Tools/SSL-Sniffer
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Added documentation

Browse Source
This commit is contained in:
Christian Risi 2025-06-25 18:24:01 +02:00
parent 257b29cf00
commit 1a227b4fe1
4 changed files with 106 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

74
README.md
View File

@ -6,4 +6,76 @@
> this software only ***ease*** the `sniffing-process` by terminating `TLS`
> in a transparent way.
## How to use the software
## How to use the software
- Have [Firegex](https://github.com/Pwnzer0tt1/firegex) installed on the `vulnbox` (OPTIONAL)
- Copy all keys on `ssl-sniffer/private/<service-name>/[key|cert].pem`
- Copy a template from one of the available templates:
- `grpc`: `cp ssl-sniffer/nginx/grpc/conf.example ssl-sniffer/nginx/grpc/<service-name>.conf`
- `http`: `cp ssl-sniffer/nginx/http/conf.example ssl-sniffer/nginx/http/<service-name>.conf`
- Modify the copied template
- Add a rule to hijack the port to the one specified in your conf (OPTIONAL)
- Run `docker compose up -d --build`
- Check that your service is still reachable
> [!TIP]
> Remember to capture traffic from the `lo` interface, otherwise you won't
> see any benefit in setting such infrastructure
## Full example
### Cheesy Cheats-API Template
```nginx
# CheesyAPI conf
# CheesyAPI TLS endpoint
server {
# Use this to avoid port scanners to know
# what you are using
more_clear_headers Server;
# Here put the TLS termination
# endpoint port
listen 15555 ssl;
http2 on;
# Here put the unencrypted
# endpoint port
location / {
grpc_pass grpc://127.0.0.1:15554;
}
# Put relevant keys here
ssl_certificate /services-keys/CheesyAPI/cert.pem;
ssl_certificate_key /services-keys/CheesyAPI/key.pem;
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
}
# Example Termination endpoint
server {
# Use this to avoid port scanners to know
# what you are using
more_clear_headers Server;
# Here put the unencrypted
# endpoint port
listen 127.0.0.1:15554;
http2 on;
# Here put the original
# service endpoint port
location / {
grpc_pass grpcs://127.0.0.1:5555;
}
}
```
![firegex-example-image](images\firegex-example.png)

BIN
images/firegex-example.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 165 KiB

15
nginx/grpc/conf.example
View File

@ -4,16 +4,22 @@
# Example TLS endpoint
server {
# Use this to avoid port scanners to know
# what you are using
more_clear_headers Server;
# Here put the TLS termination
# endpoint port
listen PORT ssl;
http2 on;
# Here put the unencrypted
# endpoint port
location / {
grpc_pass grpc://127.0.0.1:PORT;
}
# Put relevant keys here
ssl_certificate /services-keys/Example/cert.pem;
ssl_certificate_key /services-keys/Example/key.pem;
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
@ -24,12 +30,17 @@ server {
# Example Termination endpoint
server {
# Use this to avoid port scanners to know
# what you are using
more_clear_headers Server;
# Here put the unencrypted
# endpoint port
listen 127.0.0.1:PORT;
http2 on;
# Here put the service you need
# Here put the original
# service endpoint port
location / {
grpc_pass grpcs://127.0.0.1:PORT;
}

25
nginx/http/conf.example
View File

@ -4,31 +4,46 @@
# Example TLS endpoint
server {
# Use this to avoid port scanners to know
# what you are using
more_clear_headers Server;
# Here put the TLS termination
# endpoint port
listen PORT ssl;
more_clear_headers Server;
# Uncomment if http2
# http2 on;
# Here put the unencrypted
# endpoint port
location / {
proxy_pass http://localhost:8080;
}
# Put relevant keys here
ssl_certificate /services-keys/Example/cert.pem;
ssl_certificate_key /services-keys/Example/key.pem;
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
}
# Example Termination endpoint
server {
# Use this to avoid port scanners to know
# what you are using
more_clear_headers Server;
# Here put the unencrypted
# endpoint port
listen 127.0.0.1:8080;
# Here put the service you need
# Uncomment if http2
# http2 on;
# Here put the original
# service endpoint port
location / {
proxy_pass https://127.0.0.1:PORT;
}