SSL-Sniffer/README.md

# SSL Sniffer

> [!CAUTION]
> While the name may suggest this software has `packet-sniffing` 
> capabilities,
> this software only ***ease*** the `sniffing-process` by terminating `TLS`
> in a transparent way.

## How to use the software

- Have [Firegex](https://github.com/Pwnzer0tt1/firegex) installed on the `vulnbox` (OPTIONAL)
- Copy all keys on `ssl-sniffer/private/<service-name>/[key|cert].pem`
- Copy a template from one of the available templates:
  - `grpc`: `cp ssl-sniffer/nginx/grpc/conf.example ssl-sniffer/nginx/grpc/<service-name>.conf`
  - `http`: `cp ssl-sniffer/nginx/http/conf.example ssl-sniffer/nginx/http/<service-name>.conf`
- Modify the copied template
- Add a rule to hijack the port to the one specified in your conf (OPTIONAL)
- Run `docker compose up -d --build`
- Check that your service is still reachable

> [!TIP]
> Remember to capture traffic from the `lo` interface, otherwise you won't
> see any benefit in setting such infrastructure

## Full example

### Cheesy Cheats-API Template

```nginx
# CheesyAPI conf


# CheesyAPI TLS endpoint
server {

    # Use this to avoid port scanners to know
    #   what you are using
    more_clear_headers Server;

    # Here put the TLS termination 
    #   endpoint port
    listen 15555 ssl;
    http2 on;

    # Here put the unencrypted 
    #   endpoint port
    location / {
        grpc_pass grpc://127.0.0.1:15554;
    }

    # Put relevant keys here
    ssl_certificate       /services-keys/CheesyAPI/cert.pem;
    ssl_certificate_key   /services-keys/CheesyAPI/key.pem;
    ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;


}

# Example Termination endpoint
server {

    # Use this to avoid port scanners to know
    #   what you are using
    more_clear_headers Server;

    # Here put the unencrypted 
    #   endpoint port
    listen 127.0.0.1:15554;
    http2 on;

    # Here put the original 
    #   service endpoint port
    location / {
        grpc_pass grpcs://127.0.0.1:5555;
    }


}
```

![firegex-example-image](images/firegex-example.png)
Changed Structure to reflect actual use 2025-06-25 18:01:05 +02:00			`# SSL Sniffer`

			`> [!CAUTION]`
			> While the name may suggest this software has `packet-sniffing`
			`> capabilities,`
			> this software only *ease* the `sniffing-process` by terminating `TLS`
			`> in a transparent way.`

Added documentation 2025-06-25 18:24:01 +02:00			`## How to use the software`

			- Have [Firegex](https://github.com/Pwnzer0tt1/firegex) installed on the `vulnbox` (OPTIONAL)
			- Copy all keys on `ssl-sniffer/private/<service-name>/[key\|cert].pem`
			`- Copy a template from one of the available templates:`
			- `grpc`: `cp ssl-sniffer/nginx/grpc/conf.example ssl-sniffer/nginx/grpc/<service-name>.conf`
			- `http`: `cp ssl-sniffer/nginx/http/conf.example ssl-sniffer/nginx/http/<service-name>.conf`
			`- Modify the copied template`
			`- Add a rule to hijack the port to the one specified in your conf (OPTIONAL)`
			- Run `docker compose up -d --build`
			`- Check that your service is still reachable`

			`> [!TIP]`
			> Remember to capture traffic from the `lo` interface, otherwise you won't
			`> see any benefit in setting such infrastructure`

			`## Full example`

			`### Cheesy Cheats-API Template`

			```nginx
			`# CheesyAPI conf`


			`# CheesyAPI TLS endpoint`
			`server {`

			`# Use this to avoid port scanners to know`
			`# what you are using`
			`more_clear_headers Server;`

			`# Here put the TLS termination`
			`# endpoint port`
			`listen 15555 ssl;`
			`http2 on;`

			`# Here put the unencrypted`
			`# endpoint port`
			`location / {`
			`grpc_pass grpc://127.0.0.1:15554;`
			`}`

			`# Put relevant keys here`
			`ssl_certificate /services-keys/CheesyAPI/cert.pem;`
			`ssl_certificate_key /services-keys/CheesyAPI/key.pem;`
			`ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;`


			`}`

			`# Example Termination endpoint`
			`server {`

			`# Use this to avoid port scanners to know`
			`# what you are using`
			`more_clear_headers Server;`

			`# Here put the unencrypted`
			`# endpoint port`
			`listen 127.0.0.1:15554;`
			`http2 on;`

			`# Here put the original`
			`# service endpoint port`
			`location / {`
			`grpc_pass grpcs://127.0.0.1:5555;`
			`}`


			`}`
			```

Fixed image path 2025-06-25 18:24:35 +02:00			`![firegex-example-image](images/firegex-example.png)`