Loaded ProxySpec CA: '/C=DE/ST=Germany/L=Munich/O=TUM/OU=cool//CN=Cool/[email protected]'
SSL/TLS leaf certificates taken from:
- Global generated on the fly
Privsep fastpath disabled
Created self-pipe [r=3,w=4]
Created chld-pipe [r=5,w=6]
Created socketpair 0 [p=7,c=8]
Created socketpair 1 [p=9,c=10]
Created socketpair 2 [p=11,c=12]
Created socketpair 3 [p=13,c=14]
Created socketpair 4 [p=15,c=16]
Created socketpair 5 [p=17,c=18]
Privsep parent pid 15149
Privsep child pid 15150
Using libevent backend 'epoll'
Event base supports: edge yes, O(1) yes, anyfd no
Received privsep req type 03 sz 9 on srvsock 7
Dropped privs to user nobody group - chroot -
Received privsep req type 00 sz 1 on srvsock 9
Received privsep req type 00 sz 1 on srvsock 11
Received privsep req type 00 sz 1 on srvsock 13
Inserted events:
Received privsep req type 00 sz 1 on srvsock 15
Received privsep req type 00 sz 1 on srvsock 17
  0x55aea32afd78 [fd  4] Read Persist Internal
  0x55aea32aff50 [fd  6] Read Persist Internal
  0x55aea32b0368 [fd  7] Read Persist
  0x55aea32af1c0 [sig 1] Signal Persist
  0x55aea3281910 [sig 2] Signal Persist
  0x55aea32af810 [sig 3] Signal Persist
  0x55aea32af570 [sig 10] Signal Persist
  0x55aea32af780 [sig 13] Signal Persist
  0x55aea32ad660 [sig 15] Signal Persist
  0x55aea32b0710 [fd  -1] Persist Timeout=1638800186.794749
Active events:
Initialized 8 connection handling threads
Started 8 connection handling threads
Starting main event loop.
SNI peek: [login.live.com] [complete], fd=41
Connecting to [40.126.31.139]:443
===> Original server certificate:
Subject DN: /C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/CN=graph.windows.net
Common Names: graph.windows.net/*.aadkds.ppe.reporting.msidentity.com/*.aadkds.prd.reporting.msidentity.com/*.accesscontrol.aadtst3.windows-int.net/*.accesscontrol.windows-ppe.net/*.accesscontrol.windows.net/*.adls.aadkds.ppe.reporting.msidentity.com/*.adls.aadkds.prd.reporting.msidentity.com/*.adti.aadkds.ppe.reporting.msidentity.com/*.adti.aadkds.prd.reporting.msidentity.com/*.authapp.net/*.authorization.azure-ppe.net/*.authorization.azure.net/*.b2clogin.com/*.cpim.windows.net/*.d2k.aadkds.ppe.reporting.msidentity.com/*.d2k.aadkds.prd.reporting.msidentity.com/*.fp.measure.office.com/*.Identity.azure-int.net/*.Identity.azure.net/*.login.live.com/*.login.microsoft.com/*.login.microsoftonline.com/*.login.windows-ppe.net/*.logincert.microsoft.com/*.logincert.windows-ppe.net/*.microsoftaik-int.azure-int.net/*.microsoftaik.azure.net/*.r.login.microsoft.com/*.r.login.microsoftonline.com/*.windows-ppe.net/aadg.windows.net/aadgv6.ppe.windows.net/aadgv6.windows.net/accesscontrol.aadtst3.windows-int.net/account.live-int.com/account.live.com/api.login.live-int.com/api.login.microsoftonline.com/api.password.ccsctp.com/api.passwordreset.microsoftonline.com/autologon.microsoftazuread-sso.com/becws.ccsctp.com/clientconfig.microsoftonline-p-int.net/clientconfig.microsoftonline-p.net/companymanager.ccsctp.com/companymanager.microsoftonline.com/cpim.windows.net/device.login.microsoftonline.com/device.login.windows-ppe.net/directoryproxy.ppe.windows.net/directoryproxy.windows.net/gatewayforking.windows.net/graph.ppe.windows.net/graph.windows.net/graphstore.windows.net/ipv6.login.live-int.com/login-us.microsoftonline.com/login.live-int.com/login.live.com/login.microsoft-ppe.com/login.microsoft.com/login.microsoftonline-int.com/login.microsoftonline-p.com/login.microsoftonline-pst.com/login.microsoftonline.com/login.passport-int.com/login.windows.net/logincert.microsoftonline-int.com/logincert.microsoftonline.com/loginnet.passport-int.com/microsoftaik-int.azure-int.net/microsoftaik.azure.net/msnia.login.live-int.com/msnialogin.passport-int.com/nexus.microsoftonline-p-int.com/nexus.microsoftonline-p.com/nexus.passport-int.com/pas.windows-ppe.net/pas.windows.net/password.ccsctp.com/passwordreset.activedirectory.windowsazure.us/passwordreset.microsoftonline.com/provisioning.microsoftonline.com/signup.live-int.com/signup.live.com/sts.windows.net/tools.login.live-int.com/xml.login.live-int.com/xml.login.live.com
Fingerprint: CC:AE:81:23:0D:77:3F:D5:B7:FE81:29:0D:3E:60:D6:EC:A3:20:D1
Certificate cache: MISS
===> Forged server certificate:
Subject DN: /C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/CN=graph.windows.net
Common Names: graph.windows.net/*.aadkds.ppe.reporting.msidentity.com/*.aadkds.prd.reporting.msidentity.com/*.accesscontrol.aadtst3.windows-int.net/*.accesscontrol.windows-ppe.net/*.accesscontrol.windows.net/*.adls.aadkds.ppe.reporting.msidentity.com/*.adls.aadkds.prd.reporting.msidentity.com/*.adti.aadkds.ppe.reporting.msidentity.com/*.adti.aadkds.prd.reporting.msidentity.com/*.authapp.net/*.authorization.azure-ppe.net/*.authorization.azure.net/*.b2clogin.com/*.cpim.windows.net/*.d2k.aadkds.ppe.reporting.msidentity.com/*.d2k.aadkds.prd.reporting.msidentity.com/*.fp.measure.office.com/*.Identity.azure-int.net/*.Identity.azure.net/*.login.live.com/*.login.microsoft.com/*.login.microsoftonline.com/*.login.windows-ppe.net/*.logincert.microsoft.com/*.logincert.windows-ppe.net/*.microsoftaik-int.azure-int.net/*.microsoftaik.azure.net/*.r.login.microsoft.com/*.r.login.microsoftonline.com/*.windows-ppe.net/aadg.windows.net/aadgv6.ppe.windows.net/aadgv6.windows.net/accesscontrol.aadtst3.windows-int.net/account.live-int.com/account.live.com/api.login.live-int.com/api.login.microsoftonline.com/api.password.ccsctp.com/api.passwordreset.microsoftonline.com/autologon.microsoftazuread-sso.com/becws.ccsctp.com/clientconfig.microsoftonline-p-int.net/clientconfig.microsoftonline-p.net/companymanager.ccsctp.com/companymanager.microsoftonline.com/cpim.windows.net/device.login.microsoftonline.com/device.login.windows-ppe.net/directoryproxy.ppe.windows.net/directoryproxy.windows.net/gatewayforking.windows.net/graph.ppe.windows.net/graph.windows.net/graphstore.windows.net/ipv6.login.live-int.com/login-us.microsoftonline.com/login.live-int.com/login.live.com/login.microsoft-ppe.com/login.microsoft.com/login.microsoftonline-int.com/login.microsoftonline-p.com/login.microsoftonline-pst.com/login.microsoftonline.com/login.passport-int.com/login.windows.net/logincert.microsoftonline-int.com/logincert.microsoftonline.com/loginnet.passport-int.com/microsoftaik-int.azure-int.net/microsoftaik.azure.net/msnia.login.live-int.com/msnialogin.passport-int.com/nexus.microsoftonline-p-int.com/nexus.microsoftonline-p.com/nexus.passport-int.com/pas.windows-ppe.net/pas.windows.net/password.ccsctp.com/passwordreset.activedirectory.windowsazure.us/passwordreset.microsoftonline.com/provisioning.microsoftonline.com/signup.live-int.com/signup.live.com/sts.windows.net/tools.login.live-int.com/xml.login.live-int.com/xml.login.live.com
Fingerprint: DC:03:45:07:E0:49:4B:CF:5D:54EA:16:6C:F3:20:85:F2:88:5E:8C
SSL connected to [40.126.31.139]:443 TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
CLIENT_RANDOM 7F35241244EAD2D9387FA007C2EF23ADE58E0A1A124F081C4E29F5398F9E6B53 8FE5EAD52032061BB380F128BABD5A24444EC3AA124F88E82420383668E3B88688FF27FC61B89C5C5C365FC29F28983B
Certificate cache: KEEP (SNI match or target mode)
SSL_free() in state 0000001a = 001a = TWSD (SSLv3/TLS write server done) [accept socket]
SSL disconnected to [40.126.31.139]:443, fd=41
SSL disconnected from [10.42.0.230]:64063, fd=41
SSL_free() in state 00000001 = 0001 = SSLOK  (SSL negotiation finished successfully) [connect socket]
SNI peek: [www.ebay.de] [complete], fd=41
Connecting to [84.53.189.188]:443
===> Original server certificate:
Subject DN: /C=US/ST=California/L=San Jose/O=eBay, Inc./CN=www.ebay.com
Common Names: www.ebay.com/www.ebay.com/aka-sandbox.ebay.com/cache.ebay.com/cache.vivanuncios.com.mx/careers.ebayinc.com/cdn.roma.ebay.com/cr.qa.ebaystatic.com/dsa.ebay.co.uk/dsa.ebay.com/dsa.ebay.de/ebay.com.au/ebay.us/ebaypartnernetwork.ebay.com/ecg-api.vivanuncios.com.mx/ecg-apis.vivanuncios.com.mx/feed.ebay.com.au/galleryplus.ebayimg.com/gh.ebaystatic.com/ir.ebaystatic.com/ir.sandbox.ebaystatic.com/m.ebay.at/m.ebay.ca/m.ebay.ie/m.ebay.ph/p.ebaystatic.com/pages.ebay.ca/pages.ebay.com.au/pages.ebay.in/partnernetwork.ebay.co.uk/partnernetwork.ebay.com/partnernetwork.ebay.com.au/partnernetwork.ebay.de/partnernetwork.ebay.es/partnernetwork.ebay.fr/partnernetwork.ebay.it/pics.ebaystatic.com/poc.ebay.com/protool.vivanuncios.com.mx/q.ebaystatic.com/reco.ebay.com/rest.ebay.com/rs.sandbox.ebaystatic.com/rs.xstage.ebaystatic.com/rtm.ebaystatic.com/securepics.ebaystatic.com/securertm.ebaystatic.com/sslgalleryplus.ebayimg.com/static.ebayinc.com/tech.ebayinc.com/vivanuncios.com.mx/vmp.ebay.com/www.befr.ebay.be/www.benl.ebay.be/www.cafr.ebay.ca/www.ebay.at/www.ebay.be/www.ebay.ca/www.ebay.ch/www.ebay.co.uk/www.ebay.com.au/www.ebay.com.hk/www.ebay.com.my/www.ebay.com.sg/www.ebay.de/www.ebay.es/www.ebay.fr/www.ebay.ie/www.ebay.in/www.ebay.it/www.ebay.nl/www.ebay.ph/www.ebay.pl/www.ebay.us/www.ebayinc.com/www.vivanuncios.com.mx
Fingerprint: DD:AC:89:D2:F5:70:7C:BF:A4:6C4C:3B:42:0E:F1:7E:F4:56:FB:C5
Certificate cache: MISS
===> Forged server certificate:
Subject DN: /C=US/ST=California/L=San Jose/O=eBay, Inc./CN=www.ebay.com
Common Names: www.ebay.com/www.ebay.com/aka-sandbox.ebay.com/cache.ebay.com/cache.vivanuncios.com.mx/careers.ebayinc.com/cdn.roma.ebay.com/cr.qa.ebaystatic.com/dsa.ebay.co.uk/dsa.ebay.com/dsa.ebay.de/ebay.com.au/ebay.us/ebaypartnernetwork.ebay.com/ecg-api.vivanuncios.com.mx/ecg-apis.vivanuncios.com.mx/feed.ebay.com.au/galleryplus.ebayimg.com/gh.ebaystatic.com/ir.ebaystatic.com/ir.sandbox.ebaystatic.com/m.ebay.at/m.ebay.ca/m.ebay.ie/m.ebay.ph/p.ebaystatic.com/pages.ebay.ca/pages.ebay.com.au/pages.ebay.in/partnernetwork.ebay.co.uk/partnernetwork.ebay.com/partnernetwork.ebay.com.au/partnernetwork.ebay.de/partnernetwork.ebay.es/partnernetwork.ebay.fr/partnernetwork.ebay.it/pics.ebaystatic.com/poc.ebay.com/protool.vivanuncios.com.mx/q.ebaystatic.com/reco.ebay.com/rest.ebay.com/rs.sandbox.ebaystatic.com/rs.xstage.ebaystatic.com/rtm.ebaystatic.com/securepics.ebaystatic.com/securertm.ebaystatic.com/sslgalleryplus.ebayimg.com/static.ebayinc.com/tech.ebayinc.com/vivanuncios.com.mx/vmp.ebay.com/www.befr.ebay.be/www.benl.ebay.be/www.cafr.ebay.ca/www.ebay.at/www.ebay.be/www.ebay.ca/www.ebay.ch/www.ebay.co.uk/www.ebay.com.au/www.ebay.com.hk/www.ebay.com.my/www.ebay.com.sg/www.ebay.de/www.ebay.es/www.ebay.fr/www.ebay.ie/www.ebay.in/www.ebay.it/www.ebay.nl/www.ebay.ph/www.ebay.pl/www.ebay.us/www.ebayinc.com/www.vivanuncios.com.mx
Fingerprint: 54:81:1C:9C:AE:9B:E4:10:F8:EB77:A1:AB:66:E7:FF:B7:86:52:FF
SSL connected to [84.53.189.188]:443 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
CLIENT_RANDOM FD98B69E7FA3AF7A3B7EC58BB32CC491C9F61C7AEBE08B07249FB5044C5A5F3A 75D5D6557B774F50D33680181F2BBC22CA7016000F41FAAC60976E500E429FBE1178FF1F75BE4B72B19E96CACA90FB39
SSL session cache: MISS
Certificate cache: KEEP (SNI match or target mode)
CONN: ssl 10.42.0.230 64066 84.53.189.188 443 sni:www.ebay.de names:www.ebay.com/www.ebay.com/aka-sandbox.ebay.com/cache.ebay.com/cache.vivanuncios.com.mx/careers.ebayinc.com/cdn.roma.ebay.com/cr.qa.ebaystatic.com/dsa.ebay.co.uk/dsa.ebay.com/dsa.ebay.de/ebay.com.au/ebay.us/ebaypartnernetwork.ebay.com/ecg-api.vivanuncios.com.mx/ecg-apis.vivanuncios.com.mx/feed.ebay.com.au/galleryplus.ebayimg.com/gh.ebaystatic.com/ir.ebaystatic.com/ir.sandbox.ebaystatic.com/m.ebay.at/m.ebay.ca/m.ebay.ie/m.ebay.ph/p.ebaystatic.com/pages.ebay.ca/pages.ebay.com.au/pages.ebay.in/partnernetwork.ebay.co.uk/partnernetwork.ebay.com/partnernetwork.ebay.com.au/partnernetwork.ebay.de/partnernetwork.ebay.es/partnernetwork.ebay.fr/partnernetwork.ebay.it/pics.ebaystatic.com/poc.ebay.com/protool.vivanuncios.com.mx/q.ebaystatic.com/reco.ebay.com/rest.ebay.com/rs.sandbox.ebaystatic.com/rs.xstage.ebaystatic.com/rtm.ebaystatic.com/securepics.ebaystatic.com/securertm.ebaystatic.com/sslgalleryplus.ebayimg.com/static.ebayinc.com/tech.ebayinc.com/vivanuncios.com.mx/vmp.ebay.com/www.befr.ebay.be/www.benl.ebay.be/www.cafr.ebay.ca/www.ebay.at/www.ebay.be/www.ebay.ca/www.ebay.ch/www.ebay.co.uk/www.ebay.com.au/www.ebay.com.hk/www.ebay.com.my/www.ebay.com.sg/www.ebay.de/www.ebay.es/www.ebay.fr/www.ebay.ie/www.ebay.in/www.ebay.it/www.ebay.nl/www.ebay.ph/www.ebay.pl/www.ebay.us/www.ebayinc.com/www.vivanuncios.com.mx sproto:TLSv1.3:TLS_AES_128_GCM_SHA256 dproto:TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256 origcrt:DDAC89D2F5707CBFA46C4C3B420EF17EF456FBC5 usedcrt:54811C9CAE9BE410F8EB77A1AB66E7FFB78652FF user:-
SSL connected to [84.53.189.188]:443 TLSv1.3 TLS_AES_128_GCM_SHA256
CLIENT_RANDOM 8D4AE2AF715A8F913E85CF05CCB55CB15D99117AD55949EA34334634A99E94E0 3772185D58A80E211CFAEBE186EDF86177A6EE60CCD89E1367F6D28C1B8D095700000000000000000000000000000000
Child connecting to [84.53.189.188]:443
SNI peek: [ir.ebaystatic.com] [complete], fd=46
Connecting to [93.184.221.225]:443
SNI peek: [ir.ebaystatic.com] [complete], fd=47
Connecting to [93.184.221.225]:443
SNI peek: [ir.ebaystatic.com] [complete], fd=48
Connecting to [93.184.221.225]:443
SNI peek: [ir.ebaystatic.com] [complete], fd=49
Connecting to [93.184.221.225]:443
SNI peek: [ir.ebaystatic.com] [complete], fd=51
Connecting to [93.184.221.225]:443
SNI peek: [ir.ebaystatic.com] [complete], fd=56
Connecting to [93.184.221.225]:443
SNI peek: [www.ebay.com] [complete], fd=58
Connecting to [84.53.189.76]:443
===> Original server certificate:
Subject DN: /C=US/ST=California/L=San Jose/O=eBay, Inc./CN=www.ebay.com
Common Names: www.ebay.com/www.ebay.com/m.ebay.com.au/m.ebay.com/m.ebay.co.uk/info.ebayinc.com/image.edpn.ebay.com/i.ebayimg.com/gh.ebaystatic.com/fundinginstrument.ebay.de/cdn.ebaymainstreet.com/apacshippingtool.ebay.com/apacshipping.ebay.com.hk/anywhere.ebay.pl/anywhere.ebay.nl/anywhere.ebay.it/m.ebay.de/anywhere.ebay.in/anywhere.ebay.es/anywhere.ebay.com.sg/anywhere.ebay.com.hk/anywhere.ebay.com/anywhere.ebay.ch/anywhere.ebay.ca/anywhere.ebay.be/anywhere.ebay.at/identity-api.ebay.com/akamai-static.ebaycdn.net/verizon-static.ebaycdn.net/fastly-static.ebaycdn.net/level3-static.ebaycdn.net/video.ebaycdn.net/anywhere.ebay.ie/m.ebay.fr/m.ebay.it/rover.ebay.co.uk/svcs.ebay.com/srwsvcs.ebay.com/srv.uk.ebayrtm.com/srv.main.ebayrtm.com/srv.it.ebayrtm.com/srv.in.ebayrtm.com/srv.fr.ebayrtm.com/srv.de.ebayrtm.com/srv.au.ebayrtm.com/sofe.express.ebay.com/sofe.ebay.it/sofe.ebay.in/sofe.ebay.fr/sofe.ebay.de/sofe.ebay.com.au/sofe.ebay.com/sofe.ebay.co.uk/rover.ebay.com/rover.ebay.com.au/rover.ebay.de/rover.ebay.fr/rover.ebay.in/rover.ebay.it/secureinclude.ebaystatic.com/secureir.ebaystatic.com/secureir.sandbox.ebaystatic.com/securepics.ebaystatic.com/securertm.ebaystatic.com/shippingtool.ebay.cn/sofe.ebay.at/ir.ebaystatic.com/thumbs.ebaystatic.com/thumbs3.ebaystatic.com/thumbs2.ebaystatic.com/thumbs1.ebaystatic.com/thumbs4.ebaystatic.com/ucpstatic.ebay.com
Fingerprint: 8D:4B:BB:CD:E0:E4:65:CC:56:15CF:00:B0:97:A2:57:B7:79:28:92
Certificate cache: MISS
===> Original server certificate:
Subject DN: /C=US/ST=California/L=San Jose/O=eBay, Inc./CN=www.ebay.com
===> Original server certificate:
Subject DN: /C=US/ST=California/L=San Jose/O=eBay, Inc./CN=www.ebay.com
Common Names: www.ebay.com/www.ebay.com/m.ebay.com.au/m.ebay.com/m.ebay.co.uk/info.ebayinc.com/image.edpn.ebay.com/i.ebayimg.com/gh.ebaystatic.com/fundinginstrument.ebay.de/cdn.ebaymainstreet.com/apacshippingtool.ebay.com/apacshipping.ebay.com.hk/anywhere.ebay.pl/anywhere.ebay.nl/anywhere.ebay.it/m.ebay.de/anywhere.ebay.in/anywhere.ebay.es/anywhere.ebay.com.sg/anywhere.ebay.com.hk/anywhere.ebay.com/anywhere.ebay.ch/anywhere.ebay.ca/anywhere.ebay.be/anywhere.ebay.at/identity-api.ebay.com/akamai-static.ebaycdn.net/verizon-static.ebaycdn.net/fastly-static.ebaycdn.net/level3-static.ebaycdn.net/video.ebaycdn.net/anywhere.ebay.ie/m.ebay.fr/m.ebay.it/rover.ebay.co.uk/svcs.ebay.com/srwsvcs.ebay.com/srv.uk.ebayrtm.com/srv.main.ebayrtm.com/srv.it.ebayrtm.com/srv.in.ebayrtm.com/srv.fr.ebayrtm.com/srv.de.ebayrtm.com/srv.au.ebayrtm.com/sofe.express.ebay.com/sofe.ebay.it/sofe.ebay.in/sofe.ebay.fr/sofe.ebay.de/sofe.ebay.com.au/sofe.ebay.com/sofe.ebay.co.uk/rover.ebay.com/rover.ebay.com.au/rover.ebay.de/rover.ebay.fr/rover.ebay.in/rover.ebay.it/secureinclude.ebaystatic.com/secureir.ebaystatic.com/secureir.sandbox.ebaystatic.com/securepics.ebaystatic.com/securertm.ebaystatic.com/shippingtool.ebay.cn/sofe.ebay.at/ir.ebaystatic.com/thumbs.ebaystatic.com/thumbs3.ebaystatic.com/thumbs2.ebaystatic.com/thumbs1.ebaystatic.com/thumbs4.ebaystatic.com/ucpstatic.ebay.com
Fingerprint: 8D:4B:BB:CD:E0:E4:65:CC:56:15CF:00:B0:97:A2:57:B7:79:28:92
Certificate cache: MISS
Common Names: www.ebay.com/www.ebay.com/m.ebay.com.au/m.ebay.com/m.ebay.co.uk/info.ebayinc.com/image.edpn.ebay.com/i.ebayimg.com/gh.ebaystatic.com/fundinginstrument.ebay.de/cdn.ebaymainstreet.com/apacshippingtool.ebay.com/apacshipping.ebay.com.hk/anywhere.ebay.pl/anywhere.ebay.nl/anywhere.ebay.it/m.ebay.de/anywhere.ebay.in/anywhere.ebay.es/anywhere.ebay.com.sg/anywhere.ebay.com.hk/anywhere.ebay.com/anywhere.ebay.ch/anywhere.ebay.ca/anywhere.ebay.be/anywhere.ebay.at/identity-api.ebay.com/akamai-static.ebaycdn.net/verizon-static.ebaycdn.net/fastly-static.ebaycdn.net/level3-static.ebaycdn.net/video.ebaycdn.net/anywhere.ebay.ie/m.ebay.fr/m.ebay.it/rover.ebay.co.uk/svcs.ebay.com/srwsvcs.ebay.com/srv.uk.ebayrtm.com/srv.main.ebayrtm.com/srv.it.ebayrtm.com/srv.in.ebayrtm.com/srv.fr.ebayrtm.com/srv.de.ebayrtm.com/srv.au.ebayrtm.com/sofe.express.ebay.com/sofe.ebay.it/sofe.ebay.in/sofe.ebay.fr/sofe.ebay.de/sofe.ebay.com.au/sofe.ebay.com/sofe.ebay.co.uk/rover.ebay.com/rover.ebay.com.au/rover.ebay.de/rover.ebay.fr/rover.ebay.in/rover.ebay.it/secureinclude.ebaystatic.com/secureir.ebaystatic.com/secureir.sandbox.ebaystatic.com/securepics.ebaystatic.com/securertm.ebaystatic.com/shippingtool.ebay.cn/sofe.ebay.at/ir.ebaystatic.com/thumbs.ebaystatic.com/thumbs3.ebaystatic.com/thumbs2.ebaystatic.com/thumbs1.ebaystatic.com/thumbs4.ebaystatic.com/ucpstatic.ebay.com
Fingerprint: 8D:4B:BB:CD:E0:E4:65:CC:56:15CF:00:B0:97:A2:57:B7:79:28:92
Certificate cache: MISS
===> Original server certificate:
Subject DN: /C=US/ST=California/L=San Jose/O=eBay, Inc./CN=www.ebay.com
Common Names: www.ebay.com/www.ebay.com/m.ebay.com.au/m.ebay.com/m.ebay.co.uk/info.ebayinc.com/image.edpn.ebay.com/i.ebayimg.com/gh.ebaystatic.com/fundinginstrument.ebay.de/cdn.ebaymainstreet.com/apacshippingtool.ebay.com/apacshipping.ebay.com.hk/anywhere.ebay.pl/anywhere.ebay.nl/anywhere.ebay.it/m.ebay.de/anywhere.ebay.in/anywhere.ebay.es/anywhere.ebay.com.sg/anywhere.ebay.com.hk/anywhere.ebay.com/anywhere.ebay.ch/anywhere.ebay.ca/anywhere.ebay.be/anywhere.ebay.at/identity-api.ebay.com/akamai-static.ebaycdn.net/verizon-static.ebaycdn.net/fastly-static.ebaycdn.net/level3-static.ebaycdn.net/video.ebaycdn.net/anywhere.ebay.ie/m.ebay.fr/m.ebay.it/rover.ebay.co.uk/svcs.ebay.com/srwsvcs.ebay.com/srv.uk.ebayrtm.com/srv.main.ebayrtm.com/srv.it.ebayrtm.com/srv.in.ebayrtm.com/srv.fr.ebayrtm.com/srv.de.ebayrtm.com/srv.au.ebayrtm.com/sofe.express.ebay.com/sofe.ebay.it/sofe.ebay.in/sofe.ebay.fr/sofe.ebay.de/sofe.ebay.com.au/sofe.ebay.com/sofe.ebay.co.uk/rover.ebay.com/rover.ebay.com.au/rover.ebay.de/rover.ebay.fr/rover.ebay.in/rover.ebay.it/secureinclude.ebaystatic.com/secureir.ebaystatic.com/secureir.sandbox.ebaystatic.com/securepics.ebaystatic.com/securertm.ebaystatic.com/shippingtool.ebay.cn/sofe.ebay.at/ir.ebaystatic.com/thumbs.ebaystatic.com/thumbs3.ebaystatic.com/thumbs2.ebaystatic.com/thumbs1.ebaystatic.com/thumbs4.ebaystatic.com/ucpstatic.ebay.com
Fingerprint: 8D:4B:BB:CD:E0:E4:65:CC:56:15CF:00:B0:97:A2:57:B7:79:28:92
Certificate cache: MISS
===> Forged server certificate:
Subject DN: /C=US/ST=California/L=San Jose/O=eBay, Inc./CN=www.ebay.com
Common Names: www.ebay.com/www.ebay.com/m.ebay.com.au/m.ebay.com/m.ebay.co.uk/info.ebayinc.com/image.edpn.ebay.com/i.ebayimg.com/gh.ebaystatic.com/fundinginstrument.ebay.de/cdn.ebaymainstreet.com/apacshippingtool.ebay.com/apacshipping.ebay.com.hk/anywhere.ebay.pl/anywhere.ebay.nl/anywhere.ebay.it/m.ebay.de/anywhere.ebay.in/anywhere.ebay.es/anywhere.ebay.com.sg/anywhere.ebay.com.hk/anywhere.ebay.com/anywhere.ebay.ch/anywhere.ebay.ca/anywhere.ebay.be/anywhere.ebay.at/identity-api.ebay.com/akamai-static.ebaycdn.net/verizon-static.ebaycdn.net/fastly-static.ebaycdn.net/level3-static.ebaycdn.net/video.ebaycdn.net/anywhere.ebay.ie/m.ebay.fr/m.ebay.it/rover.ebay.co.uk/svcs.ebay.com/srwsvcs.ebay.com/srv.uk.ebayrtm.com/srv.main.ebayrtm.com/srv.it.ebayrtm.com/srv.in.ebayrtm.com/srv.fr.ebayrtm.com/srv.de.ebayrtm.com/srv.au.ebayrtm.com/sofe.express.ebay.com/sofe.ebay.it/sofe.ebay.in/sofe.ebay.fr/sofe.ebay.de/sofe.ebay.com.au/sofe.ebay.com/sofe.ebay.co.uk/rover.ebay.com/rover.ebay.com.au/rover.ebay.de/rover.ebay.fr/rover.ebay.in/rover.ebay.it/secureinclude.ebaystatic.com/secureir.ebaystatic.com/secureir.sandbox.ebaystatic.com/securepics.ebaystatic.com/securertm.ebaystatic.com/shippingtool.ebay.cn/sofe.ebay.at/ir.ebaystatic.com/thumbs.ebaystatic.com/thumbs3.ebaystatic.com/thumbs2.ebaystatic.com/thumbs1.ebaystatic.com/thumbs4.ebaystatic.com/ucpstatic.ebay.com
Fingerprint: 71:3A:E9:CE:8D:DF:28:9E:FD:2B5A:C8:8E:76:FF:4B:7A:2E:C3:0B
SSL connected to [93.184.221.225]:443 TLSv1.3 TLS_AES_256_GCM_SHA384
CLIENT_RANDOM D8D50632B4792E937DC252FA3EE44362B0120DAE97E19531544A2E1A4A1CED30 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
SSL session cache: MISS
Certificate cache: KEEP (SNI match or target mode)
===> Forged server certificate:
Subject DN: /C=US/ST=California/L=San Jose/O=eBay, Inc./CN=www.ebay.com
Common Names: www.ebay.com/www.ebay.com/m.ebay.com.au/m.ebay.com/m.ebay.co.uk/info.ebayinc.com/image.edpn.ebay.com/i.ebayimg.com/gh.ebaystatic.com/fundinginstrument.ebay.de/cdn.ebaymainstreet.com/apacshippingtool.ebay.com/apacshipping.ebay.com.hk/anywhere.ebay.pl/anywhere.ebay.nl/anywhere.ebay.it/m.ebay.de/anywhere.ebay.in/anywhere.ebay.es/anywhere.ebay.com.sg/anywhere.ebay.com.hk/anywhere.ebay.com/anywhere.ebay.ch/anywhere.ebay.ca/anywhere.ebay.be/anywhere.ebay.at/identity-api.ebay.com/akamai-static.ebaycdn.net/verizon-static.ebaycdn.net/fastly-static.ebaycdn.net/level3-static.ebaycdn.net/video.ebaycdn.net/anywhere.ebay.ie/m.ebay.fr/m.ebay.it/rover.ebay.co.uk/svcs.ebay.com/srwsvcs.ebay.com/srv.uk.ebayrtm.com/srv.main.ebayrtm.com/srv.it.ebayrtm.com/srv.in.ebayrtm.com/srv.fr.ebayrtm.com/srv.de.ebayrtm.com/srv.au.ebayrtm.com/sofe.express.ebay.com/sofe.ebay.it/sofe.ebay.in/sofe.ebay.fr/sofe.ebay.de/sofe.ebay.com.au/sofe.ebay.com/sofe.ebay.co.uk/rover.ebay.com/rover.ebay.com.au/rover.ebay.de/rover.ebay.fr/rover.ebay.in/rover.ebay.it/secureinclude.ebaystatic.com/secureir.ebaystatic.com/secureir.sandbox.ebaystatic.com/securepics.ebaystatic.com/securertm.ebaystatic.com/shippingtool.ebay.cn/sofe.ebay.at/ir.ebaystatic.com/thumbs.ebaystatic.com/thumbs3.ebaystatic.com/thumbs2.ebaystatic.com/thumbs1.ebaystatic.com/thumbs4.ebaystatic.com/ucpstatic.ebay.com
Fingerprint: E4:8A:65:4E:B6:9E:3F:C9:4F:FF89:0E:24:9F:0B:75:E1:6D:2F:AC
===> Forged server certificate:
Subject DN: /C=US/ST=California/L=San Jose/O=eBay, Inc./CN=www.ebay.com
Common Names: www.ebay.com/www.ebay.com/m.ebay.com.au/m.ebay.com/m.ebay.co.uk/info.ebayinc.com/image.edpn.ebay.com/i.ebayimg.com/gh.ebaystatic.com/fundinginstrument.ebay.de/cdn.ebaymainstreet.com/apacshippingtool.ebay.com/apacshipping.ebay.com.hk/anywhere.ebay.pl/anywhere.ebay.nl/anywhere.ebay.it/m.ebay.de/anywhere.ebay.in/anywhere.ebay.es/anywhere.ebay.com.sg/anywhere.ebay.com.hk/anywhere.ebay.com/anywhere.ebay.ch/anywhere.ebay.ca/anywhere.ebay.be/anywhere.ebay.at/identity-api.ebay.com/akamai-static.ebaycdn.net/verizon-static.ebaycdn.net/fastly-static.ebaycdn.net/level3-static.ebaycdn.net/video.ebaycdn.net/anywhere.ebay.ie/m.ebay.fr/m.ebay.it/rover.ebay.co.uk/svcs.ebay.com/srwsvcs.ebay.com/srv.uk.ebayrtm.com/srv.main.ebayrtm.com/srv.it.ebayrtm.com/srv.in.ebayrtm.com/srv.fr.ebayrtm.com/srv.de.ebayrtm.com/srv.au.ebayrtm.com/sofe.express.ebay.com/sofe.ebay.it/sofe.ebay.in/sofe.ebay.fr/sofe.ebay.de/sofe.ebay.com.au/sofe.ebay.com/sofe.ebay.co.uk/rover.ebay.com/rover.ebay.com.au/rover.ebay.de/rover.ebay.fr/rover.ebay.in/rover.ebay.it/secureinclude.ebaystatic.com/secureir.ebaystatic.com/secureir.sandbox.ebaystatic.com/securepics.ebaystatic.com/securertm.ebaystatic.com/shippingtool.ebay.cn/sofe.ebay.at/ir.ebaystatic.com/thumbs.ebaystatic.com/thumbs3.ebaystatic.com/thumbs2.ebaystatic.com/thumbs1.ebaystatic.com/thumbs4.ebaystatic.com/ucpstatic.ebay.com
Fingerprint: 96:8F:83:CF:20:17:4E:21:A9:EEEB:A5:7F:16:D6:C5:69:FB:20:AB
===> Original server certificate:
Subject DN: /C=US/ST=California/L=San Jose/O=eBay, Inc./CN=www.ebay.com
Common Names: www.ebay.com/m.ebay.com/m.ebay.co.uk/info.ebayinc.com/image.edpn.ebay.com/www.ebay.com/ucpstatic.ebay.com/svcs.ebay.com/srwsvcs.ebay.com/srv.uk.ebayrtm.com/srv.main.ebayrtm.com/srv.it.ebayrtm.com/srv.in.ebayrtm.com/srv.fr.ebayrtm.com/srv.de.ebayrtm.com/srv.au.ebayrtm.com/sofe.express.ebay.com/sofe.ebay.it/sofe.ebay.in/sofe.ebay.fr/sofe.ebay.de/sofe.ebay.com.au/sofe.ebay.com/sofe.ebay.co.uk/sofe.ebay.at/shippingtool.ebay.cn/securepics.ebaystatic.com/secureir.sandbox.ebaystatic.com/secureir.ebaystatic.com/secureinclude.ebaystatic.com/rover.ebay.it/rover.ebay.in/rover.ebay.fr/rover.ebay.de/rover.ebay.com.au/rover.ebay.com/rover.ebay.co.uk/m.ebay.it/m.ebay.fr/m.ebay.de/m.ebay.com.au/identity-api.ebay.com/i.ebayimg.com/gh.ebaystatic.com/fundinginstrument.ebay.de/cdn.ebaymainstreet.com/apacshippingtool.ebay.com/apacshipping.ebay.com.hk/anywhere.ebay.pl/anywhere.ebay.nl/anywhere.ebay.it/anywhere.ebay.in/anywhere.ebay.ie/anywhere.ebay.es/anywhere.ebay.com.sg/anywhere.ebay.com.hk/anywhere.ebay.com/anywhere.ebay.ch/anywhere.ebay.ca/anywhere.ebay.be/anywhere.ebay.at/akamai.ebaycdn.net/akamai-static.ebaycdn.net/include.ebaystatic.com
Fingerprint: A0:7C:07:E0:45:B7:94:45:A2:1E14:45:41:0D:2A:6A:48:05:80:A5
Certificate cache: MISS
===> Forged server certificate:
Subject DN: /C=US/ST=California/L=San Jose/O=eBay, Inc./CN=www.ebay.com
Common Names: www.ebay.com/www.ebay.com/m.ebay.com.au/m.ebay.com/m.ebay.co.uk/info.ebayinc.com/image.edpn.ebay.com/i.ebayimg.com/gh.ebaystatic.com/fundinginstrument.ebay.de/cdn.ebaymainstreet.com/apacshippingtool.ebay.com/apacshipping.ebay.com.hk/anywhere.ebay.pl/anywhere.ebay.nl/anywhere.ebay.it/m.ebay.de/anywhere.ebay.in/anywhere.ebay.es/anywhere.ebay.com.sg/anywhere.ebay.com.hk/anywhere.ebay.com/anywhere.ebay.ch/anywhere.ebay.ca/anywhere.ebay.be/anywhere.ebay.at/identity-api.ebay.com/akamai-static.ebaycdn.net/verizon-static.ebaycdn.net/fastly-static.ebaycdn.net/level3-static.ebaycdn.net/video.ebaycdn.net/anywhere.ebay.ie/m.ebay.fr/m.ebay.it/rover.ebay.co.uk/svcs.ebay.com/srwsvcs.ebay.com/srv.uk.ebayrtm.com/srv.main.ebayrtm.com/srv.it.ebayrtm.com/srv.in.ebayrtm.com/srv.fr.ebayrtm.com/srv.de.ebayrtm.com/srv.au.ebayrtm.com/sofe.express.ebay.com/sofe.ebay.it/sofe.ebay.in/sofe.ebay.fr/sofe.ebay.de/sofe.ebay.com.au/sofe.ebay.com/sofe.ebay.co.uk/rover.ebay.com/rover.ebay.com.au/rover.ebay.de/rover.ebay.fr/rover.ebay.in/rover.ebay.it/secureinclude.ebaystatic.com/secureir.ebaystatic.com/secureir.sandbox.ebaystatic.com/securepics.ebaystatic.com/securertm.ebaystatic.com/shippingtool.ebay.cn/sofe.ebay.at/ir.ebaystatic.com/thumbs.ebaystatic.com/thumbs3.ebaystatic.com/thumbs2.ebaystatic.com/thumbs1.ebaystatic.com/thumbs4.ebaystatic.com/ucpstatic.ebay.com
Fingerprint: 56:42:2B:2A:6D:4D:F0:7B:59:C7CA:F4:31:15:B2:F3:0B:DB:80:4F
===> Forged server certificate:
Subject DN: /C=US/ST=California/L=San Jose/O=eBay, Inc./CN=www.ebay.com
Common Names: www.ebay.com/m.ebay.com/m.ebay.co.uk/info.ebayinc.com/image.edpn.ebay.com/www.ebay.com/ucpstatic.ebay.com/svcs.ebay.com/srwsvcs.ebay.com/srv.uk.ebayrtm.com/srv.main.ebayrtm.com/srv.it.ebayrtm.com/srv.in.ebayrtm.com/srv.fr.ebayrtm.com/srv.de.ebayrtm.com/srv.au.ebayrtm.com/sofe.express.ebay.com/sofe.ebay.it/sofe.ebay.in/sofe.ebay.fr/sofe.ebay.de/sofe.ebay.com.au/sofe.ebay.com/sofe.ebay.co.uk/sofe.ebay.at/shippingtool.ebay.cn/securepics.ebaystatic.com/secureir.sandbox.ebaystatic.com/secureir.ebaystatic.com/secureinclude.ebaystatic.com/rover.ebay.it/rover.ebay.in/rover.ebay.fr/rover.ebay.de/rover.ebay.com.au/rover.ebay.com/rover.ebay.co.uk/m.ebay.it/m.ebay.fr/m.ebay.de/m.ebay.com.au/identity-api.ebay.com/i.ebayimg.com/gh.ebaystatic.com/fundinginstrument.ebay.de/cdn.ebaymainstreet.com/apacshippingtool.ebay.com/apacshipping.ebay.com.hk/anywhere.ebay.pl/anywhere.ebay.nl/anywhere.ebay.it/anywhere.ebay.in/anywhere.ebay.ie/anywhere.ebay.es/anywhere.ebay.com.sg/anywhere.ebay.com.hk/anywhere.ebay.com/anywhere.ebay.ch/anywhere.ebay.ca/anywhere.ebay.be/anywhere.ebay.at/akamai.ebaycdn.net/akamai-static.ebaycdn.net/include.ebaystatic.com
Fingerprint: 44:1A:8E:D8:81:BD:9E:E4:7C:261D:AB:09:2F:96:8F:CE:9C:83:A6
CONN: ssl 10.42.0.230 64071 93.184.221.225 443 sni:ir.ebaystatic.com names:www.ebay.com/www.ebay.com/m.ebay.com.au/m.ebay.com/m.ebay.co.uk/info.ebayinc.com/image.edpn.ebay.com/i.ebayimg.com/gh.ebaystatic.com/fundinginstrument.ebay.de/cdn.ebaymainstreet.com/apacshippingtool.ebay.com/apacshipping.ebay.com.hk/anywhere.ebay.pl/anywhere.ebay.nl/anywhere.ebay.it/m.ebay.de/anywhere.ebay.in/anywhere.ebay.es/anywhere.ebay.com.sg/anywhere.ebay.com.hk/anywhere.ebay.com/anywhere.ebay.ch/anywhere.ebay.ca/anywhere.ebay.be/anywhere.ebay.at/identity-api.ebay.com/akamai-static.ebaycdn.net/verizon-static.ebaycdn.net/fastly-static.ebaycdn.net/level3-static.ebaycdn.net/video.ebaycdn.net/anywhere.ebay.ie/m.ebay.fr/m.ebay.it/rover.ebay.co.uk/svcs.ebay.com/srwsvcs.ebay.com/srv.uk.ebayrtm.com/srv.main.ebayrtm.com/srv.it.ebayrtm.com/srv.in.ebayrtm.com/srv.fr.ebayrtm.com/srv.de.ebayrtm.com/srv.au.ebayrtm.com/sofe.express.ebay.com/sofe.ebay.it/sofe.ebay.in/sofe.ebay.fr/sofe.ebay.de/sofe.ebay.com.au/sofe.ebay.com/sofe.ebay.co.uk/rover.ebay.com/rover.ebay.com.au/rover.ebay.de/rover.ebay.fr/rover.ebay.in/rover.ebay.it/secureinclude.ebaystatic.com/secureir.ebaystatic.com/secureir.sandbox.ebaystatic.com/securepics.ebaystatic.com/securertm.ebaystatic.com/shippingtool.ebay.cn/sofe.ebay.at/ir.ebaystatic.com/thumbs.ebaystatic.com/thumbs3.ebaystatic.com/thumbs2.ebaystatic.com/thumbs1.ebaystatic.com/thumbs4.ebaystatic.com/ucpstatic.ebay.com sproto:TLSv1.3:TLS_AES_128_GCM_SHA256 dproto:TLSv1.3:TLS_AES_256_GCM_SHA384 origcrt:8D4BBBCDE0E465CC5615CF00B097A257B7792892 usedcrt:713AE9CE8DDF289EFD2B5AC88E76FF4B7A2EC30B user:-
SSL connected to [93.184.221.225]:443 TLSv1.3 TLS_AES_128_GCM_SHA256
CLIENT_RANDOM B580CD74ED195B96008C9C72873738B555BC490055E500A2EC4C3966BE3F9B3D A4E258FB8A08138CE45C2E50CF72BE96288C201F812F6F1D42CD030402F089CA00000000000000000000000000000000
SSL connected to [93.184.221.225]:443 TLSv1.3 TLS_AES_256_GCM_SHA384
CLIENT_RANDOM 814D31C30162EE6E2A9B0834FB39851FF33AD0F543CB47C4BF35E56B823A5FC6 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
SSL session cache: MISS
Certificate cache: KEEP (SNI match or target mode)
===> Original server certificate:
Subject DN: /C=US/ST=California/L=San Jose/O=eBay, Inc./CN=www.ebay.com
Common Names: www.ebay.com/www.ebay.com/m.ebay.com.au/m.ebay.com/m.ebay.co.uk/info.ebayinc.com/image.edpn.ebay.com/i.ebayimg.com/gh.ebaystatic.com/fundinginstrument.ebay.de/cdn.ebaymainstreet.com/apacshippingtool.ebay.com/apacshipping.ebay.com.hk/anywhere.ebay.pl/anywhere.ebay.nl/anywhere.ebay.it/m.ebay.de/anywhere.ebay.in/anywhere.ebay.es/anywhere.ebay.com.sg/anywhere.ebay.com.hk/anywhere.ebay.com/anywhere.ebay.ch/anywhere.ebay.ca/anywhere.ebay.be/anywhere.ebay.at/identity-api.ebay.com/akamai-static.ebaycdn.net/verizon-static.ebaycdn.net/fastly-static.ebaycdn.net/level3-static.ebaycdn.net/video.ebaycdn.net/anywhere.ebay.ie/m.ebay.fr/m.ebay.it/rover.ebay.co.uk/svcs.ebay.com/srwsvcs.ebay.com/srv.uk.ebayrtm.com/srv.main.ebayrtm.com/srv.it.ebayrtm.com/srv.in.ebayrtm.com/srv.fr.ebayrtm.com/srv.de.ebayrtm.com/srv.au.ebayrtm.com/sofe.express.ebay.com/sofe.ebay.it/sofe.ebay.in/sofe.ebay.fr/sofe.ebay.de/sofe.ebay.com.au/sofe.ebay.com/sofe.ebay.co.uk/rover.ebay.com/rover.ebay.com.au/rover.ebay.de/rover.ebay.fr/rover.ebay.in/rover.ebay.it/secureinclude.ebaystatic.com/secureir.ebaystatic.com/secureir.sandbox.ebaystatic.com/securepics.ebaystatic.com/securertm.ebaystatic.com/shippingtool.ebay.cn/sofe.ebay.at/ir.ebaystatic.com/thumbs.ebaystatic.com/thumbs3.ebaystatic.com/thumbs2.ebaystatic.com/thumbs1.ebaystatic.com/thumbs4.ebaystatic.com/ucpstatic.ebay.com
Fingerprint: 8D:4B:BB:CD:E0:E4:65:CC:56:15CF:00:B0:97:A2:57:B7:79:28:92
Certificate cache: HIT
===> Forged server certificate:
Subject DN: /C=US/ST=California/L=San Jose/O=eBay, Inc./CN=www.ebay.com
Common Names: www.ebay.com/www.ebay.com/m.ebay.com.au/m.ebay.com/m.ebay.co.uk/info.ebayinc.com/image.edpn.ebay.com/i.ebayimg.com/gh.ebaystatic.com/fundinginstrument.ebay.de/cdn.ebaymainstreet.com/apacshippingtool.ebay.com/apacshipping.ebay.com.hk/anywhere.ebay.pl/anywhere.ebay.nl/anywhere.ebay.it/m.ebay.de/anywhere.ebay.in/anywhere.ebay.es/anywhere.ebay.com.sg/anywhere.ebay.com.hk/anywhere.ebay.com/anywhere.ebay.ch/anywhere.ebay.ca/anywhere.ebay.be/anywhere.ebay.at/identity-api.ebay.com/akamai-static.ebaycdn.net/verizon-static.ebaycdn.net/fastly-static.ebaycdn.net/level3-static.ebaycdn.net/video.ebaycdn.net/anywhere.ebay.ie/m.ebay.fr/m.ebay.it/rover.ebay.co.uk/svcs.ebay.com/srwsvcs.ebay.com/srv.uk.ebayrtm.com/srv.main.ebayrtm.com/srv.it.ebayrtm.com/srv.in.ebayrtm.com/srv.fr.ebayrtm.com/srv.de.ebayrtm.com/srv.au.ebayrtm.com/sofe.express.ebay.com/sofe.ebay.it/sofe.ebay.in/sofe.ebay.fr/sofe.ebay.de/sofe.ebay.com.au/sofe.ebay.com/sofe.ebay.co.uk/rover.ebay.com/rover.ebay.com.au/rover.ebay.de/rover.ebay.fr/rover.ebay.in/rover.ebay.it/secureinclude.ebaystatic.com/secureir.ebaystatic.com/secureir.sandbox.ebaystatic.com/securepics.ebaystatic.com/securertm.ebaystatic.com/shippingtool.ebay.cn/sofe.ebay.at/ir.ebaystatic.com/thumbs.ebaystatic.com/thumbs3.ebaystatic.com/thumbs2.ebaystatic.com/thumbs1.ebaystatic.com/thumbs4.ebaystatic.com/ucpstatic.ebay.com
Fingerprint: 56:42:2B:2A:6D:4D:F0:7B:59:C7CA:F4:31:15:B2:F3:0B:DB:80:4F
===> Original server certificate:
Subject DN: /C=US/ST=California/L=San Jose/O=eBay, Inc./CN=www.ebay.com
Common Names: www.ebay.com/www.ebay.com/m.ebay.com.au/m.ebay.com/m.ebay.co.uk/info.ebayinc.com/image.edpn.ebay.com/i.ebayimg.com/gh.ebaystatic.com/fundinginstrument.ebay.de/cdn.ebaymainstreet.com/apacshippingtool.ebay.com/apacshipping.ebay.com.hk/anywhere.ebay.pl/anywhere.ebay.nl/anywhere.ebay.it/m.ebay.de/anywhere.ebay.in/anywhere.ebay.es/anywhere.ebay.com.sg/anywhere.ebay.com.hk/anywhere.ebay.com/anywhere.ebay.ch/anywhere.ebay.ca/anywhere.ebay.be/anywhere.ebay.at/identity-api.ebay.com/akamai-static.ebaycdn.net/verizon-static.ebaycdn.net/fastly-static.ebaycdn.net/level3-static.ebaycdn.net/video.ebaycdn.net/anywhere.ebay.ie/m.ebay.fr/m.ebay.it/rover.ebay.co.uk/svcs.ebay.com/srwsvcs.ebay.com/srv.uk.ebayrtm.com/srv.main.ebayrtm.com/srv.it.ebayrtm.com/srv.in.ebayrtm.com/srv.fr.ebayrtm.com/srv.de.ebayrtm.com/srv.au.ebayrtm.com/sofe.express.ebay.com/sofe.ebay.it/sofe.ebay.in/sofe.ebay.fr/sofe.ebay.de/sofe.ebay.com.au/sofe.ebay.com/sofe.ebay.co.uk/rover.ebay.com/rover.ebay.com.au/rover.ebay.de/rover.ebay.fr/rover.ebay.in/rover.ebay.it/secureinclude.ebaystatic.com/secureir.ebaystatic.com/secureir.sandbox.ebaystatic.com/securepics.ebaystatic.com/securertm.ebaystatic.com/shippingtool.ebay.cn/sofe.ebay.at/ir.ebaystatic.com/thumbs.ebaystatic.com/thumbs3.ebaystatic.com/thumbs2.ebaystatic.com/thumbs1.ebaystatic.com/thumbs4.ebaystatic.com/ucpstatic.ebay.com
Fingerprint: 8D:4B:BB:CD:E0:E4:65:CC:56:15CF:00:B0:97:A2:57:B7:79:28:92
Certificate cache: HIT
===> Forged server certificate:
Subject DN: /C=US/ST=California/L=San Jose/O=eBay, Inc./CN=www.ebay.com
Common Names: www.ebay.com/www.ebay.com/m.ebay.com.au/m.ebay.com/m.ebay.co.uk/info.ebayinc.com/image.edpn.ebay.com/i.ebayimg.com/gh.ebaystatic.com/fundinginstrument.ebay.de/cdn.ebaymainstreet.com/apacshippingtool.ebay.com/apacshipping.ebay.com.hk/anywhere.ebay.pl/anywhere.ebay.nl/anywhere.ebay.it/m.ebay.de/anywhere.ebay.in/anywhere.ebay.es/anywhere.ebay.com.sg/anywhere.ebay.com.hk/anywhere.ebay.com/anywhere.ebay.ch/anywhere.ebay.ca/anywhere.ebay.be/anywhere.ebay.at/identity-api.ebay.com/akamai-static.ebaycdn.net/verizon-static.ebaycdn.net/fastly-static.ebaycdn.net/level3-static.ebaycdn.net/video.ebaycdn.net/anywhere.ebay.ie/m.ebay.fr/m.ebay.it/rover.ebay.co.uk/svcs.ebay.com/srwsvcs.ebay.com/srv.uk.ebayrtm.com/srv.main.ebayrtm.com/srv.it.ebayrtm.com/srv.in.ebayrtm.com/srv.fr.ebayrtm.com/srv.de.ebayrtm.com/srv.au.ebayrtm.com/sofe.express.ebay.com/sofe.ebay.it/sofe.ebay.in/sofe.ebay.fr/sofe.ebay.de/sofe.ebay.com.au/sofe.ebay.com/sofe.ebay.co.uk/rover.ebay.com/rover.ebay.com.au/rover.ebay.de/rover.ebay.fr/rover.ebay.in/rover.ebay.it/secureinclude.ebaystatic.com/secureir.ebaystatic.com/secureir.sandbox.ebaystatic.com/securepics.ebaystatic.com/securertm.ebaystatic.com/shippingtool.ebay.cn/sofe.ebay.at/ir.ebaystatic.com/thumbs.ebaystatic.com/thumbs3.ebaystatic.com/thumbs2.ebaystatic.com/thumbs1.ebaystatic.com/thumbs4.ebaystatic.com/ucpstatic.ebay.com
SSL connected to [93.184.221.225]:443 TLSv1.3 TLS_AES_256_GCM_SHA384
CLIENT_RANDOM CC819194361FC99E2BB42182821444079CBBDF70A8A6EEDDFFF15D25DCEDD2E2 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
SSL session cache: MISS
SSL connected to [84.53.189.76]:443 TLSv1.3 TLS_AES_256_GCM_SHA384
CLIENT_RANDOM 73527BA7374260CC0EE6261DBCF22DC59871989548B7931D697EC46AE6EBA466 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
Certificate cache: KEEP (SNI match or target mode)
SSL session cache: MISS
Certificate cache: KEEP (SNI match or target mode)
Fingerprint: 56:42:2B:2A:6D:4D:F0:7B:59:C7CA:F4:31:15:B2:F3:0B:DB:80:4F
SSL connected to [93.184.221.225]:443 TLSv1.3 TLS_AES_256_GCM_SHA384
CLIENT_RANDOM B9997C48D6BD43D506DA2F588C3F9C7C7562C65E85C6DC61E8870942BFB9E352 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
SSL session cache: MISS
Certificate cache: KEEP (SNI match or target mode)
SSL connected to [93.184.221.225]:443 TLSv1.3 TLS_AES_256_GCM_SHA384
CLIENT_RANDOM D7BA2677A7A0B20361833D66ADB233B24705DB415734A3B00865E8BB80DB712D 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
SSL session cache: MISS
Certificate cache: KEEP (SNI match or target mode)
SSL connected to [93.184.221.225]:443 TLSv1.3 TLS_AES_256_GCM_SHA384
CLIENT_RANDOM BAC72BBB2D72A1EC1E7E6EB63158BB8F7FB9CD493FA4101F05D68AD0F341174C 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
SSL session cache: MISS
Certificate cache: KEEP (SNI match or target mode)
CONN: ssl 10.42.0.230 64068 93.184.221.225 443 sni:ir.ebaystatic.com names:www.ebay.com/www.ebay.com/m.ebay.com.au/m.ebay.com/m.ebay.co.uk/info.ebayinc.com/image.edpn.ebay.com/i.ebayimg.com/gh.ebaystatic.com/fundinginstrument.ebay.de/cdn.ebaymainstreet.com/apacshippingtool.ebay.com/apacshipping.ebay.com.hk/anywhere.ebay.pl/anywhere.ebay.nl/anywhere.ebay.it/m.ebay.de/anywhere.ebay.in/anywhere.ebay.es/anywhere.ebay.com.sg/anywhere.ebay.com.hk/anywhere.ebay.com/anywhere.ebay.ch/anywhere.ebay.ca/anywhere.ebay.be/anywhere.ebay.at/identity-api.ebay.com/akamai-static.ebaycdn.net/verizon-static.ebaycdn.net/fastly-static.ebaycdn.net/level3-static.ebaycdn.net/video.ebaycdn.net/anywhere.ebay.ie/m.ebay.fr/m.ebay.it/rover.ebay.co.uk/svcs.ebay.com/srwsvcs.ebay.com/srv.uk.ebayrtm.com/srv.main.ebayrtm.com/srv.it.ebayrtm.com/srv.in.ebayrtm.com/srv.fr.ebayrtm.com/srv.de.ebayrtm.com/srv.au.ebayrtm.com/sofe.express.ebay.com/sofe.ebay.it/sofe.ebay.in/sofe.ebay.fr/sofe.ebay.de/sofe.ebay.com.au/sofe.ebay.com/sofe.ebay.co.uk/rover.ebay.com/rover.ebay.com.au/rover.ebay.de/rover.ebay.fr/rover.ebay.in/rover.ebay.it/secureinclude.ebaystatic.com/secureir.ebaystatic.com/secureir.sandbox.ebaystatic.com/securepics.ebaystatic.com/securertm.ebaystatic.com/shippingtool.ebay.cn/sofe.ebay.at/ir.ebaystatic.com/thumbs.ebaystatic.com/thumbs3.ebaystatic.com/thumbs2.ebaystatic.com/thumbs1.ebaystatic.com/thumbs4.ebaystatic.com/ucpstatic.ebay.com sproto:TLSv1.3:TLS_AES_128_GCM_SHA256 dproto:TLSv1.3:TLS_AES_256_GCM_SHA384 origcrt:8D4BBBCDE0E465CC5615CF00B097A257B7792892 usedcrt:968F83CF20174E21A9EEEBA57F16D6C569FB20AB user:-
SSL connected to [93.184.221.225]:443 TLSv1.3 TLS_AES_128_GCM_SHA256
CLIENT_RANDOM BD740B1B881187121722AB0C7B5555C1C4181337CA5E027B7C950EEB246C0CAB DBF43DFC8487BC27C2FA9EDD9516E63F48E6374A8C010030D62D19EB07A7674300000000000000000000000000000000
CONN: ssl 10.42.0.230 64073 84.53.189.76 443 sni:www.ebay.com names:www.ebay.com/m.ebay.com/m.ebay.co.uk/info.ebayinc.com/image.edpn.ebay.com/www.ebay.com/ucpstatic.ebay.com/svcs.ebay.com/srwsvcs.ebay.com/srv.uk.ebayrtm.com/srv.main.ebayrtm.com/srv.it.ebayrtm.com/srv.in.ebayrtm.com/srv.fr.ebayrtm.com/srv.de.ebayrtm.com/srv.au.ebayrtm.com/sofe.express.ebay.com/sofe.ebay.it/sofe.ebay.in/sofe.ebay.fr/sofe.ebay.de/sofe.ebay.com.au/sofe.ebay.com/sofe.ebay.co.uk/sofe.ebay.at/shippingtool.ebay.cn/securepics.ebaystatic.com/secureir.sandbox.ebaystatic.com/secureir.ebaystatic.com/secureinclude.ebaystatic.com/rover.ebay.it/rover.ebay.in/rover.ebay.fr/rover.ebay.de/rover.ebay.com.au/rover.ebay.com/rover.ebay.co.uk/m.ebay.it/m.ebay.fr/m.ebay.de/m.ebay.com.au/identity-api.ebay.com/i.ebayimg.com/gh.ebaystatic.com/fundinginstrument.ebay.de/cdn.ebaymainstreet.com/apacshippingtool.ebay.com/apacshipping.ebay.com.hk/anywhere.ebay.pl/anywhere.ebay.nl/anywhere.ebay.it/anywhere.ebay.in/anywhere.ebay.ie/anywhere.ebay.es/anywhere.ebay.com.sg/anywhere.ebay.com.hk/anywhere.ebay.com/anywhere.ebay.ch/anywhere.ebay.ca/anywhere.ebay.be/anywhere.ebay.at/akamai.ebaycdn.net/akamai-static.ebaycdn.net/include.ebaystatic.com sproto:TLSv1.3:TLS_AES_128_GCM_SHA256 dproto:TLSv1.3:TLS_AES_256_GCM_SHA384 origcrt:A07C07E045B79445A21E1445410D2A6A480580A5 usedcrt:441A8ED881BD9EE47C261DAB092F968FCE9C83A6 user:-
SSL connected to [84.53.189.76]:443 TLSv1.3 TLS_AES_128_GCM_SHA256
CLIENT_RANDOM 60C8D6A431CB432AEAF94D061772F0AF3B87A213C0A531806A306E7B34FE58ED A382ACB7C4FEF6EED0A8A3A19CE5988BE4002E7FFF4F3026C6CB50C372119C0300000000000000000000000000000000
CONN: ssl 10.42.0.230 64067 93.184.221.225 443 sni:ir.ebaystatic.com names:www.ebay.com/www.ebay.com/m.ebay.com.au/m.ebay.com/m.ebay.co.uk/info.ebayinc.com/image.edpn.ebay.com/i.ebayimg.com/gh.ebaystatic.com/fundinginstrument.ebay.de/cdn.ebaymainstreet.com/apacshippingtool.ebay.com/apacshipping.ebay.com.hk/anywhere.ebay.pl/anywhere.ebay.nl/anywhere.ebay.it/m.ebay.de/anywhere.ebay.in/anywhere.ebay.es/anywhere.ebay.com.sg/anywhere.ebay.com.hk/anywhere.ebay.com/anywhere.ebay.ch/anywhere.ebay.ca/anywhere.ebay.be/anywhere.ebay.at/identity-api.ebay.com/akamai-static.ebaycdn.net/verizon-static.ebaycdn.net/fastly-static.ebaycdn.net/level3-static.ebaycdn.net/video.ebaycdn.net/anywhere.ebay.ie/m.ebay.fr/m.ebay.it/rover.ebay.co.uk/svcs.ebay.com/srwsvcs.ebay.com/srv.uk.ebayrtm.com/srv.main.ebayrtm.com/srv.it.ebayrtm.com/srv.in.ebayrtm.com/srv.fr.ebayrtm.com/srv.de.ebayrtm.com/srv.au.ebayrtm.com/sofe.express.ebay.com/sofe.ebay.it/sofe.ebay.in/sofe.ebay.fr/sofe.ebay.de/sofe.ebay.com.au/sofe.ebay.com/sofe.ebay.co.uk/rover.ebay.com/rover.ebay.com.au/rover.ebay.de/rover.ebay.fr/rover.ebay.in/rover.ebay.it/secureinclude.ebaystatic.com/secureir.ebaystatic.com/secureir.sandbox.ebaystatic.com/securepics.ebaystatic.com/securertm.ebaystatic.com/shippingtool.ebay.cn/sofe.ebay.at/ir.ebaystatic.com/thumbs.ebaystatic.com/thumbs3.ebaystatic.com/thumbs2.ebaystatic.com/thumbs1.ebaystatic.com/thumbs4.ebaystatic.com/ucpstatic.ebay.com sproto:TLSv1.3:TLS_AES_128_GCM_SHA256 dproto:TLSv1.3:TLS_AES_256_GCM_SHA384 origcrt:8D4BBBCDE0E465CC5615CF00B097A257B7792892 usedcrt:56422B2A6D4DF07B59C7CAF43115B2F30BDB804F user:-
SSL connected to [93.184.221.225]:443 TLSv1.3 TLS_AES_128_GCM_SHA256
CLIENT_RANDOM 1C635755AD8BB99DC25F1E3D40032EB53F63652203BA55B7F524E30D551AAF3E 187E9BC1AC5F0D10E3ADE6D9660EBCB4E16AEEB57174373BBBB43546BEA8CACA00000000000000000000000000000000
CONN: ssl 10.42.0.230 64072 93.184.221.225 443 sni:ir.ebaystatic.com names:www.ebay.com/www.ebay.com/m.ebay.com.au/m.ebay.com/m.ebay.co.uk/info.ebayinc.com/image.edpn.ebay.com/i.ebayimg.com/gh.ebaystatic.com/fundinginstrument.ebay.de/cdn.ebaymainstreet.com/apacshippingtool.ebay.com/apacshipping.ebay.com.hk/anywhere.ebay.pl/anywhere.ebay.nl/anywhere.ebay.it/m.ebay.de/anywhere.ebay.in/anywhere.ebay.es/anywhere.ebay.com.sg/anywhere.ebay.com.hk/anywhere.ebay.com/anywhere.ebay.ch/anywhere.ebay.ca/anywhere.ebay.be/anywhere.ebay.at/identity-api.ebay.com/akamai-static.ebaycdn.net/verizon-static.ebaycdn.net/fastly-static.ebaycdn.net/level3-static.ebaycdn.net/video.ebaycdn.net/anywhere.ebay.ie/m.ebay.fr/m.ebay.it/rover.ebay.co.uk/svcs.ebay.com/srwsvcs.ebay.com/srv.uk.ebayrtm.com/srv.main.ebayrtm.com/srv.it.ebayrtm.com/srv.in.ebayrtm.com/srv.fr.ebayrtm.com/srv.de.ebayrtm.com/srv.au.ebayrtm.com/sofe.express.ebay.com/sofe.ebay.it/sofe.ebay.in/sofe.ebay.fr/sofe.ebay.de/sofe.ebay.com.au/sofe.ebay.com/sofe.ebay.co.uk/rover.ebay.com/rover.ebay.com.au/rover.ebay.de/rover.ebay.fr/rover.ebay.in/rover.ebay.it/secureinclude.ebaystatic.com/secureir.ebaystatic.com/secureir.sandbox.ebaystatic.com/securepics.ebaystatic.com/securertm.ebaystatic.com/shippingtool.ebay.cn/sofe.ebay.at/ir.ebaystatic.com/thumbs.ebaystatic.com/thumbs3.ebaystatic.com/thumbs2.ebaystatic.com/thumbs1.ebaystatic.com/thumbs4.ebaystatic.com/ucpstatic.ebay.com sproto:TLSv1.3:TLS_AES_128_GCM_SHA256 dproto:TLSv1.3:TLS_AES_256_GCM_SHA384 origcrt:8D4BBBCDE0E465CC5615CF00B097A257B7792892 usedcrt:56422B2A6D4DF07B59C7CAF43115B2F30BDB804F user:-
SSL connected to [93.184.221.225]:443 TLSv1.3 TLS_AES_128_GCM_SHA256
CLIENT_RANDOM C7CA33BD6D5046241D425D0CC59E4A1D76A0DDD8378FFA17C624B7CF2FDA2732 17F2925C68C47166AEA64691E73ABAB468A9C051D5878DA5EEC866D53FBD4EF500000000000000000000000000000000
CONN: ssl 10.42.0.230 64069 93.184.221.225 443 sni:ir.ebaystatic.com names:www.ebay.com/www.ebay.com/m.ebay.com.au/m.ebay.com/m.ebay.co.uk/info.ebayinc.com/image.edpn.ebay.com/i.ebayimg.com/gh.ebaystatic.com/fundinginstrument.ebay.de/cdn.ebaymainstreet.com/apacshippingtool.ebay.com/apacshipping.ebay.com.hk/anywhere.ebay.pl/anywhere.ebay.nl/anywhere.ebay.it/m.ebay.de/anywhere.ebay.in/anywhere.ebay.es/anywhere.ebay.com.sg/anywhere.ebay.com.hk/anywhere.ebay.com/anywhere.ebay.ch/anywhere.ebay.ca/anywhere.ebay.be/anywhere.ebay.at/identity-api.ebay.com/akamai-static.ebaycdn.net/verizon-static.ebaycdn.net/fastly-static.ebaycdn.net/level3-static.ebaycdn.net/video.ebaycdn.net/anywhere.ebay.ie/m.ebay.fr/m.ebay.it/rover.ebay.co.uk/svcs.ebay.com/srwsvcs.ebay.com/srv.uk.ebayrtm.com/srv.main.ebayrtm.com/srv.it.ebayrtm.com/srv.in.ebayrtm.com/srv.fr.ebayrtm.com/srv.de.ebayrtm.com/srv.au.ebayrtm.com/sofe.express.ebay.com/sofe.ebay.it/sofe.ebay.in/sofe.ebay.fr/sofe.ebay.de/sofe.ebay.com.au/sofe.ebay.com/sofe.ebay.co.uk/rover.ebay.com/rover.ebay.com.au/rover.ebay.de/rover.ebay.fr/rover.ebay.in/rover.ebay.it/secureinclude.ebaystatic.com/secureir.ebaystatic.com/secureir.sandbox.ebaystatic.com/securepics.ebaystatic.com/securertm.ebaystatic.com/shippingtool.ebay.cn/sofe.ebay.at/ir.ebaystatic.com/thumbs.ebaystatic.com/thumbs3.ebaystatic.com/thumbs2.ebaystatic.com/thumbs1.ebaystatic.com/thumbs4.ebaystatic.com/ucpstatic.ebay.com sproto:TLSv1.3:TLS_AES_128_GCM_SHA256 dproto:TLSv1.3:TLS_AES_256_GCM_SHA384 origcrt:8D4BBBCDE0E465CC5615CF00B097A257B7792892 usedcrt:56422B2A6D4DF07B59C7CAF43115B2F30BDB804F user:-
SSL connected to [93.184.221.225]:443 TLSv1.3 TLS_AES_128_GCM_SHA256
CLIENT_RANDOM FC557AAA6264BBA97E939A7594B6D1F5EA28BF6CEE989D6FBC1BD4B11F9C1882 899E0CA952D77821B6342903680AC3D35A0384B3B0327CB80C054E5F39D1985100000000000000000000000000000000
CONN: ssl 10.42.0.230 64070 93.184.221.225 443 sni:ir.ebaystatic.com names:www.ebay.com/www.ebay.com/m.ebay.com.au/m.ebay.com/m.ebay.co.uk/info.ebayinc.com/image.edpn.ebay.com/i.ebayimg.com/gh.ebaystatic.com/fundinginstrument.ebay.de/cdn.ebaymainstreet.com/apacshippingtool.ebay.com/apacshipping.ebay.com.hk/anywhere.ebay.pl/anywhere.ebay.nl/anywhere.ebay.it/m.ebay.de/anywhere.ebay.in/anywhere.ebay.es/anywhere.ebay.com.sg/anywhere.ebay.com.hk/anywhere.ebay.com/anywhere.ebay.ch/anywhere.ebay.ca/anywhere.ebay.be/anywhere.ebay.at/identity-api.ebay.com/akamai-static.ebaycdn.net/verizon-static.ebaycdn.net/fastly-static.ebaycdn.net/level3-static.ebaycdn.net/video.ebaycdn.net/anywhere.ebay.ie/m.ebay.fr/m.ebay.it/rover.ebay.co.uk/svcs.ebay.com/srwsvcs.ebay.com/srv.uk.ebayrtm.com/srv.main.ebayrtm.com/srv.it.ebayrtm.com/srv.in.ebayrtm.com/srv.fr.ebayrtm.com/srv.de.ebayrtm.com/srv.au.ebayrtm.com/sofe.express.ebay.com/sofe.ebay.it/sofe.ebay.in/sofe.ebay.fr/sofe.ebay.de/sofe.ebay.com.au/sofe.ebay.com/sofe.ebay.co.uk/rover.ebay.com/rover.ebay.com.au/rover.ebay.de/rover.ebay.fr/rover.ebay.in/rover.ebay.it/secureinclude.ebaystatic.com/secureir.ebaystatic.com/secureir.sandbox.ebaystatic.com/securepics.ebaystatic.com/securertm.ebaystatic.com/shippingtool.ebay.cn/sofe.ebay.at/ir.ebaystatic.com/thumbs.ebaystatic.com/thumbs3.ebaystatic.com/thumbs2.ebaystatic.com/thumbs1.ebaystatic.com/thumbs4.ebaystatic.com/ucpstatic.ebay.com sproto:TLSv1.3:TLS_AES_128_GCM_SHA256 dproto:TLSv1.3:TLS_AES_256_GCM_SHA384 origcrt:8D4BBBCDE0E465CC5615CF00B097A257B7792892 usedcrt:E48A654EB69E3FC94FFF890E249F0B75E16D2FAC user:-
SSL connected to [93.184.221.225]:443 TLSv1.3 TLS_AES_128_GCM_SHA256
CLIENT_RANDOM 6F8A83597BA0A229D2C15C20425F6819DB86025D78D67CB2C7B7E39ED4078F5F E60FAFF9DCC345F2650BE006DE70DEB4A4661A6B57FEA7BB9A24BF861E2DA09300000000000000000000000000000000
Child connecting to [93.184.221.225]:443
Child connecting to [84.53.189.76]:443
Child connecting to [93.184.221.225]:443
Child connecting to [93.184.221.225]:443
Child connecting to [93.184.221.225]:443
Child connecting to [93.184.221.225]:443
SNI peek: [i.ebayimg.com] [complete], fd=80
Connecting to [199.232.190.206]:443
===> Original server certificate:
Subject DN: /C=US/ST=California/L=San Jose/O=eBay, Inc./CN=i.ebayimg.com
Common Names: i.ebayimg.com/apisd.ebay.com/i.ebayimg.com/i1.ebayimg.com/i2.ebayimg.com/i3.ebayimg.com/ir.ebaystatic.com/secureir.ebaystatic.com/thumbs.ebaystatic.com/thumbs1.ebaystatic.com/thumbs2.ebaystatic.com/thumbs3.ebaystatic.com/thumbs4.ebaystatic.com/t3-apisd.ebay.com
Fingerprint: 46:10:68:D3:20:3D:18:AC:87:3517:83:E9:36:E5:69:4D:CE:17:1C
Certificate cache: MISS
===> Forged server certificate:
Subject DN: /C=US/ST=California/L=San Jose/O=eBay, Inc./CN=i.ebayimg.com
Common Names: i.ebayimg.com/apisd.ebay.com/i.ebayimg.com/i1.ebayimg.com/i2.ebayimg.com/i3.ebayimg.com/ir.ebaystatic.com/secureir.ebaystatic.com/thumbs.ebaystatic.com/thumbs1.ebaystatic.com/thumbs2.ebaystatic.com/thumbs3.ebaystatic.com/thumbs4.ebaystatic.com/t3-apisd.ebay.com
Fingerprint: E5:D5:7F:85:E3:EB:DC:5A:36:76F7:F6:80:04:FF:6E:55:9C:3C:DF
SSL connected to [199.232.190.206]:443 TLSv1.3 TLS_AES_256_GCM_SHA384
CLIENT_RANDOM A32CF6C3634F043C1F715863C8BCCC8ECB472F98268A91DEAA82A2B1ED0B207A 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
SSL session cache: MISS
Certificate cache: KEEP (SNI match or target mode)
CONN: ssl 10.42.0.230 64074 199.232.190.206 443 sni:i.ebayimg.com names:i.ebayimg.com/apisd.ebay.com/i.ebayimg.com/i1.ebayimg.com/i2.ebayimg.com/i3.ebayimg.com/ir.ebaystatic.com/secureir.ebaystatic.com/thumbs.ebaystatic.com/thumbs1.ebaystatic.com/thumbs2.ebaystatic.com/thumbs3.ebaystatic.com/thumbs4.ebaystatic.com/t3-apisd.ebay.com sproto:TLSv1.3:TLS_AES_128_GCM_SHA256 dproto:TLSv1.3:TLS_AES_256_GCM_SHA384 origcrt:461068D3203D18AC87351783E936E5694DCE171C usedcrt:E5D57F85E3EBDC5A3676F7F68004FF6E559C3CDF user:-
SSL connected to [199.232.190.206]:443 TLSv1.3 TLS_AES_128_GCM_SHA256
CLIENT_RANDOM F1959D4AA845D61049A2D1E0C88EBF7E9C0A6C83BF69C76955198C219D5F6058 7D28C31B142E5D3C0C2F04AA489661E4742F445D37034A24CE84E717348860DB00000000000000000000000000000000
Child connecting to [199.232.190.206]:443
Child connecting to [93.184.221.225]:443
SNI peek: [ir.ebaystatic.com] [complete], fd=86
Connecting to [93.184.221.225]:443
Attempt reuse dst SSL session
SNI peek: [ir.ebaystatic.com] [complete], fd=87
Connecting to [93.184.221.225]:443
Attempt reuse dst SSL session
===> Original server certificate:
Subject DN: /C=US/ST=California/L=San Jose/O=eBay, Inc./CN=www.ebay.com
Common Names: www.ebay.com/www.ebay.com/m.ebay.com.au/m.ebay.com/m.ebay.co.uk/info.ebayinc.com/image.edpn.ebay.com/i.ebayimg.com/gh.ebaystatic.com/fundinginstrument.ebay.de/cdn.ebaymainstreet.com/apacshippingtool.ebay.com/apacshipping.ebay.com.hk/anywhere.ebay.pl/anywhere.ebay.nl/anywhere.ebay.it/m.ebay.de/anywhere.ebay.in/anywhere.ebay.es/anywhere.ebay.com.sg/anywhere.ebay.com.hk/anywhere.ebay.com/anywhere.ebay.ch/anywhere.ebay.ca/anywhere.ebay.be/anywhere.ebay.at/identity-api.ebay.com/akamai-static.ebaycdn.net/verizon-static.ebaycdn.net/fastly-static.ebaycdn.net/level3-static.ebaycdn.net/video.ebaycdn.net/anywhere.ebay.ie/m.ebay.fr/m.ebay.it/rover.ebay.co.uk/svcs.ebay.com/srwsvcs.ebay.com/srv.uk.ebayrtm.com/srv.main.ebayrtm.com/srv.it.ebayrtm.com/srv.in.ebayrtm.com/srv.fr.ebayrtm.com/srv.de.ebayrtm.com/srv.au.ebayrtm.com/sofe.express.ebay.com/sofe.ebay.it/sofe.ebay.in/sofe.ebay.fr/sofe.ebay.de/sofe.ebay.com.au/sofe.ebay.com/sofe.ebay.co.uk/rover.ebay.com/rover.ebay.com.au/rover.ebay.de/rover.ebay.fr/rover.ebay.in/rover.ebay.it/secureinclude.ebaystatic.com/secureir.ebaystatic.com/secureir.sandbox.ebaystatic.com/securepics.ebaystatic.com/securertm.ebaystatic.com/shippingtool.ebay.cn/sofe.ebay.at/ir.ebaystatic.com/thumbs.ebaystatic.com/thumbs3.ebaystatic.com/thumbs2.ebaystatic.com/thumbs1.ebaystatic.com/thumbs4.ebaystatic.com/ucpstatic.ebay.com
Fingerprint: 8D:4B:BB:CD:E0:E4:65:CC:56:15CF:00:B0:97:A2:57:B7:79:28:92
Certificate cache: HIT
===> Forged server certificate:
Subject DN: /C=US/ST=California/L=San Jose/O=eBay, Inc./CN=www.ebay.com
Common Names: www.ebay.com/www.ebay.com/m.ebay.com.au/m.ebay.com/m.ebay.co.uk/info.ebayinc.com/image.edpn.ebay.com/i.ebayimg.com/gh.ebaystatic.com/fundinginstrument.ebay.de/cdn.ebaymainstreet.com/apacshippingtool.ebay.com/apacshipping.ebay.com.hk/anywhere.ebay.pl/anywhere.ebay.nl/anywhere.ebay.it/m.ebay.de/anywhere.ebay.in/anywhere.ebay.es/anywhere.ebay.com.sg/anywhere.ebay.com.hk/anywhere.ebay.com/anywhere.ebay.ch/anywhere.ebay.ca/anywhere.ebay.be/anywhere.ebay.at/identity-api.ebay.com/akamai-static.ebaycdn.net/verizon-static.ebaycdn.net/fastly-static.ebaycdn.net/level3-static.ebaycdn.net/video.ebaycdn.net/anywhere.ebay.ie/m.ebay.fr/m.ebay.it/rover.ebay.co.uk/svcs.ebay.com/srwsvcs.ebay.com/srv.uk.ebayrtm.com/srv.main.ebayrtm.com/srv.it.ebayrtm.com/srv.in.ebayrtm.com/srv.fr.ebayrtm.com/srv.de.ebayrtm.com/srv.au.ebayrtm.com/sofe.express.ebay.com/sofe.ebay.it/sofe.ebay.in/sofe.ebay.fr/sofe.ebay.de/sofe.ebay.com.au/sofe.ebay.com/sofe.ebay.co.uk/rover.ebay.com/rover.ebay.com.au/rover.ebay.de/rover.ebay.fr/rover.ebay.in/rover.ebay.it/secureinclude.ebaystatic.com/secureir.ebaystatic.com/secureir.sandbox.ebaystatic.com/securepics.ebaystatic.com/securertm.ebaystatic.com/shippingtool.ebay.cn/sofe.ebay.at/ir.ebaystatic.com/thumbs.ebaystatic.com/thumbs3.ebaystatic.com/thumbs2.ebaystatic.com/thumbs1.ebaystatic.com/thumbs4.ebaystatic.com/ucpstatic.ebay.com
Fingerprint: 56:42:2B:2A:6D:4D:F0:7B:59:C7CA:F4:31:15:B2:F3:0B:DB:80:4F
===> Original server certificate:
Subject DN: /C=US/ST=California/L=San Jose/O=eBay, Inc./CN=www.ebay.com
Common Names: www.ebay.com/www.ebay.com/m.ebay.com.au/m.ebay.com/m.ebay.co.uk/info.ebayinc.com/image.edpn.ebay.com/i.ebayimg.com/gh.ebaystatic.com/fundinginstrument.ebay.de/cdn.ebaymainstreet.com/apacshippingtool.ebay.com/apacshipping.ebay.com.hk/anywhere.ebay.pl/anywhere.ebay.nl/anywhere.ebay.it/m.ebay.de/anywhere.ebay.in/anywhere.ebay.es/anywhere.ebay.com.sg/anywhere.ebay.com.hk/anywhere.ebay.com/anywhere.ebay.ch/anywhere.ebay.ca/anywhere.ebay.be/anywhere.ebay.at/identity-api.ebay.com/akamai-static.ebaycdn.net/verizon-static.ebaycdn.net/fastly-static.ebaycdn.net/level3-static.ebaycdn.net/video.ebaycdn.net/anywhere.ebay.ie/m.ebay.fr/m.ebay.it/rover.ebay.co.uk/svcs.ebay.com/srwsvcs.ebay.com/srv.uk.ebayrtm.com/srv.main.ebayrtm.com/srv.it.ebayrtm.com/srv.in.ebayrtm.com/srv.fr.ebayrtm.com/srv.de.ebayrtm.com/srv.au.ebayrtm.com/sofe.express.ebay.com/sofe.ebay.it/sofe.ebay.in/sofe.ebay.fr/sofe.ebay.de/sofe.ebay.com.au/sofe.ebay.com/sofe.ebay.co.uk/rover.ebay.com/rover.ebay.com.au/rover.ebay.de/rover.ebay.fr/rover.ebay.in/rover.ebay.it/secureinclude.ebaystatic.com/secureir.ebaystatic.com/secureir.sandbox.ebaystatic.com/securepics.ebaystatic.com/securertm.ebaystatic.com/shippingtool.ebay.cn/sofe.ebay.at/ir.ebaystatic.com/thumbs.ebaystatic.com/thumbs3.ebaystatic.com/thumbs2.ebaystatic.com/thumbs1.ebaystatic.com/thumbs4.ebaystatic.com/ucpstatic.ebay.com
Fingerprint: 8D:4B:BB:CD:E0:E4:65:CC:56:15CF:00:B0:97:A2:57:B7:79:28:92
Certificate cache: HIT
===> Forged server certificate:
Subject DN: /C=US/ST=California/L=San Jose/O=eBay, Inc./CN=www.ebay.com
Common Names: www.ebay.com/www.ebay.com/m.ebay.com.au/m.ebay.com/m.ebay.co.uk/info.ebayinc.com/image.edpn.ebay.com/i.ebayimg.com/gh.ebaystatic.com/fundinginstrument.ebay.de/cdn.ebaymainstreet.com/apacshippingtool.ebay.com/apacshipping.ebay.com.hk/anywhere.ebay.pl/anywhere.ebay.nl/anywhere.ebay.it/m.ebay.de/anywhere.ebay.in/anywhere.ebay.es/anywhere.ebay.com.sg/anywhere.ebay.com.hk/anywhere.ebay.com/anywhere.ebay.ch/anywhere.ebay.ca/anywhere.ebay.be/anywhere.ebay.at/identity-api.ebay.com/akamai-static.ebaycdn.net/verizon-static.ebaycdn.net/fastly-static.ebaycdn.net/level3-static.ebaycdn.net/video.ebaycdn.net/anywhere.ebay.ie/m.ebay.fr/m.ebay.it/rover.ebay.co.uk/svcs.ebay.com/srwsvcs.ebay.com/srv.uk.ebayrtm.com/srv.main.ebayrtm.com/srv.it.ebayrtm.com/srv.in.ebayrtm.com/srv.fr.ebayrtm.com/srv.de.ebayrtm.com/srv.au.ebayrtm.com/sofe.express.ebay.com/sofe.ebay.it/sofe.ebay.in/sofe.ebay.fr/sofe.ebay.de/sofe.ebay.com.au/sofe.ebay.com/sofe.ebay.co.uk/rover.ebay.com/rover.ebay.com.au/rover.ebay.de/rover.ebay.fr/rover.ebay.in/rover.ebay.it/secureinclude.ebaystatic.com/secureir.ebaystatic.com/secureir.sandbox.ebaystatic.com/securepics.ebaystatic.com/securertm.ebaystatic.com/shippingtool.ebay.cn/sofe.ebay.at/ir.ebaystatic.com/thumbs.ebaystatic.com/thumbs3.ebaystatic.com/thumbs2.ebaystatic.com/thumbs1.ebaystatic.com/thumbs4.ebaystatic.com/ucpstatic.ebay.com
Fingerprint: 56:42:2B:2A:6D:4D:F0:7B:59:C7CA:F4:31:15:B2:F3:0B:DB:80:4F
SSL connected to [93.184.221.225]:443 TLSv1.3 TLS_AES_256_GCM_SHA384
CLIENT_RANDOM DAD659EC602A603DA9CE5E16BD3BF7FAC03CE736C40BAE83383966EFADE2DC15 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
SSL session cache: MISS
Certificate cache: KEEP (SNI match or target mode)
SSL connected to [93.184.221.225]:443 TLSv1.3 TLS_AES_256_GCM_SHA384
CLIENT_RANDOM AB8ABF422084738C107B40CFEE9EE4E407BEDDBDD9B621905D5E9654E759E632 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
SSL session cache: MISS
Certificate cache: KEEP (SNI match or target mode)
CONN: ssl 10.42.0.230 64075 93.184.221.225 443 sni:ir.ebaystatic.com names:www.ebay.com/www.ebay.com/m.ebay.com.au/m.ebay.com/m.ebay.co.uk/info.ebayinc.com/image.edpn.ebay.com/i.ebayimg.com/gh.ebaystatic.com/fundinginstrument.ebay.de/cdn.ebaymainstreet.com/apacshippingtool.ebay.com/apacshipping.ebay.com.hk/anywhere.ebay.pl/anywhere.ebay.nl/anywhere.ebay.it/m.ebay.de/anywhere.ebay.in/anywhere.ebay.es/anywhere.ebay.com.sg/anywhere.ebay.com.hk/anywhere.ebay.com/anywhere.ebay.ch/anywhere.ebay.ca/anywhere.ebay.be/anywhere.ebay.at/identity-api.ebay.com/akamai-static.ebaycdn.net/verizon-static.ebaycdn.net/fastly-static.ebaycdn.net/level3-static.ebaycdn.net/video.ebaycdn.net/anywhere.ebay.ie/m.ebay.fr/m.ebay.it/rover.ebay.co.uk/svcs.ebay.com/srwsvcs.ebay.com/srv.uk.ebayrtm.com/srv.main.ebayrtm.com/srv.it.ebayrtm.com/srv.in.ebayrtm.com/srv.fr.ebayrtm.com/srv.de.ebayrtm.com/srv.au.ebayrtm.com/sofe.express.ebay.com/sofe.ebay.it/sofe.ebay.in/sofe.ebay.fr/sofe.ebay.de/sofe.ebay.com.au/sofe.ebay.com/sofe.ebay.co.uk/rover.ebay.com/rover.ebay.com.au/rover.ebay.de/rover.ebay.fr/rover.ebay.in/rover.ebay.it/secureinclude.ebaystatic.com/secureir.ebaystatic.com/secureir.sandbox.ebaystatic.com/securepics.ebaystatic.com/securertm.ebaystatic.com/shippingtool.ebay.cn/sofe.ebay.at/ir.ebaystatic.com/thumbs.ebaystatic.com/thumbs3.ebaystatic.com/thumbs2.ebaystatic.com/thumbs1.ebaystatic.com/thumbs4.ebaystatic.com/ucpstatic.ebay.com sproto:TLSv1.3:TLS_AES_128_GCM_SHA256 dproto:TLSv1.3:TLS_AES_256_GCM_SHA384 origcrt:8D4BBBCDE0E465CC5615CF00B097A257B7792892 usedcrt:56422B2A6D4DF07B59C7CAF43115B2F30BDB804F user:-
SSL connected to [93.184.221.225]:443 TLSv1.3 TLS_AES_128_GCM_SHA256
CLIENT_RANDOM 071EF3C2879CB3915A5D22DD8B98F7534034A5283EF27C6787AD2C2A0B733BEB 7CF1F34F2B6B48B35779F2F45DC3F4ABFA0BDBD66ADB128945F6329EF6344DFA00000000000000000000000000000000
CONN: ssl 10.42.0.230 64076 93.184.221.225 443 sni:ir.ebaystatic.com names:www.ebay.com/www.ebay.com/m.ebay.com.au/m.ebay.com/m.ebay.co.uk/info.ebayinc.com/image.edpn.ebay.com/i.ebayimg.com/gh.ebaystatic.com/fundinginstrument.ebay.de/cdn.ebaymainstreet.com/apacshippingtool.ebay.com/apacshipping.ebay.com.hk/anywhere.ebay.pl/anywhere.ebay.nl/anywhere.ebay.it/m.ebay.de/anywhere.ebay.in/anywhere.ebay.es/anywhere.ebay.com.sg/anywhere.ebay.com.hk/anywhere.ebay.com/anywhere.ebay.ch/anywhere.ebay.ca/anywhere.ebay.be/anywhere.ebay.at/identity-api.ebay.com/akamai-static.ebaycdn.net/verizon-static.ebaycdn.net/fastly-static.ebaycdn.net/level3-static.ebaycdn.net/video.ebaycdn.net/anywhere.ebay.ie/m.ebay.fr/m.ebay.it/rover.ebay.co.uk/svcs.ebay.com/srwsvcs.ebay.com/srv.uk.ebayrtm.com/srv.main.ebayrtm.com/srv.it.ebayrtm.com/srv.in.ebayrtm.com/srv.fr.ebayrtm.com/srv.de.ebayrtm.com/srv.au.ebayrtm.com/sofe.express.ebay.com/sofe.ebay.it/sofe.ebay.in/sofe.ebay.fr/sofe.ebay.de/sofe.ebay.com.au/sofe.ebay.com/sofe.ebay.co.uk/rover.ebay.com/rover.ebay.com.au/rover.ebay.de/rover.ebay.fr/rover.ebay.in/rover.ebay.it/secureinclude.ebaystatic.com/secureir.ebaystatic.com/secureir.sandbox.ebaystatic.com/securepics.ebaystatic.com/securertm.ebaystatic.com/shippingtool.ebay.cn/sofe.ebay.at/ir.ebaystatic.com/thumbs.ebaystatic.com/thumbs3.ebaystatic.com/thumbs2.ebaystatic.com/thumbs1.ebaystatic.com/thumbs4.ebaystatic.com/ucpstatic.ebay.com sproto:TLSv1.3:TLS_AES_128_GCM_SHA256 dproto:TLSv1.3:TLS_AES_256_GCM_SHA384 origcrt:8D4BBBCDE0E465CC5615CF00B097A257B7792892 usedcrt:56422B2A6D4DF07B59C7CAF43115B2F30BDB804F user:-
SSL connected to [93.184.221.225]:443 TLSv1.3 TLS_AES_128_GCM_SHA256
CLIENT_RANDOM 2E3A06A4D91D779663F35CEF192C2AA3E16B89A330A49939559B6D1DA55D1EC5 EB621D8EA31DE2E2B679B82D7FF5D1A1EAE7614B348FCA774855F5EB72195CA800000000000000000000000000000000
Child connecting to [93.184.221.225]:443
Child connecting to [93.184.221.225]:443
SNI peek: [i.ebayimg.com] [complete], fd=96
Connecting to [199.232.190.206]:443
Attempt reuse dst SSL session
SNI peek: [i.ebayimg.com] [complete], fd=97
Connecting to [199.232.190.206]:443
Attempt reuse dst SSL session
SNI peek: [i.ebayimg.com] [complete], fd=98
Connecting to [199.232.190.206]:443
Attempt reuse dst SSL session
SNI peek: [i.ebayimg.com] [complete], fd=99
Connecting to [199.232.190.206]:443
Attempt reuse dst SSL session
===> Original server certificate:
===> Original server certificate:
Subject DN: /C=US/ST=California/L=San Jose/O=eBay, Inc./CN=i.ebayimg.com
Subject DN: /C=US/ST=California/L=San Jose/O=eBay, Inc./CN=i.ebayimg.com
Common Names: i.ebayimg.com/apisd.ebay.com/i.ebayimg.com/i1.ebayimg.com/i2.ebayimg.com/i3.ebayimg.com/ir.ebaystatic.com/secureir.ebaystatic.com/thumbs.ebaystatic.com/thumbs1.ebaystatic.com/thumbs2.ebaystatic.com/thumbs3.ebaystatic.com/thumbs4.ebaystatic.com/t3-apisd.ebay.com
Fingerprint: 46:10:68:D3:20:3D:18:AC:87:3517:83:E9:36:E5:69:4D:CE:17:1C
Certificate cache: HIT
===> Forged server certificate:
Common Names: i.ebayimg.com/apisd.ebay.com/i.ebayimg.com/i1.ebayimg.com/i2.ebayimg.com/i3.ebayimg.com/ir.ebaystatic.com/secureir.ebaystatic.com/thumbs.ebaystatic.com/thumbs1.ebaystatic.com/thumbs2.ebaystatic.com/thumbs3.ebaystatic.com/thumbs4.ebaystatic.com/t3-apisd.ebay.com
Subject DN: /C=US/ST=California/L=San Jose/O=eBay, Inc./CN=i.ebayimg.com
Fingerprint: 46:10:68:D3:20:3D:18:AC:87:3517:83:E9:36:E5:69:4D:CE:17:1C
Common Names: i.ebayimg.com/apisd.ebay.com/i.ebayimg.com/i1.ebayimg.com/i2.ebayimg.com/i3.ebayimg.com/ir.ebaystatic.com/secureir.ebaystatic.com/thumbs.ebaystatic.com/thumbs1.ebaystatic.com/thumbs2.ebaystatic.com/thumbs3.ebaystatic.com/thumbs4.ebaystatic.com/t3-apisd.ebay.com
Certificate cache: HIT
Fingerprint: E5:D5:7F:85:E3:EB:DC:5A:36:76F7:F6:80:04:FF:6E:55:9C:3C:DF
===> Forged server certificate:
Subject DN: /C=US/ST=California/L=San Jose/O=eBay, Inc./CN=i.ebayimg.com
Common Names: i.ebayimg.com/apisd.ebay.com/i.ebayimg.com/i1.ebayimg.com/i2.ebayimg.com/i3.ebayimg.com/ir.ebaystatic.com/secureir.ebaystatic.com/thumbs.ebaystatic.com/thumbs1.ebaystatic.com/thumbs2.ebaystatic.com/thumbs3.ebaystatic.com/thumbs4.ebaystatic.com/t3-apisd.ebay.com
Fingerprint: E5:D5:7F:85:E3:EB:DC:5A:36:76F7:F6:80:04:FF:6E:55:9C:3C:DF
===> Original server certificate:
Subject DN: /C=US/ST=California/L=San Jose/O=eBay, Inc./CN=i.ebayimg.com
Common Names: i.ebayimg.com/apisd.ebay.com/i.ebayimg.com/i1.ebayimg.com/i2.ebayimg.com/i3.ebayimg.com/ir.ebaystatic.com/secureir.ebaystatic.com/thumbs.ebaystatic.com/thumbs1.ebaystatic.com/thumbs2.ebaystatic.com/thumbs3.ebaystatic.com/thumbs4.ebaystatic.com/t3-apisd.ebay.com
Fingerprint: 46:10:68:D3:20:3D:18:AC:87:3517:83:E9:36:E5:69:4D:CE:17:1C
Certificate cache: HIT
===> Forged server certificate:
Subject DN: /C=US/ST=California/L=San Jose/O=eBay, Inc./CN=i.ebayimg.com
Common Names: i.ebayimg.com/apisd.ebay.com/i.ebayimg.com/i1.ebayimg.com/i2.ebayimg.com/i3.ebayimg.com/ir.ebaystatic.com/secureir.ebaystatic.com/thumbs.ebaystatic.com/thumbs1.ebaystatic.com/thumbs2.ebaystatic.com/thumbs3.ebaystatic.com/thumbs4.ebaystatic.com/t3-apisd.ebay.com
Fingerprint: E5:D5:7F:85:E3:EB:DC:5A:36:76F7:F6:80:04:FF:6E:55:9C:3C:DF
===> Original server certificate:
Subject DN: /C=US/ST=California/L=San Jose/O=eBay, Inc./CN=i.ebayimg.com
Common Names: i.ebayimg.com/apisd.ebay.com/i.ebayimg.com/i1.ebayimg.com/i2.ebayimg.com/i3.ebayimg.com/ir.ebaystatic.com/secureir.ebaystatic.com/thumbs.ebaystatic.com/thumbs1.ebaystatic.com/thumbs2.ebaystatic.com/thumbs3.ebaystatic.com/thumbs4.ebaystatic.com/t3-apisd.ebay.com
Fingerprint: 46:10:68:D3:20:3D:18:AC:87:3517:83:E9:36:E5:69:4D:CE:17:1C
Certificate cache: HIT
===> Forged server certificate:
Subject DN: /C=US/ST=California/L=San Jose/O=eBay, Inc./CN=i.ebayimg.com
Common Names: i.ebayimg.com/apisd.ebay.com/i.ebayimg.com/i1.ebayimg.com/i2.ebayimg.com/i3.ebayimg.com/ir.ebaystatic.com/secureir.ebaystatic.com/thumbs.ebaystatic.com/thumbs1.ebaystatic.com/thumbs2.ebaystatic.com/thumbs3.ebaystatic.com/thumbs4.ebaystatic.com/t3-apisd.ebay.com
Fingerprint: E5:D5:7F:85:E3:EB:DC:5A:36:76F7:F6:80:04:FF:6E:55:9C:3C:DF
SSL connected to [199.232.190.206]:443 TLSv1.3 TLS_AES_256_GCM_SHA384
CLIENT_RANDOM 23CA0704A0D7C644E2F3E891C402001EBC0CE6957CA3E746CE98ED27518CD71C 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
SSL session cache: MISS
Certificate cache: KEEP (SNI match or target mode)
SSL connected to [199.232.190.206]:443 TLSv1.3 TLS_AES_256_GCM_SHA384
CLIENT_RANDOM 54660C68D34F488C6385D997966F79C50819637FAB330CD3DE4DE9896C3C1CE3 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
SSL session cache: MISS
Certificate cache: KEEP (SNI match or target mode)
SSL connected to [199.232.190.206]:443 TLSv1.3 TLS_AES_256_GCM_SHA384
CLIENT_RANDOM B13284BFF0B32FD4D6F8005669E8CC8E5AFE3088DCFAA024FDCBCB7DFFCDCF3F 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
SSL session cache: MISS
SSL connected to [199.232.190.206]:443 TLSv1.3 TLS_AES_256_GCM_SHA384
CLIENT_RANDOM C0D89446E71DEA5CCBAAEE4EAA58DC85757F633410A9CAF817E8485C910A3B21 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
Certificate cache: KEEP (SNI match or target mode)
SSL session cache: MISS
Certificate cache: KEEP (SNI match or target mode)
CONN: ssl 10.42.0.230 64080 199.232.190.206 443 sni:i.ebayimg.com names:i.ebayimg.com/apisd.ebay.com/i.ebayimg.com/i1.ebayimg.com/i2.ebayimg.com/i3.ebayimg.com/ir.ebaystatic.com/secureir.ebaystatic.com/thumbs.ebaystatic.com/thumbs1.ebaystatic.com/thumbs2.ebaystatic.com/thumbs3.ebaystatic.com/thumbs4.ebaystatic.com/t3-apisd.ebay.com sproto:TLSv1.3:TLS_AES_128_GCM_SHA256 dproto:TLSv1.3:TLS_AES_256_GCM_SHA384 origcrt:461068D3203D18AC87351783E936E5694DCE171C usedcrt:E5D57F85E3EBDC5A3676F7F68004FF6E559C3CDF user:-
SSL connected to [199.232.190.206]:443 TLSv1.3 TLS_AES_128_GCM_SHA256
CLIENT_RANDOM 31C7E07A2F5AD2C7BAA8A50465FB558FD596663E72115D7D385400E9C9ECD164 5ACA864E721ADFE6CC8D4878F0143AF48140E04CFAC97AC6237F6FF8C02CF58A00000000000000000000000000000000
CONN: ssl 10.42.0.230 64078 199.232.190.206 443 sni:i.ebayimg.com names:i.ebayimg.com/apisd.ebay.com/i.ebayimg.com/i1.ebayimg.com/i2.ebayimg.com/i3.ebayimg.com/ir.ebaystatic.com/secureir.ebaystatic.com/thumbs.ebaystatic.com/thumbs1.ebaystatic.com/thumbs2.ebaystatic.com/thumbs3.ebaystatic.com/thumbs4.ebaystatic.com/t3-apisd.ebay.com sproto:TLSv1.3:TLS_AES_128_GCM_SHA256 dproto:TLSv1.3:TLS_AES_256_GCM_SHA384 origcrt:461068D3203D18AC87351783E936E5694DCE171C usedcrt:E5D57F85E3EBDC5A3676F7F68004FF6E559C3CDF user:-
SSL connected to [199.232.190.206]:443 TLSv1.3 TLS_AES_128_GCM_SHA256
CLIENT_RANDOM 41AB92768D9EC98B405B6224EA6E97AFD9ED7EA883A177D817671D59EEDF6739 30C2761AA0AB3C7C9D56D7F1618F6EBF7AA6D06B6BFBDFF8F4C94A2CA1A8541E00000000000000000000000000000000
CONN: ssl 10.42.0.230 64077 199.232.190.206 443 sni:i.ebayimg.com names:i.ebayimg.com/apisd.ebay.com/i.ebayimg.com/i1.ebayimg.com/i2.ebayimg.com/i3.ebayimg.com/ir.ebaystatic.com/secureir.ebaystatic.com/thumbs.ebaystatic.com/thumbs1.ebaystatic.com/thumbs2.ebaystatic.com/thumbs3.ebaystatic.com/thumbs4.ebaystatic.com/t3-apisd.ebay.com sproto:TLSv1.3:TLS_AES_128_GCM_SHA256 dproto:TLSv1.3:TLS_AES_256_GCM_SHA384 origcrt:461068D3203D18AC87351783E936E5694DCE171C usedcrt:E5D57F85E3EBDC5A3676F7F68004FF6E559C3CDF user:-
SSL connected to [199.232.190.206]:443 TLSv1.3 TLS_AES_128_GCM_SHA256
CLIENT_RANDOM 421E7722A0D5D58923445BF8C6B2E18A9BC6D8851C99743E959AB97792B2AD18 C6C89E30DF0211A6C49AAC29CE4EE4B0932F7CE36698F321EC9B8D284CE4C97B00000000000000000000000000000000
CONN: ssl 10.42.0.230 64079 199.232.190.206 443 sni:i.ebayimg.com names:i.ebayimg.com/apisd.ebay.com/i.ebayimg.com/i1.ebayimg.com/i2.ebayimg.com/i3.ebayimg.com/ir.ebaystatic.com/secureir.ebaystatic.com/thumbs.ebaystatic.com/thumbs1.ebaystatic.com/thumbs2.ebaystatic.com/thumbs3.ebaystatic.com/thumbs4.ebaystatic.com/t3-apisd.ebay.com sproto:TLSv1.3:TLS_AES_128_GCM_SHA256 dproto:TLSv1.3:TLS_AES_256_GCM_SHA384 origcrt:461068D3203D18AC87351783E936E5694DCE171C usedcrt:E5D57F85E3EBDC5A3676F7F68004FF6E559C3CDF user:-
SSL connected to [199.232.190.206]:443 TLSv1.3 TLS_AES_128_GCM_SHA256
CLIENT_RANDOM 6ADFA7DFB6CE6649D7632247E88A842DF02D7D3A6207C1F07D982C7D89E08BF6 FBCABB483289AB323E13FAD8334411CF00AC48FF0404315E5605C891442484B600000000000000000000000000000000
Child connecting to [199.232.190.206]:443
Child connecting to [199.232.190.206]:443
Child connecting to [199.232.190.206]:443
SNI peek: [client.wns.windows.com] [complete], fd=115

Config option to disable sslproxy header

Trying to keep my http headers as clean as possible, but always can see sslproxy header, finally just disabled it in the code:

+++ src/protohttp.c
@@ -612,11 +612,13 @@ protohttp_filter_request_header(struct evbuffer *inbuf, struct evbuffer *outbuf,
                }
                free(line);

+               /*
                if ((type == CONN_TYPE_PARENT) && ctx->divert && !ctx->sent_sslproxy_header) {
                        ctx->sent_sslproxy_header = 1;
                        log_finer_va("INSERT= %s", ctx->sslproxy_header);
                        evbuffer_add_printf(outbuf, "%s\r\n", ctx->sslproxy_header);
                }
+               */
        }

        if (http_ctx->seen_req_header) {

Is it possible to make some option in config to add this header optionally?

SSLProxy "Client-side BEV_EVENT_ERROR" problem in FreeBSD

Hi, i have installed and configured SSLproxy v0.8.3 (built 2021-05-05) on FreeBSD 11.2 and FreeBSD 13.0 Release versions according to sslproxy freebsd man page instructions . I am also imported ca.crt to my firefox browser but i could not run sslproxy.
Any help would be appreciated.

***** my PF and IPFW configs here:**

######## IPFW RULES ##########

ipfw -q -f flush

ipfw -q add 1 allow all from any to any out via lo0
ipfw -q add 2 allow all from any to any in via lo0

ipfw -q add 3 fwd 127.0.0.1,8443 tcp from 192.168.2.0/24 to any 443

ipfw -q add 65534 allow ip from any to any

######## PF RULES ##########

int_if = "em1"
ext_if = "em0"
int_net = "192.168.2.0/24"

set loginterface em0

# Do not skip lo, we have rules for lo conns
#set skip on lo

#openbsd's pf rule# scrub in (no-df)
scrub in log all

nat on em0 from { !em0 } to any -> (em0)

pass out quick on lo0 from any to any
pass in quick on lo0 from any to any

pass in quick on em1 proto { tcp udp } from any to any port 53
pass in quick on em0 proto { tcp udp } from any to any port 53

##################################################
***Output of sslproxy -V

root@host:~ # sslproxy -V
SSLproxy v0.8.3 (built 2021-05-05)
Copyright (c) 2017-2021, Soner Tari <[email protected]>
https://github.com/sonertari/SSLproxy
Copyright (c) 2009-2019, Daniel Roethlisberger <[email protected]>
https://www.roe.ch/SSLsplit
Build info: V:GIT
Features: -DHAVE_IPFILTER -DHAVE_IPFW -DHAVE_PF -DWITHOUT_USERAUTH
NAT engines: pf* ipfw ipfilter
ipfilter: version 5010200
Local process info support: yes (FreeBSD sysctl)
compiled against OpenSSL 1.0.2o  27 Mar 2018 (100020ff)
rtlinked against OpenSSL 1.0.2o  27 Mar 2018 (100020ff)
OpenSSL has support for TLS extensions
TLS Server Name Indication (SNI) supported
OpenSSL is thread-safe with THREADID
OpenSSL has engine support
Using SSL_MODE_RELEASE_BUFFERS
SSL/TLS protocol availability: ssl3 tls10 tls11 tls12 
SSL/TLS algorithm availability: SHA0 RSA DSA ECDSA DH ECDH EC
OpenSSL option availability: SSL_OP_NO_COMPRESSION SSL_OP_NO_TICKET SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION SSL_OP_TLS_ROLLBACK_BUG
compiled against libevent 2.1.8-stable
rtlinked against libevent 2.1.8-stable
compiled against libnet 1.1.6
rtlinked against libnet 1.1.6
compiled against libpcap n/a
rtlinked against libpcap 1.8.1
4 CPU cores detected

***root@host:~ # uname -a
FreeBSD host 11.2-RELEASE-p14 FreeBSD 11.2-RELEASE-p14 #0: Mon Aug 19 22:38:50 UTC 2019 [email protected]:/usr/obj/usr/src/sys/GENERIC amd64

***Exact command line arguments used to run sslproxy

`root@host:~ # /usr/local/bin/sslproxy -f /etc/sslproxy/sslproxy.conf -D`
SSLproxy v0.8.3 (built 2021-05-05)
Copyright (c) 2017-2021, Soner Tari <[email protected]>
https://github.com/sonertari/SSLproxy
Copyright (c) 2009-2019, Daniel Roethlisberger <[email protected]>
https://www.roe.ch/SSLsplit
Build info: V:GIT
Features: -DHAVE_IPFILTER -DHAVE_IPFW -DHAVE_PF -DWITHOUT_USERAUTH
NAT engines: pf* ipfw ipfilter
ipfilter: version 5010200
Local process info support: yes (FreeBSD sysctl)
compiled against OpenSSL 1.0.2o  27 Mar 2018 (100020ff)
rtlinked against OpenSSL 1.0.2o  27 Mar 2018 (100020ff)
OpenSSL has support for TLS extensions
TLS Server Name Indication (SNI) supported
OpenSSL is thread-safe with THREADID
OpenSSL has engine support
Using SSL_MODE_RELEASE_BUFFERS
SSL/TLS protocol availability: ssl3 tls10 tls11 tls12 
SSL/TLS algorithm availability: SHA0 RSA DSA ECDSA DH ECDH EC
OpenSSL option availability: SSL_OP_NO_COMPRESSION SSL_OP_NO_TICKET SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION SSL_OP_TLS_ROLLBACK_BUG
compiled against libevent 2.1.8-stable
rtlinked against libevent 2.1.8-stable
compiled against libnet 1.1.6
rtlinked against libnet 1.1.6
compiled against libpcap n/a
rtlinked against libpcap 1.8.1
4 CPU cores detected
Generated 2048 bit RSA key for leaf certs.
Global SSL/TLS protocol: negotiate
proxyspecs:
- listen=[127.0.0.1]:8466 tcp|autossl pf
parent dst addr= [127.0.0.1]:9199
child src addr= [127.0.0.1]:0
opts=|passthrough|ALL:!RC4|TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256|no ecdhcurve|no leafcrlurl|remove_http_referer|verify_peer|validate_proto|8192
SSL/TLS protocol: negotiate
- listen=[127.0.0.1]:8465 ssl|smtp pf
parent dst addr= [127.0.0.1]:9199
child src addr= [127.0.0.1]:0
opts=|passthrough|ALL:!RC4|TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256|no ecdhcurve|no leafcrlurl|remove_http_referer|verify_peer|validate_proto|8192
SSL/TLS protocol: negotiate
- listen=[127.0.0.1]:8464 tcp|smtp pf
parent dst addr= [127.0.0.1]:9199
child src addr= [127.0.0.1]:0
opts=|passthrough|ALL:!RC4|TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256|no ecdhcurve|no leafcrlurl|remove_http_referer|verify_peer|validate_proto|8192
SSL/TLS protocol: negotiate
- listen=[127.0.0.1]:8995 ssl|pop3 pf
parent dst addr= [127.0.0.1]:8110
child src addr= [127.0.0.1]:0
opts=|passthrough|ALL:!RC4|TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256|no ecdhcurve|no leafcrlurl|remove_http_referer|verify_peer|validate_proto|8192
SSL/TLS protocol: negotiate
- listen=[127.0.0.1]:8994 tcp|pop3 pf
parent dst addr= [127.0.0.1]:8110
child src addr= [127.0.0.1]:0
opts=|passthrough|ALL:!RC4|TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256|no ecdhcurve|no leafcrlurl|remove_http_referer|verify_peer|validate_proto|8192
SSL/TLS protocol: negotiate
- listen=[127.0.0.1]:8443 ssl|http pf
parent dst addr= [127.0.0.1]:8080
child src addr= [127.0.0.1]:0
opts=|passthrough|ALL:!RC4|TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256|no ecdhcurve|no leafcrlurl|remove_http_referer|verify_peer|validate_proto|8192
SSL/TLS protocol: negotiate
- listen=[127.0.0.1]:8081 tcp|http pf
parent dst addr= [127.0.0.1]:8080
child src addr= [127.0.0.1]:0
opts=|passthrough|ALL:!RC4|TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256|no ecdhcurve|no leafcrlurl|remove_http_referer|verify_peer|validate_proto|8192
SSL/TLS protocol: negotiate
Loaded CA: '/O=SSLproxy Root CA/CN=SSLproxy Root CA'
Loaded ProxySpec CA: '/O=SSLproxy Root CA/CN=SSLproxy Root CA'
Loaded ProxySpec CA: '/O=SSLproxy Root CA/CN=SSLproxy Root CA'
Loaded ProxySpec CA: '/O=SSLproxy Root CA/CN=SSLproxy Root CA'
Loaded ProxySpec CA: '/O=SSLproxy Root CA/CN=SSLproxy Root CA'
Loaded ProxySpec CA: '/O=SSLproxy Root CA/CN=SSLproxy Root CA'
Loaded ProxySpec CA: '/O=SSLproxy Root CA/CN=SSLproxy Root CA'
Loaded ProxySpec CA: '/O=SSLproxy Root CA/CN=SSLproxy Root CA'
SSL/TLS leaf certificates taken from:
- Global generated on the fly
NAT engine preinit 'pf'
Privsep fastpath disabled
Created self-pipe [r=6,w=7]
Created chld-pipe [r=8,w=9]
Created socketpair 0 [p=10,c=11]
Created socketpair 1 [p=12,c=13]
Created socketpair 2 [p=14,c=15]
Created socketpair 3 [p=16,c=17]
Created socketpair 4 [p=18,c=19]
Created socketpair 5 [p=20,c=21]
Privsep parent pid 35042
NAT engine fini 'pf'
Privsep child pid 35056
Using libevent backend 'kqueue'
Event base supports: edge yes, O(1) yes, anyfd yes
Received privsep req type 03 sz 9 on srvsock 10
Received privsep req type 03 sz 9 on srvsock 10
Received privsep req type 03 sz 9 on srvsock 10
Received privsep req type 03 sz 9 on srvsock 10
Received privsep req type 03 sz 9 on srvsock 10
Received privsep req type 03 sz 9 on srvsock 10
Received privsep req type 03 sz 9 on srvsock 10
Received privsep req type 00 sz 1 on srvsock 10
Dropped privs to user nobody group - chroot -
Received privsep req type 00 sz 1 on srvsock 12
Received privsep req type 00 sz 1 on srvsock 14
Received privsep req type 00 sz 1 on srvsock 18
Received privsep req type 00 sz 1 on srvsock 20
NAT engine init 'pf'
Inserted events:
  0x802e1d6b8 [fd  6] Read Persist
  0x802e1d778 [fd  7] Read Persist
  0x802e1d838 [fd  8] Read Persist
  0x802e1d8f8 [fd  9] Read Persist
  0x802e1d9b8 [fd  10] Read Persist
  0x802e1da78 [fd  12] Read Persist
  0x802e1db38 [fd  14] Read Persist
  0x802e15c80 [sig 1] Signal Persist
  0x802e1f000 [sig 2] Signal Persist
  0x802e15c00 [sig 3] Signal Persist
  0x802e1f080 [sig 13] Signal Persist
  0x802e1f100 [sig 15] Signal Persist
  0x802e1f180 [sig 30] Signal Persist
  0x802e15f80 [fd  -1] Persist Timeout=1623323253.908584
Active events:
Initialized 8 connection handling threads
Started 8 connection handling threads
Starting main event loop.
SNI peek: [web.whatsapp.com] [complete], fd=22
Connecting to [157.240.9.53]:443
STATS: thr=2, mld=0, mfd=0, mat=0, mct=0, iib=0, iob=0, eib=0, eob=0, swm=0, uwm=0, to=0, err=0, si=0
STATS: thr=1, mld=0, mfd=0, mat=0, mct=0, iib=0, iob=0, eib=0, eob=0, swm=0, uwm=0, to=0, err=0, si=0
STATS: thr=4, mld=0, mfd=0, mat=0, mct=0, iib=0, iob=0, eib=0, eob=0, swm=0, uwm=0, to=0, err=0, si=0
STATS: thr=3, mld=0, mfd=0, mat=0, mct=0, iib=0, iob=0, eib=0, eob=0, swm=0, uwm=0, to=0, err=0, si=0
STATS: thr=6, mld=0, mfd=0, mat=0, mct=0, iib=0, iob=0, eib=0, eob=0, swm=0, uwm=0, to=0, err=0, si=0
STATS: thr=7, mld=0, mfd=0, mat=0, mct=0, iib=0, iob=0, eib=0, eob=0, swm=0, uwm=0, to=0, err=0, si=0
STATS: thr=0, mld=1, mfd=24, mat=9, mct=9, iib=0, iob=0, eib=0, eob=0, swm=0, uwm=0, to=0, err=0, si=0
STATS: thr=5, mld=0, mfd=0, mat=0, mct=0, iib=0, iob=0, eib=0, eob=0, swm=0, uwm=0, to=0, err=0, si=0
SNI peek: [push.services.mozilla.com] [complete], fd=25
Connecting to [44.237.185.119]:443
SNI peek: [www.google.com] [complete], fd=28
Connecting to [142.250.187.164]:443
SNI peek: [www.google.com] [complete], fd=30
Connecting to [142.250.187.164]:443
SNI peek: [www.google.com] [complete], fd=33
Connecting to [142.250.187.164]:443
SNI peek: [www.google.com] [complete], fd=36
Connecting to [142.250.187.164]:443
STATS: thr=5, mld=1, mfd=39, mat=1, mct=1, iib=0, iob=0, eib=0, eob=0, swm=0, uwm=0, to=0, err=0, si=1
STATS: thr=6, mld=0, mfd=0, mat=0, mct=0, iib=0, iob=0, eib=0, eob=0, swm=0, uwm=0, to=0, err=0, si=1
STATS: thr=1, mld=1, mfd=27, mat=7, mct=8, iib=0, iob=0, eib=0, eob=0, swm=0, uwm=0, to=0, err=0, si=1
STATS: thr=2, mld=1, mfd=32, mat=1, mct=1, iib=0, iob=0, eib=0, eob=0, swm=0, uwm=0, to=0, err=0, si=1
STATS: thr=3, mld=1, mfd=35, mat=1, mct=1, iib=0, iob=0, eib=0, eob=0, swm=0, uwm=0, to=0, err=0, si=1
STATS: thr=7, mld=0, mfd=0, mat=0, mct=0, iib=0, iob=0, eib=0, eob=0, swm=0, uwm=0, to=0, err=0, si=1
STATS: thr=4, mld=1, mfd=38, mat=1, mct=1, iib=0, iob=0, eib=0, eob=0, swm=0, uwm=0, to=0, err=0, si=1
IDLE: atime=19, ctime=19, src_addr=192.168.2.25:56636, dst_addr=-:-, valid=0
STATS: thr=0, mld=1, mfd=24, mat=19, mct=19, iib=0, iob=0, eib=0, eob=0, swm=0, uwm=0, to=0, err=0, si=1
SNI peek: [www.sozcu.com.tr] [complete], fd=40
Connecting to [35.244.160.147]:443
IDLE: atime=29, ctime=29, src_addr=192.168.2.25:56636, dst_addr=-:-, valid=0
STATS: thr=0, mld=1, mfd=24, mat=29, mct=29, iib=0, iob=0, eib=0, eob=0, swm=0, uwm=0, to=0, err=0, si=2
IDLE: atime=17, ctime=18, src_addr=192.168.2.25:57980, dst_addr=-:-, valid=0
STATS: thr=1, mld=1, mfd=27, mat=17, mct=18, iib=0, iob=0, eib=0, eob=0, swm=0, uwm=0, to=0, err=0, si=2
IDLE: atime=11, ctime=11, src_addr=192.168.2.25:59364, dst_addr=-:-, valid=0
IDLE: atime=11, ctime=11, src_addr=192.168.2.25:59366, dst_addr=-:-, valid=0
STATS: thr=2, mld=1, mfd=32, mat=11, mct=11, iib=0, iob=0, eib=0, eob=0, swm=0, uwm=0, to=0, err=0, si=2
STATS: thr=3, mld=1, mfd=35, mat=11, mct=11, iib=0, iob=0, eib=0, eob=0, swm=0, uwm=0, to=0, err=0, si=2
IDLE: atime=11, ctime=11, src_addr=192.168.2.25:59370, dst_addr=-:-, valid=0
IDLE: atime=11, ctime=11, src_addr=192.168.2.25:59368, dst_addr=-:-, valid=0
STATS: thr=5, mld=1, mfd=39, mat=11, mct=11, iib=0, iob=0, eib=0, eob=0, swm=0, uwm=0, to=0, err=0, si=2
STATS: thr=4, mld=1, mfd=38, mat=11, mct=11, iib=0, iob=0, eib=0, eob=0, swm=0, uwm=0, to=0, err=0, si=2
STATS: thr=6, mld=1, mfd=42, mat=9, mct=9, iib=0, iob=0, eib=0, eob=0, swm=0, uwm=0, to=0, err=0, si=2
STATS: thr=7, mld=0, mfd=0, mat=0, mct=0, iib=0, iob=0, eib=0, eob=0, swm=0, uwm=0, to=0, err=0, si=2
IDLE: atime=21, ctime=21, src_addr=192.168.2.25:59364, dst_addr=-:-, valid=0
STATS: thr=2, mld=1, mfd=32, mat=21, mct=21, iib=0, iob=0, eib=0, eob=0, swm=0, uwm=0, to=0, err=0, si=3
IDLE: atime=21, ctime=21, src_addr=192.168.2.25:59370, dst_addr=-:-, valid=0
STATS: thr=5, mld=1, mfd=39, mat=21, mct=21, iib=0, iob=0, eib=0, eob=0, swm=0, uwm=0, to=0, err=0, si=3
STATS: thr=7, mld=0, mfd=0, mat=0, mct=0, iib=0, iob=0, eib=0, eob=0, swm=0, uwm=0, to=0, err=0, si=3
IDLE: atime=19, ctime=19, src_addr=192.168.2.25:45776, dst_addr=-:-, valid=0
STATS: thr=6, mld=1, mfd=42, mat=19, mct=19, iib=0, iob=0, eib=0, eob=0, swm=0, uwm=0, to=0, err=0, si=3
IDLE: atime=39, ctime=39, src_addr=192.168.2.25:56636, dst_addr=-:-, valid=0
STATS: thr=0, mld=1, mfd=24, mat=39, mct=39, iib=0, iob=0, eib=0, eob=0, swm=0, uwm=0, to=0, err=0, si=3
IDLE: atime=21, ctime=21, src_addr=192.168.2.25:59366, dst_addr=-:-, valid=0
STATS: thr=3, mld=1, mfd=35, mat=21, mct=21, iib=0, iob=0, eib=0, eob=0, swm=0, uwm=0, to=0, err=0, si=3
IDLE: atime=27, ctime=28, src_addr=192.168.2.25:57980, dst_addr=-:-, valid=0
STATS: thr=1, mld=1, mfd=27, mat=27, mct=28, iib=0, iob=0, eib=0, eob=0, swm=0, uwm=0, to=0, err=0, si=3
IDLE: atime=21, ctime=21, src_addr=192.168.2.25:59368, dst_addr=-:-, valid=0
STATS: thr=4, mld=1, mfd=38, mat=21, mct=21, iib=0, iob=0, eib=0, eob=0, swm=0, uwm=0, to=0, err=0, si=3
IDLE: atime=49, ctime=49, src_addr=192.168.2.25:56636, dst_addr=-:-, valid=0
STATS: thr=0, mld=1, mfd=24, mat=49, mct=49, iib=0, iob=0, eib=0, eob=0, swm=0, uwm=0, to=0, err=0, si=4
IDLE: atime=37, ctime=38, src_addr=192.168.2.25:57980, dst_addr=-:-, valid=0
STATS: thr=1, mld=1, mfd=27, mat=37, mct=38, iib=0, iob=0, eib=0, eob=0, swm=0, uwm=0, to=0, err=0, si=4
IDLE: atime=31, ctime=31, src_addr=192.168.2.25:59368, dst_addr=-:-, valid=0
IDLE: atime=31, ctime=31, src_addr=192.168.2.25:59366, dst_addr=-:-, valid=0
IDLE: atime=31, ctime=31, src_addr=192.168.2.25:59370, dst_addr=-:-, valid=0
STATS: thr=3, mld=1, mfd=35, mat=31, mct=31, iib=0, iob=0, eib=0, eob=0, swm=0, uwm=0, to=0, err=0, si=4
STATS: thr=5, mld=1, mfd=39, mat=31, mct=31, iib=0, iob=0, eib=0, eob=0, swm=0, uwm=0, to=0, err=0, si=4
STATS: thr=4, mld=1, mfd=38, mat=31, mct=31, iib=0, iob=0, eib=0, eob=0, swm=0, uwm=0, to=0, err=0, si=4
STATS: thr=7, mld=0, mfd=0, mat=0, mct=0, iib=0, iob=0, eib=0, eob=0, swm=0, uwm=0, to=0, err=0, si=4
IDLE: atime=29, ctime=29, src_addr=192.168.2.25:45776, dst_addr=-:-, valid=0
STATS: thr=6, mld=1, mfd=42, mat=29, mct=29, iib=0, iob=0, eib=0, eob=0, swm=0, uwm=0, to=0, err=0, si=4
IDLE: atime=31, ctime=31, src_addr=192.168.2.25:59364, dst_addr=-:-, valid=0
STATS: thr=2, mld=1, mfd=32, mat=31, mct=31, iib=0, iob=0, eib=0, eob=0, swm=0, uwm=0, to=0, err=0, si=4
SNI peek: [github.com] [complete], fd=43
Connecting to [140.82.121.3]:443
Garbage collecting caches started.
Garbage collecting caches done.
IDLE: atime=41, ctime=41, src_addr=192.168.2.25:59364, dst_addr=-:-, valid=0
STATS: thr=2, mld=1, mfd=32, mat=41, mct=41, iib=0, iob=0, eib=0, eob=0, swm=0, uwm=0, to=0, err=0, si=5
IDLE: atime=47, ctime=48, src_addr=192.168.2.25:57980, dst_addr=-:-, valid=0
IDLE: atime=59, ctime=59, src_addr=192.168.2.25:56636, dst_addr=-:-, valid=0
IDLE: atime=39, ctime=39, src_addr=192.168.2.25:45776, dst_addr=-:-, valid=0
STATS: thr=0, mld=1, mfd=24, mat=59, mct=59, iib=0, iob=0, eib=0, eob=0, swm=0, uwm=0, to=0, err=0, si=5
STATS: thr=6, mld=1, mfd=42, mat=39, mct=39, iib=0, iob=0, eib=0, eob=0, swm=0, uwm=0, to=0, err=0, si=5
IDLE: atime=41, ctime=41, src_addr=192.168.2.25:59368, dst_addr=-:-, valid=0
STATS: thr=1, mld=1, mfd=27, mat=47, mct=48, iib=0, iob=0, eib=0, eob=0, swm=0, uwm=0, to=0, err=0, si=5
STATS: thr=4, mld=1, mfd=38, mat=41, mct=41, iib=0, iob=0, eib=0, eob=0, swm=0, uwm=0, to=0, err=0, si=5
IDLE: atime=41, ctime=41, src_addr=192.168.2.25:59366, dst_addr=-:-, valid=0
STATS: thr=3, mld=1, mfd=35, mat=41, mct=41, iib=0, iob=0, eib=0, eob=0, swm=0, uwm=0, to=0, err=0, si=5
STATS: thr=7, mld=1, mfd=45, mat=6, mct=6, iib=0, iob=0, eib=0, eob=0, swm=0, uwm=0, to=0, err=0, si=5
IDLE: atime=41, ctime=41, src_addr=192.168.2.25:59370, dst_addr=-:-, valid=0
STATS: thr=5, mld=1, mfd=39, mat=41, mct=41, iib=0, iob=0, eib=0, eob=0, swm=0, uwm=0, to=0, err=0, si=5

***sslprox.conf

# Sample configuration for sslproxy v0.8.3
#
# Use the -f command line option to start sslproxy with a config file.
# See sslproxy.conf(5) and sslproxy(1) for documentation.

# Use CA cert (and key) to sign forged certs.
# Equivalent to -c command line option.
CACert /etc/sslproxy/ca.crt

# Use CA key (and cert) to sign forged certs.
# Equivalent to -k command line option.
CAKey /etc/sslproxy/ca.key

# Use cert from pemfile when destination requests client certs.
# Equivalent to -a command line option.
#ClientCert /etc/sslproxy/client.crt

# Use key from pemfile when destination requests client certs.
# Equivalent to -b command line option.
#ClientKey /etc/sslproxy/client.key

# Use CA chain from pemfile (intermediate and root CA certs).
# Equivalent to -C command line option.
#CAChain /etc/sslproxy/chain.crt

# Use key from pemfile for leaf certs.
# Equivalent to -K command line option.
# (default: generate)
#LeafKey /etc/sslproxy/leaf.key

# Use URL as CRL distribution point for all forged certs.
# Equivalent to -q command line option.
#LeafCRLURL http://example.com/example.crl

# Use cert+chain+key PEM files from certdir to target all sites matching the
# common names (non-matching: generate if CA).
# Equivalent to -t command line option.
#LeafCertDir /etc/sslproxy/leaf.d

# Use cert+chain+key from PEM file instead of generating leaf keys on the fly.
# Equivalent to -A command line option.
#DefaultLeafCert /etc/sslproxy/leaf.pem

# Write leaf key and only generated certificates to gendir.
# Equivalent to -w command line option.
#WriteGenCertsDir /var/log/sslproxy

# Write leaf key and all certificates to gendir.
# Equivalent to -W command line option.
#WriteAllCertsDir /var/log/sslproxy

# Deny all OCSP requests on all proxyspecs.
# Equivalent to -O command line option.
#DenyOCSP yes

# Passthrough SSL connections if they cannot be split because of client cert 
# auth or no matching cert and no CA.
# Equivalent to -P command line option.
# (default: drop)
Passthrough yes

# Use DH group params from pemfile.
# Equivalent to -g command line option.
# (default: keyfiles or auto)
#DHGroupParams /etc/sslproxy/dh.pem

# Use ECDH named curve.
# Equivalent to -G command line option.
# (default: prime256v1)
#ECDHCurve prime256v1

# Enable/disable SSL/TLS compression on all connections.
# Equivalent to -Z command line option.
#SSLCompression no

# Force SSL/TLS protocol version only.
# Equivalent to -r command line option.
# (default: all)
#ForceSSLProto tls12

# Disable SSL/TLS protocol version.
# Equivalent to -R command line option.
# (default: none)
#DisableSSLProto tls10

# Min SSL/TLS protocol version.
# (default: tls10)
#MinSSLProto tls10

# Max SSL/TLS protocol version.
# (default: tls12 or tls13, depending on the version of SSL library)
#MaxSSLProto tls13

# Use the given OpenSSL ciphers spec.
# Equivalent to -s command line option.
# (default: ALL:-aNULL)
Ciphers ALL:!RC4

# Use the given OpenSSL ciphersuites spec.
# The ciphersuites spec is for TLS 1.3.
# Equivalent to -U command line option.
# (default: TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256)
#CipherSuites TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256

# Leaf key RSA keysize in bits, use 1024|2048|3072|4096.
# (default: 2048)
LeafKeyRSABits 2048

# OpenSSL engine to activate, either ID or full path to shared library
# Equivalent to -x command line option
#OpenSSLEngine cloudhsm

# Specify default NAT engine to use.
# Equivalent to -e command line option.
NATEngine pf

# Drop privileges to user.
# Equivalent to -u command line option.
# (default: nobody, if run as root)
#User _sslproxy

# Drop privileges to group.
# Equivalent to -m command line option.
# (default: primary group of user)
#Group _sslproxy

# chroot() to jaildir (impacts sni proxyspecs, see sslproxy(1)).
# Equivalent to -j command line option.
#Chroot /var/run/sslproxy

# Write pid to file.
# Equivalent to -p command line option.
# (default: no pid file)
PidFile /var/run/sslproxy.pid

# Connect log: log one line summary per connection to logfile.
# Equivalent to -l command line option.
#ConnectLog /var/log/sslproxy/connect.log

# Content log: full data to file or named pipe
# (excludes ContentLogDir/ContentLogPathSpec).
# Equivalent to -L command line option.
ContentLog /var/log/sslproxy/content.log

# Content log: full data to separate files in dir
# (excludes ContentLog/ContentLogPathSpec).
# Equivalent to -S command line option.
#ContentLogDir /var/log/sslproxy/content

# Content log: full data to sep files with % subst
# (excludes ContentLog/ContentLogDir).
# Equivalent to -F command line option.
#ContentLogPathSpec /var/log/sslproxy/%X/%u-%s-%d-%T.log

# Look up local process owning each connection for logging.
# Equivalent to -i command line option.
#LogProcInfo yes

# Pcap log: packets to pcapfile (excludes PcapLogDir/PcapLogPathSpec).
# Equivalent to -X command line option.
#PcapLog /var/log/sslproxy/content.pcap

# Pcap log: packets to separate files in dir
# (excludes PcapLog/PcapLogPathSpec).
# Equivalent to -Y command line option.
#PcapLogDir /var/log/sslproxy/pcap

# Pcap log: packets to sep files with % subst (excludes PcapLog/PcapLogDir).
# Equivalent to -y command line option.
#PcapLogPathSpec /var/log/sslproxy/%X/%u-%s-%d-%T.pcap

# Mirror packets to interface.
# Equivalent to -I command line option.
#MirrorIf lo

# Mirror packets to target address (used with MirrorIf).
# Equivalent to -T command line option. Leave commented if the target is
# irrelevant (e.g. mirror to dummy device)
#MirrorTarget 192.0.2.1

# Log master keys to logfile in SSLKEYLOGFILE format.
# Equivalent to -M command line option.
#MasterKeyLog /var/log/sslproxy/masterkeys.log

# Daemon mode: run in background, log error messages to syslog.
# Equivalent to -d command line option.
Daemon no

# Debug mode: run in foreground, log debug messages on stderr.
# Equivalent to -D command line option.
#Debug yes

# Verbose debug level
#DebugLevel 4

# Close connections after this many seconds of idle time
ConnIdleTimeout 120

# Check for expired connections every this many seconds
ExpiredConnCheckPeriod 10

# Log statistics to syslog
# Equivalent to -J command line option.
LogStats yes

# Log statistics every this many ExpiredConnCheckPeriod periods
StatsPeriod 1

# Remove HTTP header line for Accept-Encoding
RemoveHTTPAcceptEncoding no

# Remove HTTP header line for Referer
RemoveHTTPReferer yes

# Verify peer using default certificates
VerifyPeer yes

# When disabled, never add the SNI to forged certificates, even if the SNI
# provided by the client does not match the server certificate's CN/SAN.
# Helps pass the wrong.host test at https://badssl.com.
AllowWrongHost no

# Require authentication for users to use SSLproxy
#UserAuth yes

# Path to user db file
#UserDBPath /var/db/users.db

# Time users out after this many seconds of idle time
#UserTimeout 300

# Redirect URL for users to log in to the system
#UserAuthURL https://192.168.8.1/userdblogin.php

# Comma separated list of users diverted by all proxyspecs
# Connections from these users are diverted to listening programs.
# Users not listed in DivertUsers or PassUsers are blocked.
# Max of 50 users can be listed.
#DivertUsers utmfw

# Comma separated list of users passed through by all proxyspecs
# Connections from these users are simply passed through to their original destinations,
# not diverted to listening programs.
# Users not listed in DivertUsers or PassUsers are blocked.
# Max of 50 users can be listed.
#PassUsers admin

# Validate proxy spec protocols
ValidateProto yes

# Max HTTP header size in bytes for protocol validation
MaxHTTPHeaderSize 8192

# Set open files limit, use 50-10000
OpenFilesLimit 1024

# Proxy specifications
# type listenaddr+port up:utmport ua:utmaddr ra:returnaddr
#ProxySpec https 127.0.0.1 8443 up:8080 [ua:127.0.0.1 ra:127.0.0.1]
ProxySpec http 127.0.0.1 8081 up:8080
ProxySpec https 127.0.0.1 8443 up:8080
ProxySpec pop3 127.0.0.1 8994 up:8110
ProxySpec pop3s 127.0.0.1 8995 up:8110
ProxySpec smtp 127.0.0.1 8464 up:9199
ProxySpec smtps 127.0.0.1 8465 up:9199
ProxySpec autossl 127.0.0.1 8466 up:9199

# Passthrough sites
# site [(clientaddr|(user|*) [description keyword])]
#PassSite example.com
#PassSite example.com 192.168.0.1
#PassSite example.com soner
#PassSite *.google.com * android

***root@host:/etc # ps aux | grep sslproxy

nobody         1526  27.2  0.4   55716   15876  0  S+   10:47     0:00.36 sslproxy -k ca.key -c ca.crt -l connect.log https 127.0.0.1 8443 up:8080
root           1472   2.2  0.2   38048    8832  0  S+   10:47     0:00.61 sslproxy -k ca.key -c ca.crt -l connect.log https 127.0.0.1 8443 up:8080
root           1731   0.0  0.1   14796    2508  1  S+   10:47     0:00.00 grep sslproxy

Error from getsockopt(SO_ORIGINAL_DST): No such file or directory Connection not found in NAT state table, aborting connection / using Docker

Hi when i try to run the SSLProxy (same with Sslplit) inside a Docker Container i always get the folllowing Error
Can you tell what is going wrong here or is it a bug?

sslproxy -D4 -k /SSLproxy/test.key -c /SSLproxy/test.crt -l connect.log -J -S /SSLproxy/logdir -Y /SSLproxy/pcaplogdir https 0.0.0.0 8443 up:1212
| Warning: -F requires a privileged operation for each connection!
| Warning: -Y requires a privileged operation for each connection!
| Privileged operations require communication between parent and child process
| and will negatively impact latency and performance on each connection.
SSLproxy v0.8.3-3-g1bb5bd2 (built 2021-08-16)
Copyright (c) 2017-2021, Soner Tari <[email protected]>
https://github.com/sonertari/SSLproxy
Copyright (c) 2009-2019, Daniel Roethlisberger <[email protected]>
https://www.roe.ch/SSLsplit
Build info: V:GIT
Features: -DHAVE_NETFILTER
NAT engines: netfilter* tproxy
netfilter: IP_TRANSPARENT IP6T_SO_ORIGINAL_DST
Local process info support: no
compiled against OpenSSL 1.1.1  11 Sep 2018 (1010100f)
rtlinked against OpenSSL 1.1.1  11 Sep 2018 (1010100f)
OpenSSL has support for TLS extensions
TLS Server Name Indication (SNI) supported
OpenSSL is thread-safe with THREADID
OpenSSL has engine support
Using SSL_MODE_RELEASE_BUFFERS
SSL/TLS protocol availability: tls10 tls11 tls12 tls13 
SSL/TLS algorithm availability: !SHA0 RSA DSA ECDSA DH ECDH EC
OpenSSL option availability: SSL_OP_NO_COMPRESSION SSL_OP_NO_TICKET SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION SSL_OP_TLS_ROLLBACK_BUG
compiled against libevent 2.1.8-stable
rtlinked against libevent 2.1.8-stable
compiled against libnet 1.1.6
rtlinked against libnet 1.1.6
compiled against libpcap n/a
rtlinked against libpcap 1.8.1
compiled against sqlite 3.22.0
rtlinked against sqlite 3.22.0
8 CPU cores detected
Generated 2048 bit RSA key for leaf certs.
Global SSL/TLS protocol: negotiate>=tls10<=tls13
proxyspecs:
- listen=[0.0.0.0]:8443 ssl|http netfilter
parent dst addr= [127.0.0.1]:1212
child src addr= [127.0.0.1]:0
opts=|ALL:-aNULL|TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256|no ecdhcurve|no leafcrlurl|remove_http_referer|verify_peer|no user_auth_url|300|||8192
SSL/TLS protocol: negotiate>=tls10<=tls13
Loaded CA: '/C=AUT/ST=Austria/L=Innsbruck/O=Uni/OU=test/CN=testl/[email protected]'
Loaded ProxySpec CA: '/C=AUT/ST=Austria/L=Innsbruck/O=Uni/OU=test/CN=test/[email protected]'
SSL/TLS leaf certificates taken from:
- Global generated on the fly
Privsep fastpath disabled
Created self-pipe [r=6,w=7]
Created chld-pipe [r=8,w=9]
Created socketpair 0 [p=10,c=11]
Created socketpair 1 [p=12,c=13]
Created socketpair 2 [p=14,c=15]
Created socketpair 3 [p=16,c=17]
Created socketpair 4 [p=18,c=19]
Created socketpair 5 [p=20,c=21]
Privsep parent pid 15
Privsep child pid 16
Using libevent backend 'epoll'
Event base supports: edge yes, O(1) yes, anyfd no
Received privsep req type 03 sz 9 on srvsock 10
Dropped privs to user nobody group - chroot -
Received privsep req type 00 sz 1 on srvsock 12
Inserted events:
Received privsep req type 00 sz 1 on srvsock 20
  0x55ba807e79b8 [fd  7] Read Persist Internal
  0x55ba807e7b90 [fd  9] Read Persist Internal
  0x55ba807e7fa8 [fd  10] Read Persist
  0x55ba807e53c0 [sig 1] Signal Persist
  0x55ba807e7540 [sig 2] Signal Persist
  0x55ba807e72a0 [sig 3] Signal Persist
  0x55ba807e8460 [sig 10] Signal Persist
  0x55ba807e76d0 [sig 13] Signal Persist
  0x55ba807e6c40 [sig 15] Signal Persist
  0x55ba807e8590 [fd  -1] Persist Timeout=1629129104.868612
Active events:
Initialized 16 connection handling threads
Started 16 connection handling threads
Starting main event loop.
Error from getsockopt(SO_ORIGINAL_DST): No such file or directory
Connection not found in NAT state table, aborting connection

Error from getsockopt(SO_ORIGINAL_DST): No such file or directory
Connection not found in NAT state table, aborting connection
Error from getsockopt(SO_ORIGINAL_DST): No such file or directory
Connection not found in NAT state table, aborting connection
Error from getsockopt(SO_ORIGINAL_DST): No such file or directory
Connection not found in NAT state table, aborting connection
Error from getsockopt(SO_ORIGINAL_DST): No such file or directory
Connection not found in NAT state table, aborting connection
Error from getsockopt(SO_ORIGINAL_DST): No such file or directory
Connection not found in NAT state table, aborting connection
Error from getsockopt(SO_ORIGINAL_DST): No such file or directory
Connection not found in NAT state table, aborting connection
Error from getsockopt(SO_ORIGINAL_DST): No such file or directory
Connection not found in NAT state table, aborting connection
Error from getsockopt(SO_ORIGINAL_DST): No such file or directory
Connection not found in NAT state table, aborting connection
Error from getsockopt(SO_ORIGINAL_DST): No such file or directory
Connection not found in NAT state table, aborting connection
Error from getsockopt(SO_ORIGINAL_DST): No such file or directory
Connection not found in NAT state table, aborting connection
Error from getsockopt(SO_ORIGINAL_DST): No such file or directory
Connection not found in NAT state table, aborting connection
Error from getsockopt(SO_ORIGINAL_DST): No such file or directory
Connection not found in NAT state table, aborting connection
Error from getsockopt(SO_ORIGINAL_DST): No such file or directory
Connection not found in NAT state table, aborting connection
Error from getsockopt(SO_ORIGINAL_DST): No such file or directory
Connection not found in NAT state table, aborting connection

I expose the Port 8443 to the host system

sudo docker run -it -p 8443:8443 testssl

and redirect the traffic from 443 to the port 8443 (on the host)

sudo sysctl -w net.ipv4.ip_forward=1

sudo iptables -t nat -A PREROUTING -i wlp3s0 -p tcp --dport 443 -j REDIRECT --to-port 8443

Thanks in advance

ssslproxy + iproute (mark)

Hello,

I have a question and would like to know if you could clarify. I'm trying to set a mark(setsockopt) to use with iproute2, so where the socket is being opened with the real destination server and internal proxy (squid or e2guardian).

Simple HTTPS request issue (OpenWRT)

I can't seem to get SSLProxy to successfully make an outbound HTTPS connection.

Running on:

root@OpenWrt:~# uname -a
Linux OpenWrt 4.14.63 #0 Thu Aug 16 07:51:15 2018 mips GNU/Linux

When I issue this command:

root@OpenWrt:~# /tmp/sslproxy -c /etc/sslproxy/ca.crt -k /etc/sslproxy/ca.key -D https 192.168.8.1 8443 up:8000 ua:192.168.8.176 ra:192.168.8.1

I get the following output:

SSLproxy v0.7.0-2-gcb67c33-dirty (built 2020-02-14)
Copyright (c) 2017-2019, Soner Tari [email protected]
https://github.com/sonertari/SSLproxy
Copyright (c) 2009-2019, Daniel Roethlisberger [email protected]
https://www.roe.ch/SSLsplit
Build info: V:GIT
Features: -DHAVE_NETFILTER
NAT engines: netfilter* tproxy
netfilter: IP_TRANSPARENT IP6T_SO_ORIGINAL_DST
Local process info support: no
compiled against OpenSSL 1.0.2u 20 Dec 2019 (1000215f)
rtlinked against OpenSSL 1.0.2u 20 Dec 2019 (1000215f)
OpenSSL has support for TLS extensions
TLS Server Name Indication (SNI) supported
OpenSSL is thread-safe with THREADID
OpenSSL has engine support
Using SSL_MODE_RELEASE_BUFFERS
SSL/TLS protocol availability: tls10 tls11 tls12
SSL/TLS algorithm availability: !SHA0 RSA DSA ECDSA DH ECDH EC
OpenSSL option availability: SSL_OP_NO_COMPRESSION SSL_OP_NO_TICKET SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION SSL_OP_TLS_ROLLBACK_BUG
compiled against libevent 2.0.22-stable
rtlinked against libevent 2.0.22-stable
compiled against libnet 1.2-rc3
rtlinked against libnet 1.2-rc3
compiled against libpcap n/a
rtlinked against libpcap 1.8.1
compiled against sqlite 3.31.1
rtlinked against sqlite 3.23.1
1 CPU cores detected
Generated RSA key for leaf certs.
Global SSL/TLS protocol: negotiate
proxyspecs:

listen=[192.168.8.1]:8443 ssl|http netfilter
parent dst addr= [192.168.8.176]:8000
child src addr= [192.168.8.1]:0
opts=|ALL:-aNULL|no ecdhcurve|no crlurl|remove_http_referer|verify_peer|no user_auth_url|300|8192
SSL/TLS protocol: negotiate
Loaded CA: '[removed]'
Loaded ProxySpec CA: '[removed]'
Privsep fastpath disabled
Created self-pipe [r=3,w=4]
Created chld-pipe [r=5,w=6]
Created socketpair 0 [p=7,c=8]
Created socketpair 1 [p=9,c=10]
Created socketpair 2 [p=11,c=12]
Created socketpair 3 [p=13,c=14]
Created socketpair 4 [p=15,c=16]
Created socketpair 5 [p=17,c=18]
Privsep parent pid 4403
Privsep child pid 4404
Using libevent backend 'epoll'
Event base supports: edge yes, O(1) yes, anyfd no
Received privsep req type 03 sz 5 on srvsock 7
proxy_listener_setup: listen=[192.168.8.1]:8443 ssl|http netfilter
parent dst addr= [192.168.8.176]:8000
child src addr= [192.168.8.1]:0
opts=|ALL:-aNULL|no ecdhcurve|no crlurl|remove_http_referer|verify_peer|no user_auth_url|300|8192
SSL/TLS protocol: negotiate
Dropped privs to user nobody group - chroot -
Received privsep req type 00 sz 1 on srvsock 9
Received privsep req type 00 sz 1 on srvsock 11
Received privsep req type 00 sz 1 on srvsock 13
Received privsep req type 00 sz 1 on srvsock 15
Received privsep req type 00 sz 1 on srvsock 17
Inserted events:
0x77f6fd78 [fd 6] Read Persist
0x74cecc [fd 7] Read Persist
0x77f6fc68 [fd 5] Read Persist
0x74caf0 [fd 15] Signal Persist
0x74f130 [fd 3] Signal Persist
0x74f230 [fd 1] Signal Persist
0x74f330 [fd 2] Signal Persist
0x74f8d0 [fd 13] Signal Persist
0x74f9c0 [fd 16] Signal Persist
Initialized 2 connection handling threads
Started 2 connection handling threads
Starting main event loop.

And then when I test it by issuing a curl statement that hands off to sslproxy, sslproxy returns the following:

SNI peek: [www.fireshark.com] [complete], fd=17
Connecting to [13.249.79.115]:443
Client-side BEV_EVENT_ERROR
Error from bufferevent: 0:- 336134278:134:(null):20:(null):144:(null)
SSL_free() in state 00003005 = SSL_ST_CONNECT|SSL_ST_ACCEPT|0005 = SSLERR (error) [connect socket]

I'm not sure what this is telling me. Any ideas on things to try to get this working?

Connection not found in NAT state table

For bug reports, please supply:

Output of sslproxy -V
SSLproxy v0.8.3 (built 2021-04-27)
Copyright (c) 2017-2021, Soner Tari [email protected]
https://github.com/sonertari/SSLproxy
Copyright (c) 2009-2019, Daniel Roethlisberger [email protected]
https://www.roe.ch/SSLsplit
Build info: V:GIT
Features: -DHAVE_NETFILTER
NAT engines: netfilter* tproxy
netfilter: IP_TRANSPARENT IP6T_SO_ORIGINAL_DST
Local process info support: no
compiled against OpenSSL 1.1.1f 31 Mar 2020 (1010106f)
rtlinked against OpenSSL 1.1.1f 31 Mar 2020 (1010106f)
OpenSSL has support for TLS extensions
TLS Server Name Indication (SNI) supported
OpenSSL is thread-safe with THREADID
OpenSSL has engine support
Using SSL_MODE_RELEASE_BUFFERS
SSL/TLS protocol availability: tls10 tls11 tls12 tls13
SSL/TLS algorithm availability: !SHA0 RSA DSA ECDSA DH ECDH EC
OpenSSL option availability: SSL_OP_NO_COMPRESSION SSL_OP_NO_TICKET SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION SSL_OP_TLS_ROLLBACK_BUG
compiled against libevent 2.1.11-stable
rtlinked against libevent 2.1.11-stable
compiled against libnet 1.1.6
rtlinked against libnet 1.1.6
compiled against libpcap n/a
rtlinked against libpcap 1.9.1 (with TPACKET_V3)
compiled against sqlite 3.31.1
rtlinked against sqlite 3.31.1
4 CPU cores detected
Output of uname -a
Linux buddy 5.8.0-43-generic #49~20.04.1-Ubuntu SMP Fri Feb 5 09:57:56 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
Exact command line arguments used to run sslproxy
sslproxy https 0.0.0.0 8443 up:8080 -k private_key.pem -c session.crt
Relevant part of debug mode (-D) output, if applicable
Error from getsockopt(SO_ORIGINAL_DST): Protocol not available
Connection not found in NAT state table, aborting connection

I use sslproxy for analysing https packet. I use firefox browser and added manual proxy configuration with https proxy 127.0.0.1 8443. I use a python program to listen for connections in port 8080. But once I enter an url in the browser, the ssl proxy is not redirecting packet to the python script.

Any help on why the python script listening on port 8080 is not able t gather the packets will be useful. Thanks.

Please add feature - exception list

Hi,

This is for a feature request: I have turned on ssl interception for my workstations and came across a minor issue: google drive refuses to connect if SSL interception is on. See the cause here.

Is it possible to add an exception list for sites that do application side SSL authentication validation? The passthrough parameter does not work at the moment.

With an exception list I can for example exclude sites and do not work properly and still can mitm other sites. Now I need to turn it on or off. It is a one for all or none for all at this time.

Thank you so much for your effort and time in this excellent software!

Global PassSite and modern passsite_filter

Hi, thanks for excelent project )

In latest release I try specify global PassSite filter, but it ignored (
After review code, I found passsite_filter creates only from global->spec, but not from global->opts.
Is it bug?

Troubles with netfilter TPROXY

Hi! After configuring iptables rule with TPROXY sslproxy has stopped accepting connections. And at the same time, REDIRECT rule works perfectly, and new connections appeared in output with -D option. Installation was performed on CentOS 6.5.
Engine was detected correctly: netfiler* tproxy

An attempt in the directive HAVE_NETFILTER to use methods from directive IP_TRANSPARENT was successful, then rule with TPROXY works fine. It is strange that packets were processed by HAVE_NETFILTER (nat_netfilter_lookup_cb), although they should be processed IP_TRANSPARENT (nat_getsockname_lookup_cb, nat_iptransparent_socket_cb). Or have I made a mistake somewhere?

Question: TLS 1.3

Hello!

Do you have plans to implement TLS 1.3 support on SSLProxy?

Best Regards;

sslproxy prematurely closing connections

I have an environment that works with sslsplit. However I have been unable to get sslproxy to work in this same environment with TLS, HTTP, or TCP.

With sslproxy configred for HTTP and wireshark running on the proxied network I see a request made followed by an immediate TCP RST from sslproxy. With wireshark running on the Internet side I see that sslproxy proxy completes the three way handshake and then immediately sends a TCP FIN without transmitting any data.

With sslproxy configured for HTTPS I see similar behavior. The client hello is sent, the server hello is received, and then sslproxy sends a "Encrypted Alert" that appears to end the connection. I have not decrypted this alert because in this error case no key data gets written to masterkeys.log.

No indications of an errors are outputed to the log.
However, by enabling DDEBUG_PROXY I found the below error on line 687 of prototcp.c

prototcp_bev_eventcb_connected_srvdst: FAILED bufferevent_socket_connect for dst, fd=27

The function 'bufferevent_socket_connect' is returning -1

With a debugger I was able to see that at the time that error is printed, errno is set to 97 (Address family not supported by protocol)

I am uncertain of the cause. I can only theorize that maybe ctx->spec->conn_dst_addr on line 685 is the incorrect type?
(struct sockaddr *)&ctx->spec->conn_dst_addr

UTMFW not interceting SSLPROXY requests

I have installed and configured UTMFW , in the victim machine I have redirected traffic to UTMFW, in the packet filter logs, it does not resolve DNS of the victim machine, instead blocks its request for DNS. I cannot see any connection to SSLProxy as well,

When I turn off packetfilter DNS is resolved and still no connection to sslproxy, someone please tell me the hierarchy to use the UTMFW services for SSLPROXY

Mirror function -I not working anymore.

SSLProxy seems to stuck/stop when I use the -I option in combination with the -T (target) option.

In addition, only the DNS packets seem to be sent to the interface when I use only the -I (interface) option.

If I use the -I in combination with the -T, sslproxy gets stuck at this point (- Global generated on the fly) and nothing happens anymore.

sudo sslproxy -D4 -k test.key -c test.crt -I lo -T 127.0.0.1 -n https 172.16.37.45 8443

Output

sudo sslproxy -D4 -k test.key -c test.crt  -I lo -T 127.0.0.1 -n  https 172.16.37.45 8443
SSLproxy v0.9.2-1-g7033afc (built 2021-12-20)
Copyright (c) 2017-2021, Soner Tari <[email protected]>
https://github.com/sonertari/SSLproxy
Copyright (c) 2009-2019, Daniel Roethlisberger <[email protected]>
https://www.roe.ch/SSLsplit
Build info: V:GIT
Features: -DHAVE_NETFILTER
NAT engines: netfilter* tproxy
netfilter: IP_TRANSPARENT IP6T_SO_ORIGINAL_DST
Local process info support: no
compiled against OpenSSL 1.1.1f  31 Mar 2020 (1010106f)
rtlinked against OpenSSL 1.1.1f  31 Mar 2020 (1010106f)
OpenSSL has support for TLS extensions
TLS Server Name Indication (SNI) supported
OpenSSL is thread-safe with THREADID
OpenSSL has engine support
Using SSL_MODE_RELEASE_BUFFERS
SSL/TLS protocol availability: tls10 tls11 tls12 tls13 
SSL/TLS algorithm availability: !SHA0 RSA DSA ECDSA DH ECDH EC
OpenSSL option availability: SSL_OP_NO_COMPRESSION SSL_OP_NO_TICKET SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION SSL_OP_TLS_ROLLBACK_BUG
compiled against libevent 2.1.11-stable
rtlinked against libevent 2.1.11-stable
compiled against libnet 1.1.6
rtlinked against libnet 1.1.6
compiled against libpcap n/a
rtlinked against libpcap 1.9.1 (with TPACKET_V3)
compiled against sqlite 3.31.1
rtlinked against sqlite 3.31.1
4 CPU cores detected
Generated 2048 bit RSA key for leaf certs.
Global conn opts: negotiate>=tls10<=tls13|ALL:-aNULL|TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256|no ecdhcurve|no leafcrlurl|remove_http_referer|verify_peer|no user_auth_url|300|8192
proxyspecs:
- listen=[172.16.37.45]:8443 ssl|http netfilter
opts= conn opts: negotiate>=tls10<=tls13|ALL:-aNULL|TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256|no ecdhcurve|no leafcrlurl|remove_http_referer|verify_peer|no user_auth_url|300|8192
split||
Loaded Global CA: '/C=DE/ST=Germany/L=Muc/O=test/OU=testt/CN=test/[email protected]'
Loaded ProxySpec CA: '/C=DE/ST=Germany/L=Muc/O=test/OU=testt/CN=test/[email protected]'
SSL/TLS leaf certificates taken from:
- Global generated on the fly

And the program gets stuck and stops doing anything at that point.

Moreover, if I only use the -I option, only DNS packets seem to be sent to the specific interface

Wireshark records only DNS packets.

In comparison when I use the LP i can capture all TCP, HTTP Packets.

Can you tell what is going wrong here or is it a bug?

Thanks in advance and Kind regards!

Client-side BEV_EVENT_ERROR

Hello, I have the following setup that works:

10.2.0.0 (Ubuntu Host) <-> 10.24.0.28 (SSLProxy) <-> 10.24.0.1 PfSense FW <-> 192.168.178.1 FritzBox Router/Modem
(Outside physical Server) <-> actual WAN

(10.0.0.0/8 is one network where everyone reaches one another)

but the following setup does not work and produces Client-side BEV_EVENT_ERROR with no result on the client besides an error message in the browser ("No secure connection possible"):

192.168.178.78 (Linux Mint Laptop) <-> 10.24.0.1 (PfSense FW [with NAT Rule triggering on source 192.168.178.78 and destination port 443 redirecting to SSLProxy Server]) <-> 10.24.0.28 (SSLProxy) <-> 10.24.0.1 PfSense FW <-> 192.168.178.1 FritzBox Router/Modem (Outside physical Server)
<-> actual WAN

I also did install my 'myCA.pem' public certificate on the laptop.

I know it is likely that the problem is within networking and not SSLProxy itself, but there are also errors produced running make test so I thought I make an issue here.
Also I really don't know what I cloud have made wrong at which point so any suggestion what I should change would be really appreciated.

For bug reports, please supply:

Output of sslproxy -V

SSLproxy v0.9.2-3-g3dea854 (built 2022-02-18)
Copyright (c) 2017-2021, Soner Tari <[email protected]>
https://github.com/sonertari/SSLproxy
Copyright (c) 2009-2019, Daniel Roethlisberger <[email protected]>
https://www.roe.ch/SSLsplit
Build info: V:GIT
Features: -DHAVE_NETFILTER
NAT engines: netfilter* tproxy
netfilter: IP_TRANSPARENT IP6T_SO_ORIGINAL_DST
Local process info support: no
compiled against OpenSSL 1.1.1f  31 Mar 2020 (1010106f)
rtlinked against OpenSSL 1.1.1f  31 Mar 2020 (1010106f)
OpenSSL has support for TLS extensions
TLS Server Name Indication (SNI) supported
OpenSSL is thread-safe with THREADID
OpenSSL has engine support
Using SSL_MODE_RELEASE_BUFFERS
SSL/TLS protocol availability: tls10 tls11 tls12 tls13 
SSL/TLS algorithm availability: !SHA0 RSA DSA ECDSA DH ECDH EC
OpenSSL option availability: SSL_OP_NO_COMPRESSION SSL_OP_NO_TICKET SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION SSL_OP_TLS_ROLLBACK_BUG
compiled against libevent 2.1.11-stable
rtlinked against libevent 2.1.11-stable
compiled against libnet 1.1.6
rtlinked against libnet 1.1.6
compiled against libpcap n/a
rtlinked against libpcap 1.9.1 (with TPACKET_V3)
compiled against sqlite 3.31.1
rtlinked against sqlite 3.31.1
1 CPU cores detected

Output of uname -a
Linux pHellcat2 5.4.162-1-pve #1 SMP PVE 5.4.162-2 (Thu, 20 Jan 2022 16:38:53 +0100) x86_64 x86_64 x86_64 GNU/Linux
Exact command line arguments used to run sslproxy:
sslproxy -X traffic.pcap -f ProxySpec.conf
Relevant part of debug mode (-D) output, if applicable

Connecting to [10.24.0.28]:443
Client-side BEV_EVENT_ERROR

NAT redirection rules you are using, if applicable

sysctl -w net.ipv4.ip_forward=1
iptables -t nat -F
iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-ports 8443

List of failing unit tests in make test output

root@pHellcat2:~/SSLproxy# make test
make -C src
make[1]: Entering directory '/root/SSLproxy/src'
../Mk/main.mk:231: pkg-config not found - guessing paths/flags for dependencies
------------------------------------------------------------------------------
SSLproxy v0.9.2-3-g3dea854
------------------------------------------------------------------------------
Report bugs at https://github.com/sonertari/SSLproxy/issues/new
Please supply this header for diagnostics when reporting build issues
Before reporting bugs, make sure to try the latest develop branch first:
% git clone -b develop https://github.com/sonertari/SSLproxy.git
------------------------------------------------------------------------------
Via pkg-config: 
OPENSSL_BASE:   /usr
LIBEVENT_BASE:  /usr
LIBPCAP_BASE:   /usr
LIBNET_BASE:    /usr
SQLITE_BASE:    /usr
Build options:  -DHAVE_NETFILTER
Build info:     V:GIT
uname -a:       Linux pHellcat2 5.4.162-1-pve #1 SMP PVE 5.4.162-2 (Thu, 20 Jan 2022 16:38:53 +0100) x86_64 x86_64 x86_64 GNU/Linux
------------------------------------------------------------------------------
cc -c -isystem/usr/include -isystem/usr/include -isystem/usr/include -isystem/usr/include -isystem/usr/include -D_GNU_SOURCE -D"PKGLABEL=\"SSLproxy\"" -DHAVE_NETFILTER -D"BUILD_PKGNAME=\"sslproxy\"" -D"BUILD_VERSION=\"v0.9.2-3-g3dea854\"" -D"BUILD_DATE=\"2022-02-18\"" -D"BUILD_INFO=\"V:GIT\"" -D"BUILD_FEATURES=\"-DHAVE_NETFILTER\"" -g  -std=c99 -Wall -Wextra -pedantic -D_FORTIFY_SOURCE=2 -fstack-protector-all -pthread -O2 -o build.o build.c
cc -L/usr/lib -L/usr/lib -L/usr/lib -L/usr/lib -L/usr/lib -pthread -o sslproxy cert.o cachefkcrt.o opts.o protoautossl.o sys.o cachetgcrt.o build.o pxythrmgr.o proxy.o cachemgr.o protohttp.o protopassthrough.o cache.o dynbuf.o pxyconn.o protossl.o protopop3.o cachessess.o nat.o prototcp.o url.o proc.o ssl.o log.o logbuf.o thrqueue.o logpkt.o privsep.o logger.o protosmtp.o main.o cachedsess.o filter.o util.o base64.o pxythr.o -lssl -lcrypto -lz -levent -levent_openssl -levent_pthreads -lnet -lpcap -lsqlite3
make[1]: Leaving directory '/root/SSLproxy/src'
make unittest
make[1]: Entering directory '/root/SSLproxy'
make -C src
make[2]: Entering directory '/root/SSLproxy/src'
../Mk/main.mk:231: pkg-config not found - guessing paths/flags for dependencies
------------------------------------------------------------------------------
SSLproxy v0.9.2-3-g3dea854
------------------------------------------------------------------------------
Report bugs at https://github.com/sonertari/SSLproxy/issues/new
Please supply this header for diagnostics when reporting build issues
Before reporting bugs, make sure to try the latest develop branch first:
% git clone -b develop https://github.com/sonertari/SSLproxy.git
------------------------------------------------------------------------------
Via pkg-config: 
OPENSSL_BASE:   /usr
LIBEVENT_BASE:  /usr
LIBPCAP_BASE:   /usr
LIBNET_BASE:    /usr
SQLITE_BASE:    /usr
Build options:  -DHAVE_NETFILTER
Build info:     V:GIT
uname -a:       Linux pHellcat2 5.4.162-1-pve #1 SMP PVE 5.4.162-2 (Thu, 20 Jan 2022 16:38:53 +0100) x86_64 x86_64 x86_64 GNU/Linux
------------------------------------------------------------------------------
cc -c -isystem/usr/include -isystem/usr/include -isystem/usr/include -isystem/usr/include -isystem/usr/include -D_GNU_SOURCE -D"PKGLABEL=\"SSLproxy\"" -DHAVE_NETFILTER -D"BUILD_PKGNAME=\"sslproxy\"" -D"BUILD_VERSION=\"v0.9.2-3-g3dea854\"" -D"BUILD_DATE=\"2022-02-18\"" -D"BUILD_INFO=\"V:GIT\"" -D"BUILD_FEATURES=\"-DHAVE_NETFILTER\"" -g  -std=c99 -Wall -Wextra -pedantic -D_FORTIFY_SOURCE=2 -fstack-protector-all -pthread -O2 -o build.o build.c
cc -L/usr/lib -L/usr/lib -L/usr/lib -L/usr/lib -L/usr/lib -pthread -o sslproxy cert.o cachefkcrt.o opts.o protoautossl.o sys.o cachetgcrt.o build.o pxythrmgr.o proxy.o cachemgr.o protohttp.o protopassthrough.o cache.o dynbuf.o pxyconn.o protossl.o protopop3.o cachessess.o nat.o prototcp.o url.o proc.o ssl.o log.o logbuf.o thrqueue.o logpkt.o privsep.o logger.o protosmtp.o main.o cachedsess.o filter.o util.o base64.o pxythr.o -lssl -lcrypto -lz -levent -levent_openssl -levent_pthreads -lnet -lpcap -lsqlite3
make[2]: Leaving directory '/root/SSLproxy/src'
make -C tests/check
make[2]: Entering directory '/root/SSLproxy/tests/check'
../../Mk/main.mk:231: pkg-config not found - guessing paths/flags for dependencies
------------------------------------------------------------------------------
SSLproxy v0.9.2-3-g3dea854
------------------------------------------------------------------------------
Report bugs at https://github.com/sonertari/SSLproxy/issues/new
Please supply this header for diagnostics when reporting build issues
Before reporting bugs, make sure to try the latest develop branch first:
% git clone -b develop https://github.com/sonertari/SSLproxy.git
------------------------------------------------------------------------------
Via pkg-config: 
OPENSSL_BASE:   /usr
LIBEVENT_BASE:  /usr
LIBPCAP_BASE:   /usr
LIBNET_BASE:    /usr
SQLITE_BASE:    /usr
Build options:  -DHAVE_NETFILTER
Build info:     V:GIT
uname -a:       Linux pHellcat2 5.4.162-1-pve #1 SMP PVE 5.4.162-2 (Thu, 20 Jan 2022 16:38:53 +0100) x86_64 x86_64 x86_64 GNU/Linux
------------------------------------------------------------------------------
GNUmakefile:24: *** unit test dependency 'check' not found; install it or point CHECK_BASE to base path.  Stop.
make[2]: Leaving directory '/root/SSLproxy/tests/check'
make[1]: *** [GNUmakefile:17: unittest] Error 2
make[1]: Leaving directory '/root/SSLproxy

Other relevant data such as PCAPs, logs, screenshots etc
Example PCAP contains what is logged when a server inside the network (10.24.2.0) is using curl https://www.google.com --insecure. I tried capturing the other server trying to connect but it resulted in an empty PCAP written.
traffic_example.pcap.zip

ProcySpec.conf:

ProxySpec {
    Proto autossl
    Addr 0.0.0.0       
    Port 8443        
    
    Divert no

    Passthrough yes #(Tried with and without with same result)
    
    CACert myCA.pem
    CAKey myCA.key    
    
    MinSSLProto tls10
    VerifyPeer yes
    UserAuth no
    
    
    Split from * to * log pcap
    
}

segmentation fault

on Linux test-vmpc 5.0.0-36-generic #39~18.04.1-Ubuntu SMP Tue Nov 12 11:09:50 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux

i get segmentation fault

with ./sslproxy -k ca.key -c ca.crt https 0.0.0.0 8443 up:8445

Question: Suricata and sslproxy

Hello, is it possible to make suricata-ids read the sslproxy header, to identify the source and destination correctly?

Best regards;
Primmus

Quesion: Can SSLproxy be configured to not re-encrypt the traffic?

I'm exploring if this will work for my application. Actually, I'm hoping to use two instances of SSLproxy in the following manner:

Server A is my HTTPS server with my certificate and private key
Client A is my client that will connect over SSL to my HTTPS server
Router A will route the traffic (based on Server A destination) to Proxy A
Proxy A will be a decryption-only proxy that will have a copy of Server A's certificate and private key, so it can decrypt the traffic. Then it will route the decrypted packets back to Router A with layer-3/4 transparency (source will still be client IP/port and destination will still be server IP/port. Maybe tproxy and IP_TRANSPARENT will be needed for this part?)
Router A will route the decrypted packets through a chain of programs, each which will route back to Router A with layer-3/4 transparency.
At the end of the chain of programs, Router A will route the decrypted packets through Proxy B.
Proxy B will encrypt the traffic and route back through Router A with layer-3/4 transparency and Router A will send the encrypted traffic to Server A.

The return traffic will go through all the same hops as above, but in reverse order. E.g. Proxy B will receive the encrypted traffic from Server A and will decrypt it before sending back through Router A.
(I'm using the term "route" a little loosely above, as most of it will by L2 switching.)

Can SSLProxy be used in such a scenario, where one instance is only decrypting the traffic, and one instance is only encrypting the traffic? I see from the documentation that SSLProxy can itself invoke the external programs on the decrypted traffic, but I don't think that will work in my application since "Router A" will be making the decisions of which programs to invoke, and it needs to have the decrypted traffic to do so.

Encoded URLs lead to OCSP detection fails.

OCSP request detection fails for encoded URLs. Example: https://uk.wikipedia.org/wiki/%D0%93%D0%BE%D0%BB%D0%BE%D0%B2%D0%BD%D0%B0_%D1%81%D1%82%D0%BE%D1%80%D1%96%D0%BD%D0%BA%D0%B0
Such web-pages are unreachable.

Possible fix:

diff --git a/src/base64.c b/src/base64.c
index 970b037..f8f7691 100644
--- a/src/base64.c
+++ b/src/base64.c
@@ -96,7 +96,7 @@ base64_dec(const char *in, size_t insz, size_t *outsz)
        else
                *outsz = (insz / 4) * 3;
        if (!(out = malloc((*outsz) + 1))) {
-               *outsz = 0;
+               *outsz = -1;
                return NULL;
        }
 
diff --git a/src/protohttp.c b/src/protohttp.c
index d6d0454..43adc9e 100644
--- a/src/protohttp.c
+++ b/src/protohttp.c
@@ -204,7 +204,9 @@ protohttp_ocsp_is_valid_uri(const char *uri, pxy_conn_ctx_t *ctx)
        }
        buf_asn1 = base64_dec(buf_b64, sz_b64, &sz_asn1);
        if (!buf_asn1) {
-               ctx->enomem = 1;
+           if (sz_asn1 == -1) {
+            ctx->enomem = 1;
+        }
                free(buf_b64);
                return 0;
        }

Packet Tampering

i need to tamper packets, (replace a string), tried to use netsed but there is no option to specify the return port and that's required for netsed, would you recommend any option to achieve my goal?...

i have no clue how to solve this because i read in the man, that the return port is dinamically asigned and sent in the 1st packet to the proxy listener... would you en-light me pls.

Question about transparent SSL/TLS proxying without decryption

Hello!

First, thank you for the effort and time invested in SSLproxy project.

I went through the available documentation and did some testing but I am unable to conclude if it's possible to achieve transparent SSL/TLS proxying with SSLproxy without content decryption (and without forging of SSL certificates).
I have spent some time playing with the options such as -o Divert=no and -o Passthrough=yes as I assumed that if the diverting is turned off and passing through is turned on, the traffic would be "simply" transparently forwarded to the target server running https service.

I have setup something like this using SSLproxy 0.9 on the Centos Linux 7.9 x86_64 with kernel 3.10.0-1160.42.2.el7.x86_64:

,----------,     ,----------,     ,----------,
|          |     |          |     |          |
|  Client  | --> |  Proxy   | --> |  Server  |
|          |     |          |     |          |
'----------'     '----------'     '----------'
 172.16.1.1       192.168.1.1       8.8.8.8

This is the command I used (as root) on the Proxy server:
sslproxy -D4 -c /etc/sslproxy/certs/ca.crt -k /etc/sslproxy/certs/ca.key -C /etc/pki/tls/cert.pem -o Divert=no -o Passthrough=yes -o VerifyPeer=no -P https 192.168.1.1 443

For testing purposes on the Client server I used curl and the /etc/hosts file had a line 192.168.1.1 dns.google
The curl command looked like: curl -v https://dns.google:443
The Proxy server is able to properly resolve domain names and to connect to https services on the Internet.
Note that for the purpose of explaining the issue I used different IP addresses and URL but it doesn't really matter.
I didn't use any specific iptables rules as I wanted the SSLproxy to listen on 192.168.1.1:443

Upon execution of the curl command on the Client server, the above setup would result with SSLproxy momentarily opening all remaining ~1024 file descriptors and the client would get the error stating that the connection was reset.

What am I missing?
My goal was to pass the https traffic from Client to the Server via SSLproxy and use its filtering feature without decrypting the actual content (I assume that SNI makes this possible).

Kind regards!

autossl not working

I can not send mail with thunderbird via sslproxy. it is working very well http and https. But when ı try to send mail over sslproxy, just connect to mail server and keep going same situation, and sslproxy is do nothing. I am using listening program in extra file. I did not write listening program , so not caused by listening program. Finally , ı can send mail over starttls and ssl in sslsplit. it is working fine. But it is not working in sslproxy. and ı need to read inside smtp packet before send.

One thing caught my attention, when ı close the connection, sslproxy giving info ssl disconnected to mail server ip and should be like this, but listening program giving info tcp disconnected to nothing. Now, smtp packet go to sslproxy, then listening program take from sslproxy, but can be issue that listening program can not give back the packet to sslproxy? However , lp can give back https and http packets.

Output of sslproxy -V

root@genel:/home/test# sslproxy -V
SSLproxy (built 2020-02-14)

WARNING: Something is wrong with the version compiled into sslproxy!
The version should contain a release number and/or a git commit reference.
If using a package, please report a bug to the distro package maintainer.

Copyright (c) 2017-2019, Soner Tari [email protected]
https://github.com/sonertari/SSLproxy
Copyright (c) 2009-2019, Daniel Roethlisberger [email protected]
https://www.roe.ch/SSLsplit
Build info: V:DIR N:5a5e84d
Features: -DHAVE_NETFILTER
NAT engines: netfilter* tproxy
netfilter: IP_TRANSPARENT IP6T_SO_ORIGINAL_DST
Local process info support: no
compiled against OpenSSL 1.1.1 11 Sep 2018 (1010100f)
rtlinked against OpenSSL 1.1.1 11 Sep 2018 (1010100f)
OpenSSL has support for TLS extensions
TLS Server Name Indication (SNI) supported
OpenSSL is thread-safe with THREADID
OpenSSL has engine support
Using SSL_MODE_RELEASE_BUFFERS
SSL/TLS protocol availability: tls10 tls11 tls12
SSL/TLS algorithm availability: !SHA0 RSA DSA ECDSA DH ECDH EC
OpenSSL option availability: SSL_OP_NO_COMPRESSION SSL_OP_NO_TICKET SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION SSL_OP_TLS_ROLLBACK_BUG
compiled against libevent 2.1.8-stable
rtlinked against libevent 2.1.8-stable
compiled against libnet 1.1.6
rtlinked against libnet 1.1.6
compiled against libpcap n/a
rtlinked against libpcap 1.8.1
compiled against sqlite 3.22.0
rtlinked against sqlite 3.22.0
1 CPU cores detected

Output of uname -a

Linux genel 4.15.0-76-generic #86-Ubuntu SMP Fri Jan 17 17:24:28 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux

Exact command line arguments used to run sslproxy

sslproxy -c ca.pem -k ca.key ssl 0.0.0.0 8443 up:5555 -D -P

listeninprogram side:

lp 127.0.0.1 5555 -D

Relevant part of debug mode (-D) output, if applicable

NAT redirection rules you are using, if applicable

sysctl -w net.ipv4.ip_forward=1
iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-ports 8443
iptables -t nat -A PREROUTING -p tcp --dport 587 -j REDIRECT --to-ports 8443
iptables -t nat -A PREROUTING -p tcp --dport 587 -j REDIRECT --to-ports 8443

Child pid 24502 killed by signal 11

Hey it's me again :)
I installed SSLProxy and finally got my divert rules in Pfsense in order so traffic is actually received by SSLProxy now, yea :)
But the problem is that on every connection SSLProxy just crashes

Certificate cache: MISS
Child pid 24502 killed by signal 11

I really don't know what that means and would appreciate any help!

Here is all the debug/logging:

Output of sslproxy -V

SSLproxy v0.9.2-3-g3dea854 (built 2022-03-31)
Copyright (c) 2017-2021, Soner Tari <[email protected]>
https://github.com/sonertari/SSLproxy
Copyright (c) 2009-2019, Daniel Roethlisberger <[email protected]>
https://www.roe.ch/SSLsplit
Build info: V:GIT
Features: -DHAVE_NETFILTER
NAT engines: netfilter* tproxy
netfilter: IP_TRANSPARENT IP6T_SO_ORIGINAL_DST
Local process info support: no
compiled against OpenSSL 1.1.1j  16 Feb 2021 (101010af)
rtlinked against OpenSSL 1.1.1j  16 Feb 2021 (101010af)
OpenSSL has support for TLS extensions
TLS Server Name Indication (SNI) supported
OpenSSL is thread-safe with THREADID
OpenSSL has engine support
Using SSL_MODE_RELEASE_BUFFERS
SSL/TLS protocol availability: tls10 tls11 tls12 tls13 
SSL/TLS algorithm availability: !SHA0 RSA DSA ECDSA DH ECDH EC
OpenSSL option availability: SSL_OP_NO_COMPRESSION SSL_OP_NO_TICKET SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION SSL_OP_TLS_ROLLBACK_BUG
compiled against libevent 2.1.12-stable
rtlinked against libevent 2.1.12-stable
compiled against libnet 1.1.6
rtlinked against libnet 1.1.6
compiled against libpcap n/a
rtlinked against libpcap 1.10.0 (with TPACKET_V3)
compiled against sqlite 3.34.1
rtlinked against sqlite 3.34.1
2 CPU cores detected

Output of uname -a

Linux pHellcat 5.13.19-6-pve #1 SMP PVE 5.13.19-14 (Thu, 10 Mar 2022 16:24:52 +0100) x86_64 x86_64 x86_64 GNU/Linux

Exact command line arguments used to run sslproxy:

sslproxy -f default.cnf -D -l connections.log 2> out.log

Relevant part of debug mode (-D) output, if applicable

Received privsep req type 00 sz 1 on srvsock 16
Received privsep req type 00 sz 1 on srvsock 18
Started 4 connection handling threads
Starting main event loop.
SNI peek: [itunes.apple.com] [complete], fd=27
Connecting to [23.35.236.24]:443
===> Original server certificate:
Subject DN: /businessCategory=Private Organization/jurisdictionC=US/jurisdictionST=California/serialNumber=C0806592/C=US/ST=California/L=Cupertino/O=Apple Inc./OU=management:idms.group.1208920/CN=itunes.apple.com
Common Names: itunes.apple.com/partiality.itunes.apple.com/tv.apple.com/siri-search.itunes.apple.com/desktop-store.itunes.apple.com/su.itunes.apple.com/a1.mzstatic.com/sp.itunes.apple.com/bookkeeper.itunes.apple.com/metrics.mzstatic.com/pcr.apple.com/amp-api-edge.apps.apple.com/accertify.mzstatic.com/s.mzstatic.com/is2-ssl.mzstatic.com/itunes.apple.com/music.apple.com/s3.mzstatic.com/sf-api-token-service.itunes.apple.com/store.mzstatic.com/s5.mzstatic.com/embed.itunes.apple.com/sb.music.apple.com/s2.mzstatic.com/vpp-app.itunes.apple.com/s1.mzstatic.com/radio-quickplay.itunes.apple.com/sync.itunes.apple.com/b1.mzstatic.com/api.music.apple.com/api-edge.apps.apple.com/carrierbundle.itunes.apple.com/itunesu.itunes.apple.com/api.itunes.apple.com/is4-ssl.mzstatic.com/amp-api-search-edge.apps.apple.com/upp.itunes.apple.com/finance-app.itunes.apple.com/a4.mzstatic.com/radio.itunes.apple.com/apps.mzstatic.com/vocabulary.itunes.apple.com/s4.mzstatic.com/is3-ssl.mzstatic.com/a5.mzstatic.com/uts-api-siri.itunes.apple.com/api.apps.apple.com/atve.tv.apple.com/amp-api-edge.music.apple.com/bag.itunes.apple.com/amp-api.podcasts.apple.com/itc.mzstatic.com/configuration.apple.com/books.apple.com/init.itunes.apple.com/b4.mzstatic.com/apps.apple.com/b2.mzstatic.com/tf-feedback.itunes.apple.com/b3.mzstatic.com/api.books.apple.com/se-edge.itunes.apple.com/desktop-music-legacy.itunes.apple.com/files.itunes.apple.com/dzc-metrics.mzstatic.com/radio-services.itunes.apple.com/desktop-music.itunes.apple.com/videos.apple.com/api.edu.apple.com/radio-activity.itunes.apple.com/is5-ssl.mzstatic.com/a3.mzstatic.com/sb.tv.apple.com/podcasts.apple.com/api.videos.apple.com/a2.mzstatic.com/is1-ssl.mzstatic.com/se.itunes.apple.com/search.itunes.apple.com/xp.apple.com/pd.itunes.apple.com/b5.mzstatic.com/api.podcasts.apple.com/sitemaps.itunes.apple.com/edge.itunes.apple.com/uts-preview.itunes.apple.com
Fingerprint: 0B:0F:F3:6D:CF:66:23:25:6F:914F:C2:8F:26:6A:FA:73:C4:09:47
Certificate cache: MISS
Child pid 24502 killed by signal 11

NAT redirection rules you are using, if applicable

Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination         
REDIRECT   tcp  --  anywhere             anywhere             tcp dpt:http redir ports 8080
REDIRECT   tcp  --  anywhere             anywhere             tcp dpt:https redir ports 8443

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination

List of failing unit tests in make test output

make -C src
make[1]: Entering directory '/root/SSLproxy/src'
------------------------------------------------------------------------------
SSLproxy v0.9.2-3-g3dea854
------------------------------------------------------------------------------
Report bugs at https://github.com/sonertari/SSLproxy/issues/new
Please supply this header for diagnostics when reporting build issues
Before reporting bugs, make sure to try the latest develop branch first:
% git clone -b develop https://github.com/sonertari/SSLproxy.git
------------------------------------------------------------------------------
Via pkg-config: openssl libevent libevent_openssl libevent_pthreads libpcap sqlite3 check
LIBNET_BASE:    /usr
Build options:  -DHAVE_NETFILTER
Build info:     V:GIT
uname -a:       Linux pHellcat 5.13.19-6-pve #1 SMP PVE 5.13.19-14 (Thu, 10 Mar 2022 16:24:52 +0100) x86_64 x86_64 x86_64 GNU/Linux
------------------------------------------------------------------------------
cc -c -isystem/usr/include  -D_GNU_SOURCE -D"PKGLABEL=\"SSLproxy\"" -DHAVE_NETFILTER -D"BUILD_PKGNAME=\"sslproxy\"" -D"BUILD_VERSION=\"v0.9.2-3-g3dea854\"" -D"BUILD_DATE=\"2022-04-01\"" -D"BUILD_INFO=\"V:GIT\"" -D"BUILD_FEATURES=\"-DHAVE_NETFILTER\"" -g -pthread -std=c99 -Wall -Wextra -pedantic -D_FORTIFY_SOURCE=2 -fstack-protector-all -pthread -O2 -o build.o build.c
cc -L/usr/lib  -pthread -o sslproxy base64.o build.o cache.o cachedsess.o cachefkcrt.o cachemgr.o cachessess.o cachetgcrt.o cert.o dynbuf.o filter.o log.o logbuf.o logger.o logpkt.o main.o nat.o opts.o privsep.o proc.o protoautossl.o protohttp.o protopassthrough.o protopop3.o protosmtp.o protossl.o prototcp.o proxy.o pxyconn.o pxythr.o pxythrmgr.o ssl.o sys.o thrqueue.o url.o util.o -lnet -lssl -lcrypto -levent_openssl -levent_pthreads -levent -lpcap -lsqlite3
make[1]: Leaving directory '/root/SSLproxy/src'
make unittest
make[1]: Entering directory '/root/SSLproxy'
make -C src
make[2]: Entering directory '/root/SSLproxy/src'
------------------------------------------------------------------------------
SSLproxy v0.9.2-3-g3dea854
------------------------------------------------------------------------------
Report bugs at https://github.com/sonertari/SSLproxy/issues/new
Please supply this header for diagnostics when reporting build issues
Before reporting bugs, make sure to try the latest develop branch first:
% git clone -b develop https://github.com/sonertari/SSLproxy.git
------------------------------------------------------------------------------
Via pkg-config: openssl libevent libevent_openssl libevent_pthreads libpcap sqlite3 check
LIBNET_BASE:    /usr
Build options:  -DHAVE_NETFILTER
Build info:     V:GIT
uname -a:       Linux pHellcat 5.13.19-6-pve #1 SMP PVE 5.13.19-14 (Thu, 10 Mar 2022 16:24:52 +0100) x86_64 x86_64 x86_64 GNU/Linux
------------------------------------------------------------------------------
cc -c -isystem/usr/include  -D_GNU_SOURCE -D"PKGLABEL=\"SSLproxy\"" -DHAVE_NETFILTER -D"BUILD_PKGNAME=\"sslproxy\"" -D"BUILD_VERSION=\"v0.9.2-3-g3dea854\"" -D"BUILD_DATE=\"2022-04-01\"" -D"BUILD_INFO=\"V:GIT\"" -D"BUILD_FEATURES=\"-DHAVE_NETFILTER\"" -g -pthread -std=c99 -Wall -Wextra -pedantic -D_FORTIFY_SOURCE=2 -fstack-protector-all -pthread -O2 -o build.o build.c
cc -L/usr/lib  -pthread -o sslproxy base64.o build.o cache.o cachedsess.o cachefkcrt.o cachemgr.o cachessess.o cachetgcrt.o cert.o dynbuf.o filter.o log.o logbuf.o logger.o logpkt.o main.o nat.o opts.o privsep.o proc.o protoautossl.o protohttp.o protopassthrough.o protopop3.o protosmtp.o protossl.o prototcp.o proxy.o pxyconn.o pxythr.o pxythrmgr.o ssl.o sys.o thrqueue.o url.o util.o -lnet -lssl -lcrypto -levent_openssl -levent_pthreads -levent -lpcap -lsqlite3
make[2]: Leaving directory '/root/SSLproxy/src'
make -C tests/check
make[2]: Entering directory '/root/SSLproxy/tests/check'
------------------------------------------------------------------------------
SSLproxy v0.9.2-3-g3dea854
------------------------------------------------------------------------------
Report bugs at https://github.com/sonertari/SSLproxy/issues/new
Please supply this header for diagnostics when reporting build issues
Before reporting bugs, make sure to try the latest develop branch first:
% git clone -b develop https://github.com/sonertari/SSLproxy.git
------------------------------------------------------------------------------
Via pkg-config: openssl libevent libevent_openssl libevent_pthreads libpcap sqlite3 check
LIBNET_BASE:    /usr
Build options:  -DHAVE_NETFILTER
Build info:     V:GIT
uname -a:       Linux pHellcat 5.13.19-6-pve #1 SMP PVE 5.13.19-14 (Thu, 10 Mar 2022 16:24:52 +0100) x86_64 x86_64 x86_64 GNU/Linux
------------------------------------------------------------------------------
cc -L/usr/lib  -pthread -pthread -o sslproxy.test base64.t.o cachedsess.t.o cachefkcrt.t.o cachemgr.t.o cachessess.t.o cachetgcrt.t.o cert.t.o defaults.t.o dynbuf.t.o filter.t.o filterstruct.t.o logbuf.t.o main.t.o opts.t.o proto.t.o pxythrmgr.t.o ssl.t.o sys.t.o url.t.o util.t.o ../../src/base64.o ../../src/build.o ../../src/cache.o ../../src/cachedsess.o ../../src/cachefkcrt.o ../../src/cachemgr.o ../../src/cachessess.o ../../src/cachetgcrt.o ../../src/cert.o ../../src/dynbuf.o ../../src/filter.o ../../src/log.o ../../src/logbuf.o ../../src/logger.o ../../src/logpkt.o ../../src/nat.o ../../src/opts.o ../../src/privsep.o ../../src/proc.o ../../src/protoautossl.o ../../src/protohttp.o ../../src/protopassthrough.o ../../src/protopop3.o ../../src/protosmtp.o ../../src/protossl.o ../../src/prototcp.o ../../src/proxy.o ../../src/pxyconn.o ../../src/pxythr.o ../../src/pxythrmgr.o ../../src/ssl.o ../../src/sys.o ../../src/thrqueue.o ../../src/url.o ../../src/util.o -lnet -lssl -lcrypto -levent_openssl -levent_pthreads -levent -lpcap -lsqlite3 -lcheck_pic -lrt -lm -lsubunit
make -C engine
make[3]: Entering directory '/root/SSLproxy/tests/check/engine'
make[3]: Nothing to be done for 'all'.
make[3]: Leaving directory '/root/SSLproxy/tests/check/engine'
make -C pki testreqs
make[3]: Entering directory '/root/SSLproxy/tests/check/pki'
rm -f rsa.srl
make[3]: Leaving directory '/root/SSLproxy/tests/check/pki'
./sslproxy.test
Running suite(s): 
 main
 opts
 filter
 filter_struct
 dynbuf
 logbuf
 cert
 cachemgr
 cachefkcrt
 cachetgcrt
 cachedsess
 cachessess
 ssl
 sys
 base64
 url
 util
 pxythrmgr
 defaults
 proto
100%: Checks: 212, Failures: 0, Errors: 0
make[2]: Leaving directory '/root/SSLproxy/tests/check'
make[1]: Leaving directory '/root/SSLproxy'
make e2etest
make[1]: Entering directory '/root/SSLproxy'
make -C src
make[2]: Entering directory '/root/SSLproxy/src'
------------------------------------------------------------------------------
SSLproxy v0.9.2-3-g3dea854
------------------------------------------------------------------------------
Report bugs at https://github.com/sonertari/SSLproxy/issues/new
Please supply this header for diagnostics when reporting build issues
Before reporting bugs, make sure to try the latest develop branch first:
% git clone -b develop https://github.com/sonertari/SSLproxy.git
------------------------------------------------------------------------------
Via pkg-config: openssl libevent libevent_openssl libevent_pthreads libpcap sqlite3 check
LIBNET_BASE:    /usr
Build options:  -DHAVE_NETFILTER
Build info:     V:GIT
uname -a:       Linux pHellcat 5.13.19-6-pve #1 SMP PVE 5.13.19-14 (Thu, 10 Mar 2022 16:24:52 +0100) x86_64 x86_64 x86_64 GNU/Linux
------------------------------------------------------------------------------
cc -c -isystem/usr/include  -D_GNU_SOURCE -D"PKGLABEL=\"SSLproxy\"" -DHAVE_NETFILTER -D"BUILD_PKGNAME=\"sslproxy\"" -D"BUILD_VERSION=\"v0.9.2-3-g3dea854\"" -D"BUILD_DATE=\"2022-04-01\"" -D"BUILD_INFO=\"V:GIT\"" -D"BUILD_FEATURES=\"-DHAVE_NETFILTER\"" -g -pthread -std=c99 -Wall -Wextra -pedantic -D_FORTIFY_SOURCE=2 -fstack-protector-all -pthread -O2 -o build.o build.c
cc -L/usr/lib  -pthread -o sslproxy base64.o build.o cache.o cachedsess.o cachefkcrt.o cachemgr.o cachessess.o cachetgcrt.o cert.o dynbuf.o filter.o log.o logbuf.o logger.o logpkt.o main.o nat.o opts.o privsep.o proc.o protoautossl.o protohttp.o protopassthrough.o protopop3.o protosmtp.o protossl.o prototcp.o proxy.o pxyconn.o pxythr.o pxythrmgr.o ssl.o sys.o thrqueue.o url.o util.o -lnet -lssl -lcrypto -levent_openssl -levent_pthreads -levent -lpcap -lsqlite3
make[2]: Leaving directory '/root/SSLproxy/src'
make -C tests/testproxy
make[2]: Entering directory '/root/SSLproxy/tests/testproxy'
/bin/sh: 1: /root/.cargo/bin/testproxy: not found
/bin/sh: 1: /root/.cargo/bin/testproxy: not found
GNUmakefile:6: *** Use Testproxy v0.0.4 with this version of SSLproxy, found .  Stop.
make[2]: Leaving directory '/root/SSLproxy/tests/testproxy'
make[1]: *** [GNUmakefile:20: e2etest] Error 2
make[1]: Leaving directory '/root/SSLproxy'
make: *** [GNUmakefile:14: test] Error 2

^- Don't know if this is an indication of a failed build or if some test files are missing...

My config "default.cnf":

ProxySpec {
    Proto https
    Addr 0.0.0.0       # inline
    Port 8443       # comments

    # Divert or split
    Divert no

    # Connection options
    CACert Cloud+SwiftBird+SSLProxy+CA.crt
    CAKey Cloud+SwiftBird+SSLProxy+CA.key
    UserAuth no

FilterRule {
    Action Split
    SrcIp *
    DstIp *
    Log *
    CACert Cloud+SwiftBird+SSLProxy+CA.crt
    CAKey Cloud+SwiftBird+SSLProxy+CA.key
    UserAuth no
}
}

Capturing TLS1.2 traffic with SSLproxy

Hello.
I want to analyze android application traffic between client and server. It uses tcp keep-alive connection and tls1.2.
I generated a CA private key ca.key and certificate ca.crt using OpenSSL as described in sslproxy man page.
After that i installed ca.crt in device trusted certs list.
After that i wrote simple echo-server on java, which listens for incoming connections, and returns all data received back to sender, and runned this server on 0.0.0.0:8889
I redirected all traffic from application to sslproxy, runned with following parameters: ./sslproxy ssl 137.74.74.74 8888 up:8889 -k ca.key -c ca.crt -l connect.log -D

But when client trying to connect to server through sslproxy, it fails, and i see this message in sslproxy log:

Peeking did not yield a (truncated) ClientHello message, aborting connection
Peeking did not yield a (truncated) ClientHello message, aborting connection
Peeking did not yield a (truncated) ClientHello message, aborting connection
Peeking did not yield a (truncated) ClientHello message, aborting connection
Peeking did not yield a (truncated) ClientHello message, aborting connection

Am i doing something wrong? Could i analyze my application ssl traffic with SSLproxy?

Here is SSLproxy full output with -D flag: https://pastebin.com/RsERKBLe

Child proc 18590 killed by signal 11 Error from bufferevent: 111:Connection refused 0:0:-:0:-:0

Hello, I am very new to this repo. I am a student and I want to use it for a university project, so I started trying things out.

First I wanted to know how to get the dynamic port or where to find the dynamically generated port to send the packets back to the proxy. So I used the lp program (test/testproxy). But whenever I tried to use the program with a logdir, I got the error "Child proc 22407 killed by signal 11". When I start the program without the "-S logdir" option, the program works. I don't know if this is a bug or if I am doing something wrong. Mabye the issue is more like a question

I generated .cer file and imported ca.crt to my client firefox browser

Run lp: Programm with
sudo lp -J -S logdir 127.0.0.1 1212

btw im in the directory and the logdir exist i tried it also with the option -L same result

After i run the SSLProxy with this Input and tried to Get www.ebay.com
sudo sslproxy -D -k test.key -c test.crt -l connect.log -J -S logdir -Y pcaplogdir https 192.168.0.168 8443 up:1212

The Output of the lp programm shows immediatly: Child proc 22407 killed by signal 11

As i mentioned above if i run the lp without the option logdir it works

This is the Output of the SSLProxy 👍
**sudo sslproxy -D -k test.key -c test.crt -l connect.log -J -S logdir -Y pcaplogdir https 192.168.0.168 8443 up:1212**

| Warning: -F requires a privileged operation for each connection!
| Warning: -Y requires a privileged operation for each connection!
| Privileged operations require communication between parent and child process
| and will negatively impact latency and performance on each connection.
SSLproxy v0.8.3-3-g1bb5bd2 (built 2021-07-15)
Copyright (c) 2017-2021, Soner Tari <[email protected]>
https://github.com/sonertari/SSLproxy
Copyright (c) 2009-2019, Daniel Roethlisberger <[email protected]>
https://www.roe.ch/SSLsplit
Build info: V:GIT
Features: -DHAVE_NETFILTER
NAT engines: netfilter* tproxy
netfilter: IP_TRANSPARENT IP6T_SO_ORIGINAL_DST
Local process info support: no
compiled against OpenSSL 1.1.1d  10 Sep 2019 (1010104f)
rtlinked against OpenSSL 1.1.1d  10 Sep 2019 (1010104f)
OpenSSL has support for TLS extensions
TLS Server Name Indication (SNI) supported
OpenSSL is thread-safe with THREADID
OpenSSL has engine support
Using SSL_MODE_RELEASE_BUFFERS
SSL/TLS protocol availability: tls10 tls11 tls12 tls13 
SSL/TLS algorithm availability: !SHA0 RSA DSA ECDSA DH ECDH EC
OpenSSL option availability: SSL_OP_NO_COMPRESSION SSL_OP_NO_TICKET SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION SSL_OP_TLS_ROLLBACK_BUG
compiled against libevent 2.1.8-stable
rtlinked against libevent 2.1.8-stable
compiled against libnet 1.1.6
rtlinked against libnet 1.1.6
compiled against libpcap n/a
rtlinked against libpcap 1.8.1
compiled against sqlite 3.27.2
rtlinked against sqlite 3.27.2
4 CPU cores detected
Generated 2048 bit RSA key for leaf certs.
Global SSL/TLS protocol: negotiate>=tls10<=tls13
proxyspecs:
- listen=[192.168.0.168]:8443 ssl|http netfilter
parent dst addr= [127.0.0.1]:1212
child src addr= [127.0.0.1]:0
opts=|ALL:-aNULL|TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256|no ecdhcurve|no leafcrlurl|remove_http_referer|verify_peer|no user_auth_url|300|||8192
SSL/TLS protocol: negotiate>=tls10<=tls13
Loaded CA: '/C=DE/ST=Germany/L=Regensburg/O=Uni/OU=Janet/CN=Cool/[email protected]'
Loaded ProxySpec CA: '/C=DE/ST=Germany/L=Regensburg/O=Uni/OU=Janet/CN=Cool/[email protected]'
SSL/TLS leaf certificates taken from:
- Global generated on the fly
Privsep fastpath disabled
Created self-pipe [r=4,w=5]
Created chld-pipe [r=6,w=7]
Created socketpair 0 [p=8,c=9]
Created socketpair 1 [p=10,c=11]
Created socketpair 2 [p=12,c=13]
Created socketpair 3 [p=14,c=15]
Created socketpair 4 [p=16,c=17]
Created socketpair 5 [p=18,c=19]
Privsep parent pid 30856
Privsep child pid 30869
Using libevent backend 'epoll'
Event base supports: edge yes, O(1) yes, anyfd no
Received privsep req type 03 sz 5 on srvsock 8
Dropped privs to user nobody group - chroot -
Received privsep req type 00 sz 1 on srvsock 10
Received privsep req type 00 sz 1 on srvsock 18
Inserted events:
  0x10e59e8 [fd  5] Read Persist Internal
  0x10e5b04 [fd  7] Read Persist Internal
  0x10e5f74 [fd  8] Read Persist
  0x10db868 [sig 1] Signal Persist
  0x10dba48 [sig 2] Signal Persist
  0x10c9708 [sig 3] Signal Persist
  0x10ddfa0 [sig 10] Signal Persist
  0x10dbac0 [sig 13] Signal Persist
  0x10e0040 [sig 15] Signal Persist
  0x10e7180 [fd  -1] Persist Timeout=1626435824.931029
Active events:
Initialized 8 connection handling threads
Started 8 connection handling threads
Starting main event loop.
STATS: thr=0, mld=0, mfd=0, mat=0, mct=0, iib=0, iob=0, eib=0, eob=0, swm=0, uwm=0, to=0, err=0, si=0
STATS: thr=1, mld=0, mfd=0, mat=0, mct=0, iib=0, iob=0, eib=0, eob=0, swm=0, uwm=0, to=0, err=0, si=0
STATS: thr=6, mld=0, mfd=0, mat=0, mct=0, iib=0, iob=0, eib=0, eob=0, swm=0, uwm=0, to=0, err=0, si=0
STATS: thr=4, mld=0, mfd=0, mat=0, mct=0, iib=0, iob=0, eib=0, eob=0, swm=0, uwm=0, to=0, err=0, si=0
STATS: thr=7, mld=0, mfd=0, mat=0, mct=0, iib=0, iob=0, eib=0, eob=0, swm=0, uwm=0, to=0, err=0, si=0
STATS: thr=2, mld=0, mfd=0, mat=0, mct=0, iib=0, iob=0, eib=0, eob=0, swm=0, uwm=0, to=0, err=0, si=0
STATS: thr=3, mld=0, mfd=0, mat=0, mct=0, iib=0, iob=0, eib=0, eob=0, swm=0, uwm=0, to=0, err=0, si=0
STATS: thr=5, mld=0, mfd=0, mat=0, mct=0, iib=0, iob=0, eib=0, eob=0, swm=0, uwm=0, to=0, err=0, si=0
SNI peek: [www.ebay.de] [complete], fd=45
Connecting to [84.53.189.188]:443
===> Original server certificate:
Subject DN: /C=US/ST=California/L=San Jose/O=eBay, Inc./CN=www.ebay.com
Common Names: www.ebay.com/www.ebay.com/aka-sandbox.ebay.com/cache.ebay.com/cache.vivanuncios.com.mx/careers.ebayinc.com/cdn.roma.ebay.com/cr.qa.ebaystatic.com/dsa.ebay.co.uk/dsa.ebay.com/dsa.ebay.de/ebay.com.au/ebay.us/ebaypartnernetwork.ebay.com/ecg-api.vivanuncios.com.mx/ecg-apis.vivanuncios.com.mx/feed.ebay.com.au/galleryplus.ebayimg.com/gh.ebaystatic.com/ir.ebaystatic.com/ir.sandbox.ebaystatic.com/m.ebay.at/m.ebay.ca/m.ebay.ie/m.ebay.ph/p.ebaystatic.com/pages.ebay.ca/pages.ebay.com.au/pages.ebay.in/partnernetwork.ebay.co.uk/partnernetwork.ebay.com/partnernetwork.ebay.com.au/partnernetwork.ebay.de/partnernetwork.ebay.es/partnernetwork.ebay.fr/partnernetwork.ebay.it/pics.ebaystatic.com/poc.ebay.com/protool.vivanuncios.com.mx/q.ebaystatic.com/reco.ebay.com/rest.ebay.com/rs.sandbox.ebaystatic.com/rs.xstage.ebaystatic.com/rtm.ebaystatic.com/securepics.ebaystatic.com/securertm.ebaystatic.com/sslgalleryplus.ebayimg.com/static.ebayinc.com/tech.ebayinc.com/vivanuncios.com.mx/vmp.ebay.com/www.befr.ebay.be/www.benl.ebay.be/www.cafr.ebay.ca/www.ebay.at/www.ebay.be/www.ebay.ca/www.ebay.ch/www.ebay.co.uk/www.ebay.com.au/www.ebay.com.hk/www.ebay.com.my/www.ebay.com.sg/www.ebay.de/www.ebay.es/www.ebay.fr/www.ebay.ie/www.ebay.in/www.ebay.it/www.ebay.nl/www.ebay.ph/www.ebay.pl/www.ebay.us/www.ebayinc.com/www.vivanuncios.com.mx
Fingerprint: DD:AC:89:D2:F5:70:7C:BF:A4:6C4C:3B:42:0E:F1:7E:F4:56:FB:C5
Certificate cache: MISS
===> Forged server certificate:
Subject DN: /C=US/ST=California/L=San Jose/O=eBay, Inc./CN=www.ebay.com
Common Names: www.ebay.com/www.ebay.com/aka-sandbox.ebay.com/cache.ebay.com/cache.vivanuncios.com.mx/careers.ebayinc.com/cdn.roma.ebay.com/cr.qa.ebaystatic.com/dsa.ebay.co.uk/dsa.ebay.com/dsa.ebay.de/ebay.com.au/ebay.us/ebaypartnernetwork.ebay.com/ecg-api.vivanuncios.com.mx/ecg-apis.vivanuncios.com.mx/feed.ebay.com.au/galleryplus.ebayimg.com/gh.ebaystatic.com/ir.ebaystatic.com/ir.sandbox.ebaystatic.com/m.ebay.at/m.ebay.ca/m.ebay.ie/m.ebay.ph/p.ebaystatic.com/pages.ebay.ca/pages.ebay.com.au/pages.ebay.in/partnernetwork.ebay.co.uk/partnernetwork.ebay.com/partnernetwork.ebay.com.au/partnernetwork.ebay.de/partnernetwork.ebay.es/partnernetwork.ebay.fr/partnernetwork.ebay.it/pics.ebaystatic.com/poc.ebay.com/protool.vivanuncios.com.mx/q.ebaystatic.com/reco.ebay.com/rest.ebay.com/rs.sandbox.ebaystatic.com/rs.xstage.ebaystatic.com/rtm.ebaystatic.com/securepics.ebaystatic.com/securertm.ebaystatic.com/sslgalleryplus.ebayimg.com/static.ebayinc.com/tech.ebayinc.com/vivanuncios.com.mx/vmp.ebay.com/www.befr.ebay.be/www.benl.ebay.be/www.cafr.ebay.ca/www.ebay.at/www.ebay.be/www.ebay.ca/www.ebay.ch/www.ebay.co.uk/www.ebay.com.au/www.ebay.com.hk/www.ebay.com.my/www.ebay.com.sg/www.ebay.de/www.ebay.es/www.ebay.fr/www.ebay.ie/www.ebay.in/www.ebay.it/www.ebay.nl/www.ebay.ph/www.ebay.pl/www.ebay.us/www.ebayinc.com/www.vivanuncios.com.mx
Fingerprint: 77:59:E9:85:D8:EE:22:49:0B:AED1:93:72:1E:05:20:53:41:09:89
HTTPS connected to [84.53.189.188]:443 TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256
CLIENT_RANDOM A59BF6ACD8C1D7AA67246320C0AFC5AE93F64915DF353F7BD33E3BE8F6A19B57 616513BAAB6974CCF41A1CAB36B975939ACF9159BC0BFC124C16552434C3FDCF3768D87E8B65849C8B3A776939D79223
Received privsep req type 01 sz 92 on srvsock 14
Received privsep req type 01 sz 97 on srvsock 16
Certificate cache: KEEP (SNI match or target mode)
HTTPS connected to [84.53.189.188]:443 TLSv1.3 TLS_CHACHA20_POLY1305_SHA256
CLIENT_RANDOM 39BE8F1F724A9D97BDBF67F87CC0125662AE87DB13D118F4947EEE080FFD9A9D 30B9FEC22A4614687311720882693E5783CFCAB469D5E62FE41ACA64AE4361439C7C89B4D0DDF1B3007228F1C8DDF0B3
SSL_free() in state 00000001 = 0001 = SSLOK  (SSL negotiation finished successfully) [accept socket]
HTTPS disconnected to [84.53.189.188]:443, fd=45
HTTPS disconnected from [192.168.0.238]:40098, fd=45
SSL_free() in state 00000001 = 0001 = SSLOK  (SSL negotiation finished successfully) [connect socket]
SNI peek: [www.ebay.de] [complete], fd=45
Connecting to [84.53.189.188]:443
Attempt reuse dst SSL session
Client-side BEV_EVENT_ERROR
Error from bufferevent: 111:Connection refused 0:0:-:0:-:0:-
HTTPS disconnected to [-]:-, fd=45
HTTPS disconnected from [192.168.0.238]:40100, fd=45
SSL_free() in state 00000001 = 0001 = SSLOK  (SSL negotiation finished successfully) [connect socket]
STATS: thr=1, mld=0, mfd=0, mat=0, mct=0, iib=0, iob=0, eib=0, eob=0, swm=0, uwm=0, to=0, err=0, si=1
STATS: thr=4, mld=0, mfd=0, mat=0, mct=0, iib=0, iob=0, eib=0, eob=0, swm=0, uwm=0, to=0, err=0, si=1
STATS: thr=3, mld=0, mfd=0, mat=0, mct=0, iib=0, iob=0, eib=0, eob=0, swm=0, uwm=0, to=0, err=0, si=1
STATS: thr=2, mld=0, mfd=0, mat=0, mct=0, iib=0, iob=0, eib=0, eob=0, swm=0, uwm=0, to=0, err=0, si=1
STATS: thr=5, mld=0, mfd=0, mat=0, mct=0, iib=0, iob=0, eib=0, eob=0, swm=0, uwm=0, to=0, err=0, si=1
STATS: thr=7, mld=0, mfd=0, mat=0, mct=0, iib=0, iob=0, eib=0, eob=0, swm=0, uwm=0, to=0, err=0, si=1
STATS: thr=6, mld=0, mfd=0, mat=0, mct=0, iib=0, iob=0, eib=0, eob=0, swm=0, uwm=0, to=0, err=0, si=1
STATS: thr=0, mld=1, mfd=48, mat=0, mct=0, iib=1714, iob=0, eib=0, eob=0, swm=0, uwm=0, to=0, err=1, si=1

All this leads me to another question. Where exactly is the dynamically created port located within a package. I know the documentation says it is inserted in the first packet, but looking at the logs and pcaplog, I can't find the information about the port in the first TCP packet. I only see the port information in the HTTP packets but i dont know how to find them within the TCP Packets. Please can you specify where to find the ports within the tcp packets send to the LP. So that I can program a LP that sends me the packets back the proxy for my purpose

I hope you can help me in this matter.

Best regards

make warning on Linux

Please supply the following with bug reports to allow for diagnostics:

Output of sslsplit -V
Output of uname -a
Exact command line arguments used to run sslsplit
Relevant part of debug mode (-D) output, if applicable
NAT redirection rules you are using, if applicable
List of failing unit tests in make test output
Other relevant data such as PCAPs, logs, screenshots etc

For build problems, please supply:

Output of uname -a
Linux DietPi 4.14.22-v7+ #1096 SMP Mon Feb 26 19:14:22 GMT 2018 armv7l GNU/Linux
Full output of failed make including the header
Not failed make but warnings:
Via pkg-config: openssl libevent libevent_openssl libevent_pthreads check
Build options: -DHAVE_NETFILTER
uname -a: Linux DietPi 4.14.22-v7+ #1096 SMP Mon Feb 26 19:14:22 GMT 2018 armv7l GNU/Linux

pxythrmgr.c:94:50: warning: format ‘%lld’ expects argument of type ‘long long int’, but argument 4 has type ‘long int’ [-Wformat=]
if (asprintf(&msg, "EXPIRED: thr=%d, time=%lld%s%s\n",
^
pxythrmgr.c: In function ‘pxy_thrmgr_print_thr_info’:
pxythrmgr.c:203:14: warning: comparison between signed and unsigned integer expressions [-Wsign-compare]
if (atime >= tctx->thrmgr->opts->expired_conn_check_period) {
^~
pxythrmgr.c:204:66: warning: format ‘%lld’ expects argument of type ‘long long int’, but argument 7 has type ‘time_t {aka long int}’ [-Wformat=]
if (asprintf(&smsg, "IDLE: thr=%d, id=%u, ce=%d cc=%d, at=%lld ct=%lld%s%s\n",
^
pxythrmgr.c:204:74: warning: format ‘%lld’ expects argument of type ‘long long int’, but argument 8 has type ‘time_t {aka long int}’ [-Wformat=]
if (asprintf(&smsg, "IDLE: thr=%d, id=%u, ce=%d cc=%d, at=%lld ct=%lld%s%s\n",
^
pxythrmgr.c:238:44: warning: format ‘%lu’ expects argument of type ‘long unsigned int’, but argument 4 has type ‘size_t {aka unsigned int}’ [-Wformat=]
if (asprintf(&smsg, "STATS: thr=%d, mld=%lu, mfd=%d, mat=%lld, mct=%lld, iib=%llu, iob=%llu, eib=%llu, eob=%llu, swm=%lu, uwm=%lu, to=%lu, err=%lu, si=%u\n",
^
pxythrmgr.c:238:62: warning: format ‘%lld’ expects argument of type ‘long long int’, but argument 6 has type ‘time_t {aka long int}’ [-Wformat=]
if (asprintf(&smsg, "STATS: thr=%d, mld=%lu, mfd=%d, mat=%lld, mct=%lld, iib=%llu, iob=%llu, eib=%llu, eob=%llu, swm=%lu, uwm=%lu, to=%lu, err=%lu, si=%u\n",
^
pxythrmgr.c:238:72: warning: format ‘%lld’ expects argument of type ‘long long int’, but argument 7 has type ‘time_t {aka long int}’ [-Wformat=]
if (asprintf(&smsg, "STATS: thr=%d, mld=%lu, mfd=%d, mat=%lld, mct=%lld, iib=%llu, iob=%llu, eib=%llu, eob=%llu, swm=%lu, uwm=%lu, to=%lu, err=%lu, si=%u\n",
^
pxythrmgr.c:238:121: warning: format ‘%lu’ expects argument of type ‘long unsigned int’, but argument 12 has type ‘size_t {aka unsigned int}’ [-Wformat=]
=%d, mld=%lu, mfd=%d, mat=%lld, mct=%lld, iib=%llu, iob=%llu, eib=%llu, eob=%llu, swm=%lu, uwm=%lu, to=%lu, err=%lu, si=%u\n",
^
pxythrmgr.c:238:130: warning: format ‘%lu’ expects argument of type ‘long unsigned int’, but argument 13 has type ‘size_t {aka unsigned int}’ [-Wformat=]
%lu, mfd=%d, mat=%lld, mct=%lld, iib=%llu, iob=%llu, eib=%llu, eob=%llu, swm=%lu, uwm=%lu, to=%lu, err=%lu, si=%u\n",
^
pxythrmgr.c:238:138: warning: format ‘%lu’ expects argument of type ‘long unsigned int’, but argument 14 has type ‘size_t {aka unsigned int}’ [-Wformat=]
=%d, mat=%lld, mct=%lld, iib=%llu, iob=%llu, eib=%llu, eob=%llu, swm=%lu, uwm=%lu, to=%lu, err=%lu, si=%u\n",
^
pxythrmgr.c:238:147: warning: format ‘%lu’ expects argument of type ‘long unsigned int’, but argument 15 has type ‘size_t {aka unsigned int}’ [-Wformat=]
%lld, mct=%lld, iib=%llu, iob=%llu, eib=%llu, eob=%llu, swm=%lu, uwm=%lu, to=%lu, err=%lu, si=%u\n",
^

Version and origin of OpenSSL used
1.1.0f-3+deb9u1
Version and origin of libevent used
https://github.com/libevent/libevent

I don't recall having these warnings while on Dietpi Jessie. Maybe some configuration issue? The make was successful however but I am not sure if it is stable. Thank you for your time.

Listening Program(Python) does not let sslproxy return response data

Hi soner, whenever I delete sleep line, it omits response data(payload) . I see a blank page(status code is 200 but it shows, failed ERR_CONTENT_LENGTH_MISMATCH for chrome). Why is that the case? I want to see files list inside directory(with the python server I provided below - gist url- ).
My listening program code:

import socket, traceback, time

HOST = ''
PORT = 8080
CLRF = '\r\n'

class InvalidRequest(Exception):
	pass

class Request(object):
	"A simple http request object"
	
	def __init__(self, raw_request):
		self._raw_request = raw_request
		
		self._respomse = self.parse_request()
	
	def parse_request(self):
		"Turn basic request headers in something we can use"
		temp = [i.strip() for i in self._raw_request.splitlines()]
		
		if -1 == str(temp[0]).find('HTTP'):
			raise InvalidRequest('Incorrect Protocol')
		startOfPort = temp[1].find(":",9)+1
		#portC= temp[1][startOfPort]
		endOfPort = temp[1].find(",")

		portC = temp[1][startOfPort:endOfPort] # find port from the first ip. Like SSLproxy: [127.0.0.1]:43631 [10.150.97.247]:44510,[10.150.97.248]:8443,s

		clientSocket = socket.socket(socket.AF_INET, socket.SOCK_STREAM);
		clientSocket.connect(("127.0.0.1",int(portC))); 
		clientSocket.sendall(str.encode(self._raw_request));

		time.sleep(0.4) #################  this is the line you should delete..
		dataR = clientSocket.recv(40960); # wait for 200 response.
		dataRDecoded = dataR.decode()
		if dataRDecoded.find("HTTP/1.0 200") ==0:
			clientSocket.close() 

			return dataR # return 200 to sslproxy.

		clientSocket.close()
		return 1
	
	def __repr__(self):
		return repr({'method': self._method, 'path': self._path, 'protocol': self._protocol, 'headers': self._headers})
		
		

# the actual server starts here
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.bind((HOST, PORT))
s.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
s.listen(5)

while True:
	try:
		clientsock, clientaddress = s.accept()
	except KeyboardInterrupt:
		raise
	except:
		traceback.print_exc()
	
	try:
		request = clientsock.recv(1024)
		request = Request(request.decode('utf-8'))
		clientsock.send(request._respomse)
	except(KeyboardInterrupt, SystemExit):
		raise
	except InvalidRequest:
		clientsock.send('HTTP/1.1 400 Bad Request' + CLRF)
		clientsock.send('Content-Type: text/html' + CLRF*2)
		clientsock.send('<h1>Invalid Request: %s</h1>' )
	except:
		traceback.print_exc()
	
	try:
		clientsock.close()
	except KeyboardInterrupt:
		raise
	except:
		traceback.print_exc()

My server code(0.0.0.0 instead of localhost):

https://gist.github.com/DannyHinshaw/a3ac5991d66a2fe6d97a569c6cdac534

My client code:

Just using firefox or chrome

SSLPROXY log(compiled with DDEBUG_PROXY flag and commented out
log_finest_main_va("thr=%d, load=%zu, to=%u", tctx->id, tctx->load, tctx->timeout_count);
log_finest_main_va("thr=%d, load=%lu, to=%u", tctx->id, tctx->load, tctx->timeout_count);
lines, for condense log.):

#sslproxy -D4 -f sslproxy.conf 
SSLproxy v0.9.3-dirty (built 2022-11-08)
Copyright (c) 2017-2022, Soner Tari <[email protected]>
https://github.com/sonertari/SSLproxy
Copyright (c) 2009-2019, Daniel Roethlisberger <[email protected]>
https://www.roe.ch/SSLsplit
Build info: V:GIT
Features: -DDEBUG_PROXY -DHAVE_NETFILTER
NAT engines: netfilter* tproxy
netfilter: IP_TRANSPARENT IP6T_SO_ORIGINAL_DST
Local process info support: no
compiled against OpenSSL 3.0.1 14 Dec 2021 (30000010)
rtlinked against OpenSSL 3.0.1 14 Dec 2021 (30000010)
OpenSSL has support for TLS extensions
TLS Server Name Indication (SNI) supported
OpenSSL is thread-safe with THREADID
OpenSSL has engine support
Using SSL_MODE_RELEASE_BUFFERS
SSL/TLS protocol availability: tls10 tls11 tls12 tls13 
SSL/TLS algorithm availability: !SHA0 RSA DSA ECDSA DH ECDH EC
OpenSSL option availability: SSL_OP_NO_COMPRESSION SSL_OP_NO_TICKET SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION SSL_OP_TLS_ROLLBACK_BUG
compiled against libevent 2.1.12-stable
rtlinked against libevent 2.1.12-stable
compiled against libnet 1.2
rtlinked against libnet 1.2
compiled against libpcap n/a
rtlinked against libpcap 1.10.0 (with TPACKET_V3)
compiled against sqlite 3.34.1
rtlinked against sqlite 3.34.1
12 CPU cores detected
Generated 2048 bit RSA key for leaf certs.
Global conn opts: negotiate>=tls10<=tls13|ALL:-aNULL|TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256|no ecdhcurve|no leafcrlurl|remove_http_referer|verify_peer|no user_auth_url|300|8192
proxyspecs:
- listen=[0.0.0.0]:8443 ssl|http netfilter
divert addr= [127.0.0.1]:8080
return addr= [127.0.0.1]:0
opts= conn opts: negotiate>=tls10<=tls13|ALL:-aNULL|TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256|no ecdhcurve|no leafcrlurl|remove_http_referer|no user_auth_url|300|8192
divert||
No Global CA loaded.
Loaded ProxySpec CA: '/C=TR/ST=TR/L=TR/O=TR/OU=TR/CN=TR/emailAddress=TR'
SSL/TLS leaf certificates taken from:
- Global connection drop
Privsep fastpath enabled
Created self-pipe [r=3,w=4]
Created chld-pipe [r=5,w=6]
Created socketpair 0 [p=7,c=8]
Created socketpair 1 [p=9,c=10]
Created socketpair 2 [p=11,c=12]
Created socketpair 3 [p=13,c=14]
Created socketpair 4 [p=15,c=16]
Created socketpair 5 [p=17,c=18]
Privsep parent pid 22165
Privsep child pid 22166
Using libevent backend 'epoll'
Event base supports: edge yes, O(1) yes, anyfd no
[FINEST] proxy_listener_setup: ENTER
Dropped privs to user - group - chroot -
Received privsep req type 00 sz 1 on srvsock 9
Inserted events:
Received privsep req type 00 sz 1 on srvsock 11
Received privsep req type 00 sz 1 on srvsock 13
  0x8304f8 [fd  4] Read Persist InternalReceived privsep req type 00 sz 1 on srvsock 15

Received privsep req type 00 sz 1 on srvsock 17
  0x8306d0 [fd  6] Read Persist Internal
  0x82ca58 [fd  7] Read Persist
  0x82b560 [sig 1] Signal Persist
  0x7f91a0 [sig 2] Signal Persist
  0x8189b0 [sig 3] Signal Persist
  0x8182e0 [sig 10] Signal Persist
  0x81bbd0 [sig 13] Signal Persist
  0x81c740 [sig 15] Signal Persist
  0x82bc60 [fd  -1] Persist Timeout=1667905659.390922
Active events:
Initialized 24 connection handling threads
Started 24 connection handling threads
Starting main event loop.
[FINEST] proxy_listener_acceptcb: ENTER, fd=105
[FINEST] proxy_conn_ctx_new: ENTER, fd=105
[FINEST] [0.0 fd=105 cfd=0] proxy_conn_ctx_new: Created new conn
[FINEST] [0.0 fd=105 cfd=0] pxy_thrmgr_assign_thr: ENTER
[FINEST] [0.0 fd=105 cfd=0] protossl_init_conn: ENTER
[FINEST] [0.0 fd=105 cfd=0] pxy_conn_init: ENTER
[FINEST] [0.0 fd=105 cfd=0] pxy_thr_attach: Adding conn
[FINER] [0.0 fd=105 cfd=0] check_fd_usage: descriptor_table_size=1024, dtablecount=107, reserve=10
[FINEST] [0.0 fd=105 cfd=0] pxy_conn_init: srcaddr= [10.150.97.247]:42280
[FINEST] [0.0 fd=105 cfd=0] protossl_fd_readcb: ENTER
SNI peek: [n/a] [complete], fd=105
[FINEST] [0.0 fd=105 cfd=0] pxy_conn_connect: ENTER
Connecting to [10.150.97.248]:8443
[FINEST] [0.0 fd=105 cfd=0] protossl_conn_connect: ENTER
[FINEST] [0.0 fd=105 cfd=0] protossl_bufferevent_setup: ENTER, fd=-1
[FINEST] [0.0 fd=105 cfd=0] protossl_bufferevent_setup: bufferevent_openssl_set_allow_dirty_shutdown, fd=-1
[FINEST] proxy_listener_acceptcb: ENTER, fd=107
[FINEST] proxy_conn_ctx_new: ENTER, fd=107
[FINEST] [0.1 fd=107 cfd=0] proxy_conn_ctx_new: Created new conn
[FINEST] [0.1 fd=107 cfd=0] pxy_thrmgr_assign_thr: ENTER
[FINEST] [1.1 fd=107 cfd=0] protossl_init_conn: ENTER
[FINEST] [1.1 fd=107 cfd=0] pxy_conn_init: ENTER
[FINEST] [1.1 fd=107 cfd=0] pxy_thr_attach: Adding conn
[FINER] [1.1 fd=107 cfd=0] check_fd_usage: descriptor_table_size=1024, dtablecount=109, reserve=10
[FINEST] [1.1 fd=107 cfd=0] pxy_conn_init: srcaddr= [10.150.97.247]:42292
[FINEST] [1.1 fd=107 cfd=0] protossl_fd_readcb: ENTER
SNI peek: [n/a] [complete], fd=107
[FINEST] [1.1 fd=107 cfd=0] pxy_conn_connect: ENTER
Connecting to [10.150.97.248]:8443
[FINEST] [1.1 fd=107 cfd=0] protossl_conn_connect: ENTER
[FINEST] [1.1 fd=107 cfd=0] protossl_bufferevent_setup: ENTER, fd=-1
[FINEST] [1.1 fd=107 cfd=0] protossl_bufferevent_setup: bufferevent_openssl_set_allow_dirty_shutdown, fd=-1
[FINEST] [0.0 fd=105 cfd=0] protossl_bev_eventcb_connected_srvdst: ENTER
===> Original server certificate:
Subject DN: /C=tr/ST=tr/L=tr/O=tr/OU=tr/CN=tr/emailAddress=tr
Common Names: tr
Fingerprint: 87:97:2C:90:A0:E1:F0:C7:89:959B:4A:F4:3B:11:BE:10:83:AE:EF
Certificate cache: MISS
===> Forged server certificate:
Subject DN: /C=tr/ST=tr/L=tr/O=tr/OU=tr/CN=tr/emailAddress=tr
Common Names: tr
Fingerprint: D8:75:99:25:B5:C1:A5:FD:7C:4069:93:E1:08:08:68:01:7B:05:CE
[FINEST] [0.0 fd=105 cfd=0] prototcp_bufferevent_setup: ENTER, fd=-1
[FINEST] [0.0 fd=105 cfd=0] protossl_bev_eventcb_connected_dst: ENTER
[FINEST] [0.0 fd=105 cfd=0] protossl_bufferevent_setup: ENTER, fd=105
[FINEST] [0.0 fd=105 cfd=0] protossl_bufferevent_setup: bufferevent_openssl_set_allow_dirty_shutdown, fd=105
[FINER] [0.0 fd=105 cfd=110] pxy_setup_child_listener: Finished setting up child listener, child_fd=110
[FINER] [0.0 fd=105 cfd=110] pxy_set_sslproxy_header: sslproxy_header= SSLproxy: [127.0.0.1]:35683,[10.150.97.247]:42280,[10.150.97.248]:8443,s
[FINER] [0.0 fd=105 cfd=110] protossl_enable_src: Enabling src
HTTPS connected to [10.150.97.248]:8443 TLSv1.3 TLS_AES_256_GCM_SHA384
CLIENT_RANDOM 231BE6F319039B5FFB3A138B441B96D7643664B7CABF27BF31C6A9237EAD1EA9 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
SSL session cache: MISS
[FINEST] [0.0 fd=105 cfd=110] prototcp_bev_writecb_dst: ENTER
SSL session cache: MISS
Client-side BEV_EVENT_ERROR
Error from bufferevent: 0:- 167773206:1046:sslv3 alert certificate unknown:20:SSL routines:0:-
Additional SSL error: 1:1:-:0:-:0:-
[FINE] [0.0 fd=105 cfd=110] prototcp_bev_eventcb_error_src: ENTER
[FINEST] [0.0 fd=105 cfd=110] pxy_try_close_conn_end: outbuflen == 0, terminate conn
[FINER] [0.0 fd=105 cfd=110] prototcp_bufferevent_free_and_close_fd: in=0, out=0, fd=109
[FINER] [0.0 fd=105 cfd=110] protossl_bufferevent_free_and_close_fd: in=0, out=0, fd=105
SSL_free() in state 0000002e = 002e = SSLERR (error) [accept socket]
[FINER] [0.0 fd=105 cfd=110] protossl_bufferevent_free_and_close_fd: fd=105, SSL_free() in state 0000002e = 002e = SSLERR (error) [accept socket]
[FINEST] [0.0 fd=105 cfd=110] pxy_try_disconnect: other->closed, terminate conn
HTTPS disconnected to [10.150.97.248]:8443, fd=105
HTTPS disconnected from [10.150.97.247]:42280, fd=105
[FINEST] [0.0 fd=105 cfd=110] pxy_conn_term: ENTER
[FINEST] [0.0 fd=105 cfd=110] pxy_conn_free: ENTER
[FINER] [0.0 fd=105 cfd=110] protossl_bufferevent_free_and_close_fd: in=0, out=0, fd=106
SSL_free() in state 00000001 = 0001 = SSLOK (SSL negotiation finished successfully) [connect socket]
[FINER] [0.0 fd=105 cfd=110] protossl_bufferevent_free_and_close_fd: fd=106, SSL_free() in state 00000001 = 0001 = SSLOK (SSL negotiation finished successfully) [connect socket]
[FINEST] [0.0 fd=105 cfd=110] pxy_conn_free_children: ENTER
[FINER] [0.0 fd=105 cfd=110] pxy_conn_free_children: Freeing child_evcl, children fd=-1
[FINEST] [0.0 fd=105 cfd=110] pxy_conn_ctx_free: ENTER
[FINEST] [0.0 fd=105 cfd=110] pxy_thr_detach: Removing conn
[FINEST] [0.0 fd=105 cfd=110] pxy_thr_detach: Cannot find conn in thr conns, empty
[FINEST] [1.1 fd=107 cfd=0] protossl_bev_eventcb_connected_srvdst: ENTER
===> Original server certificate:
Subject DN: /C=tr/ST=tr/L=tr/O=tr/OU=tr/CN=tr/emailAddress=tr
Common Names: tr
Fingerprint: 87:97:2C:90:A0:E1:F0:C7:89:959B:4A:F4:3B:11:BE:10:83:AE:EF
Certificate cache: HIT
===> Forged server certificate:
Subject DN: /C=tr/ST=tr/L=tr/O=tr/OU=tr/CN=tr/emailAddress=tr
Common Names: tr
Fingerprint: D8:75:99:25:B5:C1:A5:FD:7C:4069:93:E1:08:08:68:01:7B:05:CE
[FINEST] [1.1 fd=107 cfd=0] prototcp_bufferevent_setup: ENTER, fd=-1
[FINEST] [1.1 fd=107 cfd=0] protossl_bev_eventcb_connected_dst: ENTER
[FINEST] [1.1 fd=107 cfd=0] protossl_bufferevent_setup: ENTER, fd=107
[FINEST] [1.1 fd=107 cfd=0] protossl_bufferevent_setup: bufferevent_openssl_set_allow_dirty_shutdown, fd=107
[FINER] [1.1 fd=107 cfd=106] pxy_setup_child_listener: Finished setting up child listener, child_fd=106
[FINER] [1.1 fd=107 cfd=106] pxy_set_sslproxy_header: sslproxy_header= SSLproxy: [127.0.0.1]:39687,[10.150.97.247]:42292,[10.150.97.248]:8443,s
[FINER] [1.1 fd=107 cfd=106] protossl_enable_src: Enabling src
HTTPS connected to [10.150.97.248]:8443 TLSv1.3 TLS_AES_256_GCM_SHA384
CLIENT_RANDOM 41F1C893FF60F574CF6F01AFCFDCB5179058AC0C20C16ABEA059F460FF4B230F 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
SSL session cache: MISS
[FINEST] [1.1 fd=107 cfd=106] prototcp_bev_writecb_dst: ENTER
SSL session cache: MISS
Client-side BEV_EVENT_ERROR
Error from bufferevent: 0:- 167773206:1046:sslv3 alert certificate unknown:20:SSL routines:0:-
Additional SSL error: 1:1:-:0:-:0:-
[FINE] [1.1 fd=107 cfd=106] prototcp_bev_eventcb_error_src: ENTER
[FINEST] [1.1 fd=107 cfd=106] pxy_try_close_conn_end: outbuflen == 0, terminate conn
[FINER] [1.1 fd=107 cfd=106] prototcp_bufferevent_free_and_close_fd: in=0, out=0, fd=105
[FINER] [1.1 fd=107 cfd=106] protossl_bufferevent_free_and_close_fd: in=0, out=0, fd=107
SSL_free() in state 0000002e = 002e = SSLERR (error) [accept socket]
[FINER] [1.1 fd=107 cfd=106] protossl_bufferevent_free_and_close_fd: fd=107, SSL_free() in state 0000002e = 002e = SSLERR (error) [accept socket]
[FINEST] [1.1 fd=107 cfd=106] pxy_try_disconnect: other->closed, terminate conn
HTTPS disconnected to [10.150.97.248]:8443, fd=107
HTTPS disconnected from [10.150.97.247]:42292, fd=107
[FINEST] [1.1 fd=107 cfd=106] pxy_conn_term: ENTER
[FINEST] [1.1 fd=107 cfd=106] pxy_conn_free: ENTER
[FINER] [1.1 fd=107 cfd=106] protossl_bufferevent_free_and_close_fd: in=0, out=0, fd=108
SSL_free() in state 00000001 = 0001 = SSLOK (SSL negotiation finished successfully) [connect socket]
[FINER] [1.1 fd=107 cfd=106] protossl_bufferevent_free_and_close_fd: fd=108, SSL_free() in state 00000001 = 0001 = SSLOK (SSL negotiation finished successfully) [connect socket]
[FINEST] [1.1 fd=107 cfd=106] pxy_conn_free_children: ENTER
[FINER] [1.1 fd=107 cfd=106] pxy_conn_free_children: Freeing child_evcl, children fd=-1
[FINEST] [1.1 fd=107 cfd=106] pxy_conn_ctx_free: ENTER
[FINEST] [1.1 fd=107 cfd=106] pxy_thr_detach: Removing conn
[FINEST] [1.1 fd=107 cfd=106] pxy_thr_detach: Cannot find conn in thr conns, empty
[FINEST] proxy_listener_acceptcb: ENTER, fd=105
[FINEST] proxy_conn_ctx_new: ENTER, fd=105
[FINEST] [0.2 fd=105 cfd=0] proxy_conn_ctx_new: Created new conn
[FINEST] [0.2 fd=105 cfd=0] pxy_thrmgr_assign_thr: ENTER
[FINEST] [0.2 fd=105 cfd=0] protossl_init_conn: ENTER
[FINEST] [0.2 fd=105 cfd=0] pxy_conn_init: ENTER
[FINEST] [0.2 fd=105 cfd=0] pxy_thr_attach: Adding conn
[FINER] [0.2 fd=105 cfd=0] check_fd_usage: descriptor_table_size=1024, dtablecount=107, reserve=10
[FINEST] [0.2 fd=105 cfd=0] pxy_conn_init: srcaddr= [10.150.97.247]:44322
[FINEST] [0.2 fd=105 cfd=0] protossl_fd_readcb: ENTER
SNI peek: [n/a] [complete], fd=105
[FINEST] [0.2 fd=105 cfd=0] pxy_conn_connect: ENTER
Connecting to [10.150.97.248]:8443
[FINEST] [0.2 fd=105 cfd=0] protossl_conn_connect: ENTER
Attempt reuse dst SSL session
[FINEST] [0.2 fd=105 cfd=0] protossl_bufferevent_setup: ENTER, fd=-1
[FINEST] [0.2 fd=105 cfd=0] protossl_bufferevent_setup: bufferevent_openssl_set_allow_dirty_shutdown, fd=-1
[FINEST] [0.2 fd=105 cfd=0] protossl_bev_eventcb_connected_srvdst: ENTER
===> Original server certificate:
Subject DN: /C=tr/ST=tr/L=tr/O=tr/OU=tr/CN=tr/emailAddress=tr
Common Names: tr
Fingerprint: 87:97:2C:90:A0:E1:F0:C7:89:959B:4A:F4:3B:11:BE:10:83:AE:EF
Certificate cache: HIT
===> Forged server certificate:
Subject DN: /C=tr/ST=tr/L=tr/O=tr/OU=tr/CN=tr/emailAddress=tr
Common Names: tr
Fingerprint: D8:75:99:25:B5:C1:A5:FD:7C:4069:93:E1:08:08:68:01:7B:05:CE
[FINEST] [0.2 fd=105 cfd=0] prototcp_bufferevent_setup: ENTER, fd=-1
[FINEST] proxy_listener_acceptcb: ENTER, fd=108
[FINEST] proxy_conn_ctx_new: ENTER, fd=108
[FINEST] [0.3 fd=108 cfd=0] proxy_conn_ctx_new: Created new conn
[FINEST] [0.3 fd=108 cfd=0] pxy_thrmgr_assign_thr: ENTER
[FINEST] [1.3 fd=108 cfd=0] protossl_init_conn: ENTER
[FINEST] [1.3 fd=108 cfd=0] pxy_conn_init: ENTER
[FINEST] [1.3 fd=108 cfd=0] pxy_thr_attach: Adding conn
[FINEST] [0.2 fd=105 cfd=0] protossl_bev_eventcb_connected_dst: ENTER
[FINEST] [0.2 fd=105 cfd=0] protossl_bufferevent_setup: ENTER, fd=105
[FINEST] [0.2 fd=105 cfd=0] protossl_bufferevent_setup: bufferevent_openssl_set_allow_dirty_shutdown, fd=105
[FINER] [0.2 fd=105 cfd=110] pxy_setup_child_listener: Finished setting up child listener, child_fd=110
[FINER] [0.2 fd=105 cfd=110] pxy_set_sslproxy_header: sslproxy_header= SSLproxy: [127.0.0.1]:40005,[10.150.97.247]:44322,[10.150.97.248]:8443,s
[FINER] [0.2 fd=105 cfd=110] protossl_enable_src: Enabling src
HTTPS connected to [10.150.97.248]:8443 TLSv1.3 TLS_AES_256_GCM_SHA384
CLIENT_RANDOM 84A93809A51633BC36143BE8ED0FF6BBA27A00E561DCBA3E64D9B541C5D1410C 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
[FINER] [1.3 fd=108 cfd=0] check_fd_usage: descriptor_table_size=1024, dtablecount=111, reserve=10
[FINEST] [1.3 fd=108 cfd=0] pxy_conn_init: srcaddr= [10.150.97.247]:44332
[FINEST] [1.3 fd=108 cfd=0] protossl_fd_readcb: ENTER
SNI peek: [n/a] [complete], fd=108
[FINEST] [1.3 fd=108 cfd=0] pxy_conn_connect: ENTER
Connecting to [10.150.97.248]:8443
[FINEST] [1.3 fd=108 cfd=0] protossl_conn_connect: ENTER
[FINEST] [0.2 fd=105 cfd=110] prototcp_bev_writecb_dst: ENTER
Attempt reuse dst SSL session
[FINEST] [1.3 fd=108 cfd=0] protossl_bufferevent_setup: ENTER, fd=-1
[FINEST] [1.3 fd=108 cfd=0] protossl_bufferevent_setup: bufferevent_openssl_set_allow_dirty_shutdown, fd=-1
Client-side BEV_EVENT_ERROR
Error from bufferevent: 0:- 167773206:1046:sslv3 alert certificate unknown:20:SSL routines:0:-
Additional SSL error: 1:1:-:0:-:0:-
[FINE] [0.2 fd=105 cfd=110] prototcp_bev_eventcb_error_src: ENTER
[FINEST] [0.2 fd=105 cfd=110] pxy_try_close_conn_end: outbuflen == 0, terminate conn
[FINER] [0.2 fd=105 cfd=110] prototcp_bufferevent_free_and_close_fd: in=0, out=0, fd=107
[FINER] [0.2 fd=105 cfd=110] protossl_bufferevent_free_and_close_fd: in=0, out=0, fd=105
SSL_free() in state 0000002e = 002e = SSLERR (error) [accept socket]
[FINER] [0.2 fd=105 cfd=110] protossl_bufferevent_free_and_close_fd: fd=105, SSL_free() in state 0000002e = 002e = SSLERR (error) [accept socket]
[FINEST] [0.2 fd=105 cfd=110] pxy_try_disconnect: other->closed, terminate conn
HTTPS disconnected to [10.150.97.248]:8443, fd=105
HTTPS disconnected from [10.150.97.247]:44322, fd=105
[FINEST] [0.2 fd=105 cfd=110] pxy_conn_term: ENTER
[FINEST] [0.2 fd=105 cfd=110] pxy_conn_free: ENTER
[FINER] [0.2 fd=105 cfd=110] protossl_bufferevent_free_and_close_fd: in=0, out=0, fd=106
SSL_free() in state 00000001 = 0001 = SSLOK (SSL negotiation finished successfully) [connect socket]
[FINER] [0.2 fd=105 cfd=110] protossl_bufferevent_free_and_close_fd: fd=106, SSL_free() in state 00000001 = 0001 = SSLOK (SSL negotiation finished successfully) [connect socket]
[FINEST] [0.2 fd=105 cfd=110] pxy_conn_free_children: ENTER
[FINER] [0.2 fd=105 cfd=110] pxy_conn_free_children: Freeing child_evcl, children fd=-1
[FINEST] [0.2 fd=105 cfd=110] pxy_conn_ctx_free: ENTER
[FINEST] [0.2 fd=105 cfd=110] pxy_thr_detach: Removing conn
[FINEST] [0.2 fd=105 cfd=110] pxy_thr_detach: Cannot find conn in thr conns, empty
[FINEST] [1.3 fd=108 cfd=0] protossl_bev_eventcb_connected_srvdst: ENTER
===> Original server certificate:
Subject DN: /C=tr/ST=tr/L=tr/O=tr/OU=tr/CN=tr/emailAddress=tr
Common Names: tr
Fingerprint: 87:97:2C:90:A0:E1:F0:C7:89:959B:4A:F4:3B:11:BE:10:83:AE:EF
Certificate cache: HIT
===> Forged server certificate:
Subject DN: /C=tr/ST=tr/L=tr/O=tr/OU=tr/CN=tr/emailAddress=tr
Common Names: tr
Fingerprint: D8:75:99:25:B5:C1:A5:FD:7C:4069:93:E1:08:08:68:01:7B:05:CE
[FINEST] [1.3 fd=108 cfd=0] prototcp_bufferevent_setup: ENTER, fd=-1
[FINEST] [1.3 fd=108 cfd=0] protossl_bev_eventcb_connected_dst: ENTER
[FINEST] [1.3 fd=108 cfd=0] protossl_bufferevent_setup: ENTER, fd=108
[FINEST] [1.3 fd=108 cfd=0] protossl_bufferevent_setup: bufferevent_openssl_set_allow_dirty_shutdown, fd=108
[FINER] [1.3 fd=108 cfd=106] pxy_setup_child_listener: Finished setting up child listener, child_fd=106
[FINER] [1.3 fd=108 cfd=106] pxy_set_sslproxy_header: sslproxy_header= SSLproxy: [127.0.0.1]:39259,[10.150.97.247]:44332,[10.150.97.248]:8443,s
[FINER] [1.3 fd=108 cfd=106] protossl_enable_src: Enabling src
HTTPS connected to [10.150.97.248]:8443 TLSv1.3 TLS_AES_256_GCM_SHA384
CLIENT_RANDOM C4989E17FB09450B0E00A8D1EFE00977B50FEB12545719FA4D304A6FF4D3DC8F 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
[FINEST] [1.3 fd=108 cfd=106] prototcp_bev_writecb_dst: ENTER
Client-side BEV_EVENT_ERROR
Error from bufferevent: 0:- 167773206:1046:sslv3 alert certificate unknown:20:SSL routines:0:-
Additional SSL error: 1:1:-:0:-:0:-
[FINE] [1.3 fd=108 cfd=106] prototcp_bev_eventcb_error_src: ENTER
[FINEST] [1.3 fd=108 cfd=106] pxy_try_close_conn_end: outbuflen == 0, terminate conn
[FINER] [1.3 fd=108 cfd=106] prototcp_bufferevent_free_and_close_fd: in=0, out=0, fd=105
[FINER] [1.3 fd=108 cfd=106] protossl_bufferevent_free_and_close_fd: in=0, out=0, fd=108
SSL_free() in state 0000002e = 002e = SSLERR (error) [accept socket]
[FINER] [1.3 fd=108 cfd=106] protossl_bufferevent_free_and_close_fd: fd=108, SSL_free() in state 0000002e = 002e = SSLERR (error) [accept socket]
[FINEST] [1.3 fd=108 cfd=106] pxy_try_disconnect: other->closed, terminate conn
HTTPS disconnected to [10.150.97.248]:8443, fd=108
HTTPS disconnected from [10.150.97.247]:44332, fd=108
[FINEST] [1.3 fd=108 cfd=106] pxy_conn_term: ENTER
[FINEST] [1.3 fd=108 cfd=106] pxy_conn_free: ENTER
[FINER] [1.3 fd=108 cfd=106] protossl_bufferevent_free_and_close_fd: in=0, out=0, fd=109
SSL_free() in state 00000001 = 0001 = SSLOK (SSL negotiation finished successfully) [connect socket]
[FINER] [1.3 fd=108 cfd=106] protossl_bufferevent_free_and_close_fd: fd=109, SSL_free() in state 00000001 = 0001 = SSLOK (SSL negotiation finished successfully) [connect socket]
[FINEST] [1.3 fd=108 cfd=106] pxy_conn_free_children: ENTER
[FINER] [1.3 fd=108 cfd=106] pxy_conn_free_children: Freeing child_evcl, children fd=-1
[FINEST] [1.3 fd=108 cfd=106] pxy_conn_ctx_free: ENTER
[FINEST] [1.3 fd=108 cfd=106] pxy_thr_detach: Removing conn
[FINEST] [1.3 fd=108 cfd=106] pxy_thr_detach: Cannot find conn in thr conns, empty
[FINEST] proxy_listener_acceptcb: ENTER, fd=105
[FINEST] proxy_conn_ctx_new: ENTER, fd=105
[FINEST] [0.4 fd=105 cfd=0] proxy_conn_ctx_new: Created new conn
[FINEST] [0.4 fd=105 cfd=0] pxy_thrmgr_assign_thr: ENTER
[FINEST] [0.4 fd=105 cfd=0] protossl_init_conn: ENTER
[FINEST] [0.4 fd=105 cfd=0] pxy_conn_init: ENTER
[FINEST] [0.4 fd=105 cfd=0] pxy_thr_attach: Adding conn
[FINER] [0.4 fd=105 cfd=0] check_fd_usage: descriptor_table_size=1024, dtablecount=107, reserve=10
[FINEST] [0.4 fd=105 cfd=0] pxy_conn_init: srcaddr= [10.150.97.247]:44342
[FINEST] [0.4 fd=105 cfd=0] protossl_fd_readcb: ENTER
SNI peek: [n/a] [complete], fd=105
[FINEST] [0.4 fd=105 cfd=0] pxy_conn_connect: ENTER
Connecting to [10.150.97.248]:8443
[FINEST] [0.4 fd=105 cfd=0] protossl_conn_connect: ENTER
Attempt reuse dst SSL session
[FINEST] [0.4 fd=105 cfd=0] protossl_bufferevent_setup: ENTER, fd=-1
[FINEST] [0.4 fd=105 cfd=0] protossl_bufferevent_setup: bufferevent_openssl_set_allow_dirty_shutdown, fd=-1
[FINEST] [0.4 fd=105 cfd=0] protossl_bev_eventcb_connected_srvdst: ENTER
===> Original server certificate:
Subject DN: /C=tr/ST=tr/L=tr/O=tr/OU=tr/CN=tr/emailAddress=tr
Common Names: tr
Fingerprint: 87:97:2C:90:A0:E1:F0:C7:89:959B:4A:F4:3B:11:BE:10:83:AE:EF
Certificate cache: HIT
===> Forged server certificate:
Subject DN: /C=tr/ST=tr/L=tr/O=tr/OU=tr/CN=tr/emailAddress=tr
Common Names: tr
Fingerprint: D8:75:99:25:B5:C1:A5:FD:7C:4069:93:E1:08:08:68:01:7B:05:CE
[FINEST] [0.4 fd=105 cfd=0] prototcp_bufferevent_setup: ENTER, fd=-1
[FINEST] [0.4 fd=105 cfd=0] protossl_bev_eventcb_connected_dst: ENTER
[FINEST] [0.4 fd=105 cfd=0] protossl_bufferevent_setup: ENTER, fd=105
[FINEST] [0.4 fd=105 cfd=0] protossl_bufferevent_setup: bufferevent_openssl_set_allow_dirty_shutdown, fd=105
[FINER] [0.4 fd=105 cfd=108] pxy_setup_child_listener: Finished setting up child listener, child_fd=108
[FINER] [0.4 fd=105 cfd=108] pxy_set_sslproxy_header: sslproxy_header= SSLproxy: [127.0.0.1]:43297,[10.150.97.247]:44342,[10.150.97.248]:8443,s
[FINER] [0.4 fd=105 cfd=108] protossl_enable_src: Enabling src
HTTPS connected to [10.150.97.248]:8443 TLSv1.3 TLS_AES_256_GCM_SHA384
CLIENT_RANDOM 1454AAAE304C3BDB3CC3DD474CB6A9B6506E589C88D11545875AFEF3D8E30E6E 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
[FINEST] [0.4 fd=105 cfd=108] prototcp_bev_writecb_dst: ENTER
[FINEST] [0.4 fd=105 cfd=108] prototcp_bev_eventcb_connected_src: ENTER
HTTPS connected to [10.150.97.248]:8443 TLSv1.3 TLS_AES_128_GCM_SHA256
CLIENT_RANDOM 38837D5966E7F331D3899FA28CF75FB91E9A921875A71628543842093E4DF017 FEBB2550B28AE9D1CFE44EA158C58EDECE30AF78E663346AB9294A54B4F2140700000000000000000000000000000000
[FINEST] [0.4 fd=105 cfd=108] protohttp_bev_readcb_src: ENTER, size=651
[FINEST] [0.4 fd=105 cfd=108] protohttp_bev_readcb_src: HTTP Request Header, size=651
[FINEST] [0.4 fd=105 cfd=108] protohttp_filter_request_header: GET / HTTP/1.1
[FINER] [0.4 fd=105 cfd=108] protohttp_filter_request_header: INSERT= SSLproxy: [127.0.0.1]:43297,[10.150.97.247]:44342,[10.150.97.248]:8443,s
[FINEST] [0.4 fd=105 cfd=108] protohttp_filter_request_header: Host: 10.150.97.248:8443
[FINEST] [0.4 fd=105 cfd=108] protohttp_filter_request_header: Connection: keep-alive
[FINER] [0.4 fd=105 cfd=108] protohttp_filter_request_header: REPLACE= Connection: close
[FINEST] [0.4 fd=105 cfd=108] protohttp_filter_request_header: Cache-Control: max-age=0
[FINEST] [0.4 fd=105 cfd=108] protohttp_filter_request_header: sec-ch-ua: "Chromium";v="107", "Not=A?Brand";v="24"
[FINEST] [0.4 fd=105 cfd=108] protohttp_filter_request_header: sec-ch-ua-mobile: ?0
[FINEST] [0.4 fd=105 cfd=108] protohttp_filter_request_header: sec-ch-ua-platform: "Linux"
[FINEST] [0.4 fd=105 cfd=108] protohttp_filter_request_header: Upgrade-Insecure-Requests: 1
[FINEST] [0.4 fd=105 cfd=108] protohttp_filter_request_header: User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36
[FINEST] [0.4 fd=105 cfd=108] protohttp_filter_request_header: Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
[FINEST] [0.4 fd=105 cfd=108] protohttp_filter_request_header: Sec-Fetch-Site: none
[FINEST] [0.4 fd=105 cfd=108] protohttp_filter_request_header: Sec-Fetch-Mode: navigate
[FINEST] [0.4 fd=105 cfd=108] protohttp_filter_request_header: Sec-Fetch-User: ?1
[FINEST] [0.4 fd=105 cfd=108] protohttp_filter_request_header: Sec-Fetch-Dest: document
[FINEST] [0.4 fd=105 cfd=108] protohttp_filter_request_header: Accept-Encoding: gzip, deflate, br
[FINEST] [0.4 fd=105 cfd=108] protohttp_filter_request_header: Accept-Language: en-US,en;q=0.9
[FINEST] [0.4 fd=105 cfd=108] protohttp_filter_request_header: 
[FINEST] [0.4 fd=105 cfd=108] prototcp_bev_writecb_dst: ENTER
[FINEST] [0.4 fd=105 cfd=108] pxy_listener_acceptcb_child: ENTER, fd=109, ctx->child_fd=108
[FINEST] [0.4 fd=105 cfd=108] pxy_listener_acceptcb_child: peer addr=[127.0.0.1]:34762, fd=109
[FINER] [0.4 fd=105 cfd=108] check_fd_usage: descriptor_table_size=1024, dtablecount=111, reserve=10
[FINEST] [0.4 fd=105 cfd=108] pxy_conn_ctx_new_child: ENTER, fd=109
[FINEST] [0.4 fd=105 cfd=108] pxy_conn_attach_child: Adding child conn
[FINEST] [0.4 fd=105 cfd=108] prototcp_bufferevent_setup_child: ENTER, fd=109
[FINEST] [0.4 fd=105 cfd=108] protossl_connect_child: ENTER
[FINEST] [0.4 fd=105 cfd=108] prototcp_disable_srvdst: ENTER
[FINEST] [0.4 fd=105 cfd=108] prototcp_bev_eventcb_connected_dst_child: ENTER
Child connecting to [10.150.97.248]:8443
[FINEST] [0.4 fd=105 cfd=108] protohttp_bev_readcb_src_child: ENTER, size=720
[FINEST] [0.4 fd=105 cfd=108] protohttp_bev_readcb_src_child: HTTP Request Header, size=720
[FINEST] [0.4 fd=105 cfd=108] protohttp_filter_request_header: GET / HTTP/1.1
[FINEST] [0.4 fd=105 cfd=108] protohttp_filter_request_header: SSLproxy: [127.0.0.1]:43297,[10.150.97.247]:44342,[10.150.97.248]:8443,s
[FINER] [0.4 fd=105 cfd=108] protohttp_filter_request_header: REMOVE= SSLproxy: [127.0.0.1]:43297,[10.150.97.247]:44342,[10.150.97.248]:8443,s
[FINEST] [0.4 fd=105 cfd=108] protohttp_filter_request_header: Host: 10.150.97.248:8443
[FINEST] [0.4 fd=105 cfd=108] protohttp_filter_request_header: Connection: close
[FINER] [0.4 fd=105 cfd=108] protohttp_filter_request_header: REPLACE= Connection: close
[FINEST] [0.4 fd=105 cfd=108] protohttp_filter_request_header: Cache-Control: max-age=0
[FINEST] [0.4 fd=105 cfd=108] protohttp_filter_request_header: sec-ch-ua: "Chromium";v="107", "Not=A?Brand";v="24"
[FINEST] [0.4 fd=105 cfd=108] protohttp_filter_request_header: sec-ch-ua-mobile: ?0
[FINEST] [0.4 fd=105 cfd=108] protohttp_filter_request_header: sec-ch-ua-platform: "Linux"
[FINEST] [0.4 fd=105 cfd=108] protohttp_filter_request_header: Upgrade-Insecure-Requests: 1
[FINEST] [0.4 fd=105 cfd=108] protohttp_filter_request_header: User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36
[FINEST] [0.4 fd=105 cfd=108] protohttp_filter_request_header: Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
[FINEST] [0.4 fd=105 cfd=108] protohttp_filter_request_header: Sec-Fetch-Site: none
[FINEST] [0.4 fd=105 cfd=108] protohttp_filter_request_header: Sec-Fetch-Mode: navigate
[FINEST] [0.4 fd=105 cfd=108] protohttp_filter_request_header: Sec-Fetch-User: ?1
[FINEST] [0.4 fd=105 cfd=108] protohttp_filter_request_header: Sec-Fetch-Dest: document
[FINEST] [0.4 fd=105 cfd=108] protohttp_filter_request_header: Accept-Encoding: gzip, deflate, br
[FINEST] [0.4 fd=105 cfd=108] protohttp_filter_request_header: Accept-Language: en-US,en;q=0.9
[FINEST] [0.4 fd=105 cfd=108] protohttp_filter_request_header: 
[FINEST] [0.4 fd=105 cfd=108] prototcp_bev_writecb_src_child: ENTER
[FINEST] [0.4 fd=105 cfd=108] prototcp_bev_writecb_dst_child: ENTER
[FINEST] [0.4 fd=105 cfd=108] protohttp_bev_readcb_dst_child: ENTER, size=155
[FINEST] [0.4 fd=105 cfd=108] protohttp_bev_readcb_dst_child: HTTP Response Header, size=155
[FINEST] [0.4 fd=105 cfd=108] protohttp_filter_response_header: HTTP/1.0 200 OK
[FINEST] [0.4 fd=105 cfd=108] protohttp_filter_response_header: Server: SimpleHTTP/0.6 Python/3.10.6
[FINEST] [0.4 fd=105 cfd=108] protohttp_filter_response_header: Date: Tue, 08 Nov 2022 10:06:38 GMT
[FINEST] [0.4 fd=105 cfd=108] protohttp_filter_response_header: Content-type: text/html; charset=utf-8
[FINEST] [0.4 fd=105 cfd=108] protohttp_filter_response_header: Content-Length: 605
[FINEST] [0.4 fd=105 cfd=108] protohttp_filter_response_header: 
[FINEST] [0.4 fd=105 cfd=108] prototcp_bev_writecb_src_child: ENTER
[FINEST] [0.4 fd=105 cfd=108] prototcp_bev_eventcb_eof_src_child: ENTER
evbuffer size at EOF: i:0 o:0 i:0 o:0
[FINEST] [0.4 fd=105 cfd=108] prototcp_bev_eventcb_eof_src_child: !dst.closed, terminate conn
[FINEST] [0.4 fd=105 cfd=108] pxy_try_close_conn_end: outbuflen == 0, terminate conn
[FINER] [0.4 fd=105 cfd=108] protossl_bufferevent_free_and_close_fd: in=0, out=0, fd=106
SSL_free() in state 00000001 = 0001 = SSLOK (SSL negotiation finished successfully) [connect socket]
[FINER] [0.4 fd=105 cfd=108] protossl_bufferevent_free_and_close_fd: fd=106, SSL_free() in state 00000001 = 0001 = SSLOK (SSL negotiation finished successfully) [connect socket]
[FINER] [0.4 fd=105 cfd=108] prototcp_bufferevent_free_and_close_fd: in=0, out=0, fd=109
[FINEST] [0.4 fd=105 cfd=108] pxy_try_disconnect_child: other->closed, terminate conn
Child HTTPS disconnected to [10.150.97.248]:8443, child fd=109, fd=105
Child HTTPS disconnected from [10.150.97.247]:44342, child fd=109, fd=105
[FINEST] [0.4 fd=105 cfd=108] pxy_conn_term_child: ENTER
[FINEST] [0.4 fd=105 cfd=108] pxy_conn_free_child: ENTER
[FINEST] [0.4 fd=105 cfd=108] pxy_conn_detach_child: Removing child conn
[FINEST] [0.4 fd=105 cfd=108] pxy_conn_detach_child: Cannot find child in conn children, empty
[FINEST] [0.4 fd=105 cfd=108] pxy_conn_ctx_free_child: ENTER
[FINEST] [0.4 fd=105 cfd=108] pxy_conn_free_children: ENTER
[FINER] [0.4 fd=105 cfd=108] pxy_conn_free_children: Freeing child_evcl, children fd=-1
[FINEST] [0.4 fd=105 cfd=108] protohttp_bev_readcb_dst: ENTER, size=155
[FINEST] [0.4 fd=105 cfd=108] protohttp_bev_readcb_dst: HTTP Response Header, size=155
[FINEST] [0.4 fd=105 cfd=108] protohttp_filter_response_header: HTTP/1.0 200 OK
[FINEST] [0.4 fd=105 cfd=108] protohttp_filter_response_header: Server: SimpleHTTP/0.6 Python/3.10.6
[FINEST] [0.4 fd=105 cfd=108] protohttp_filter_response_header: Date: Tue, 08 Nov 2022 10:06:38 GMT
[FINEST] [0.4 fd=105 cfd=108] protohttp_filter_response_header: Content-type: text/html; charset=utf-8
[FINEST] [0.4 fd=105 cfd=108] protohttp_filter_response_header: Content-Length: 605
[FINEST] [0.4 fd=105 cfd=108] protohttp_filter_response_header: 
CONN: https 10.150.97.247 44342 10.150.97.248 8443 10.150.97.248:8443 GET / 200 605 sni:- names:tr sproto:TLSv1.3:TLS_AES_128_GCM_SHA256 dproto:TLSv1.3:TLS_AES_256_GCM_SHA384 origcrt:87972C90A0E1F0C789959B4AF43B11BE1083AEEF usedcrt:D8759925B5C1A5FD7C406993E1080868017B05CE user:-
[FINEST] [0.4 fd=105 cfd=108] prototcp_bev_eventcb_eof_dst: ENTER
evbuffer size at EOF: i:0 o:0 i:0 o:0
[FINEST] [0.4 fd=105 cfd=108] prototcp_bev_eventcb_eof_dst: !src.closed, terminate conn
[FINEST] [0.4 fd=105 cfd=108] pxy_try_close_conn_end: outbuflen == 0, terminate conn
[FINER] [0.4 fd=105 cfd=108] protossl_bufferevent_free_and_close_fd: in=0, out=0, fd=105
SSL_free() in state 00000001 = 0001 = SSLOK (SSL negotiation finished successfully) [accept socket]
[FINER] [0.4 fd=105 cfd=108] protossl_bufferevent_free_and_close_fd: fd=105, SSL_free() in state 00000001 = 0001 = SSLOK (SSL negotiation finished successfully) [accept socket]
[FINER] [0.4 fd=105 cfd=108] prototcp_bufferevent_free_and_close_fd: in=0, out=0, fd=107
[FINEST] [0.4 fd=105 cfd=108] pxy_try_disconnect: other->closed, terminate conn
HTTPS disconnected to [10.150.97.248]:8443, fd=105
HTTPS disconnected from [10.150.97.247]:44342, fd=105
[FINEST] [0.4 fd=105 cfd=108] pxy_conn_term: ENTER
[FINEST] [0.4 fd=105 cfd=108] pxy_conn_free: ENTER
[FINEST] [0.4 fd=105 cfd=108] pxy_conn_free_children: ENTER
[FINEST] [0.4 fd=105 cfd=108] pxy_conn_ctx_free: ENTER
[FINEST] [0.4 fd=105 cfd=108] pxy_thr_detach: Removing conn
[FINEST] [0.4 fd=105 cfd=108] pxy_thr_detach: Cannot find conn in thr conns, empty

SSLPROXY.conf

ProxySpec {
    Proto https
    Addr 0.0.0.0       # inline
    Port 8443       # comments
    DivertPort 8080 # allowed
    CACert ca.crt
#    Divert no
#    Passthrough yes
#    TargetAddr 127.0.0.1
#    TargetPort 5555
    CAKey ca.key
    VerifyPeer no
}

Sysctl:

sysctl net.ipv4.conf.all.forwarding=1
sysctl net.ipv4.conf.enp0s25.forwarding=1
#sysctl net.ipv4.conf.lo.forwarding = 0
sysctl net.ipv4.ip_forward=1

route

added route for client to pass on mitm device,
added route for server to pass on mitm device.

Chrome and firefox ss will be provided in comment.

configuration example for squid transparent

Hello, first of all I would like to thank you for this wonderful collaboration.

Could you give me an example of configuration for using sslproxy in conjunction with squid to manage the logs diamanically and transparently for https addresses?

Thank you very much in advance

Marcos Claudiano

Is this a fork and rebrand of SSLSplit?

Just curious.

Environment: sslproxy deployed on a web server I can access the web normally using an HTTP proxy, but not using HTTPS. Can you take a look at the traffic logs I intercepted? Is there a redirection issue? thank you

[root@iZuf62gz7wcz2kez5kk495Z ~]# sslproxy -k /root/ssl/httpd.key -c /root/ssl/httpd.crt https 0.0.0.0 10443 up:443 -X q.pcap -D4

SSLproxy v0.9.4 (built 2023-04-20)

https://github.com/sonertari/SSLproxy

https://www.roe.ch/SSLsplit

Build info: V:GIT

Features: -DHAVE_NETFILTER

NAT engines: netfilter* tproxy

netfilter: IP_TRANSPARENT IP6T_SO_ORIGINAL_DST

Local process info support: no

compiled against OpenSSL 1.0.2k 26 Jan 2017 (100020bf)

rtlinked against OpenSSL 1.0.2k-fips 26 Jan 2017 (100020bf)

OpenSSL has support for TLS extensions

TLS Server Name Indication (SNI) supported

OpenSSL is thread-safe with THREADID

OpenSSL has engine support

Using SSL_MODE_RELEASE_BUFFERS

SSL/TLS protocol availability: ssl3 tls10 tls11 tls12

SSL/TLS algorithm availability: SHA0 RSA DSA ECDSA DH ECDH EC

OpenSSL option availability: SSL_OP_NO_COMPRESSION SSL_OP_NO_TICKET SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION SSL_OP_TLS_ROLLBACK_BUG

compiled against libevent 2.1.12-stable

rtlinked against libevent 2.1.12-stable

compiled against libnet 1.1.6

rtlinked against libnet 1.1.6

compiled against libpcap n/a

rtlinked against libpcap 1.5.3

compiled against sqlite 3.7.5

rtlinked against sqlite 3.7.5

4 CPU cores detected

Generated 2048 bit RSA key for leaf certs.

proxyspecs:

listen=[0.0.0.0]:10443 ssl|http netfilter

divert addr= [127.0.0.1]:443

return addr= [127.0.0.1]:0

divert||

Loaded Global CA: '/C=cn/ST=cn/O=cn/OU=cn/CN=cn'

Loaded ProxySpec CA: '/C=cn/ST=cn/O=cn/OU=cn/CN=cn'

SSL/TLS leaf certificates taken from:

Global generated on the fly

Privsep fastpath disabled

Created self-pipe [r=4,w=5]

Created chld-pipe [r=6,w=7]

Created socketpair 0 [p=8,c=9]

Created socketpair 1 [p=10,c=11]

Created socketpair 2 [p=12,c=13]

Created socketpair 3 [p=14,c=15]

Created socketpair 4 [p=16,c=17]

Created socketpair 5 [p=18,c=19]

Privsep parent pid 2578

Privsep child pid 2579

Using libevent backend 'epoll'

Event base supports: edge yes, O(1) yes, anyfd no

Received privsep req type 03 sz 9 on srvsock 8

Dropped privs to user nobody group - chroot -

Received privsep req type 00 sz 1 on srvsock 10

Received privsep req type 00 sz 1 on srvsock 12

Received privsep req type 00 sz 1 on srvsock 14

Inserted events:

0xfeae88 [fd 5] Read Persist Internal

0xfeb060 [fd 7] Read Persist Internal

0xfea1b8 [fd 8] Read Persist

0xfebb20 [sig 1] Signal Persist

0xfebc50 [sig 2] Signal Persist

0xfeb9f0 [sig 3] Signal Persist

0xfebeb0 [sig 10] Signal Persist

0xfebd80 [sig 13] Signal Persist

0xfeb290 [sig 15] Signal Persist

0xfec000 [fd -1] Persist Timeout=1682239211.430419

Active events:

Initialized 8 connection handling threads

Received privsep req type 00 sz 1 on srvsock 18

Started 8 connection handling threads

Starting main event loop.

SNI peek: [n/a] [complete], fd=43