Class: Ronin::Support::Network::SSL::Proxy

Inherits:

TCP::Proxy

• Object
• Proxy
• TCP::Proxy
• Ronin::Support::Network::SSL::Proxy

Defined in:

lib/ronin/support/network/ssl/proxy.rb

Overview

The SSL Proxy allows for inspecting and manipulating SSL wrapped protocols.

Example

require 'ronin/support/network/ssl/proxy'
require 'hexdump'

Ronin::Support::Network::SSL::Proxy.start(port: 1337, server: ['www.wired.com', 443]) do |proxy|
  address = lambda { |socket|
    addrinfo = socket.peeraddr

   "#{addrinfo[3]}:#{addrinfo[1]}"
  }
  hex = Hexdump::Hexdump.new

  proxy.on_client_data do |client,server,data|
    puts "#{address[client]} -> #{proxy}"
    hex.dump(data)
  end

  proxy.on_client_connect do |client|
    puts "#{address[client]} -> #{proxy} [connected]"
  end

  proxy.on_client_disconnect do |client,server|
    puts "#{address[client]} <- #{proxy} [disconnected]"
  end

  proxy.on_server_data do |client,server,data|
    puts "#{address[client]} <- #{proxy}"
    hex.dump(data)
  end

  proxy.on_server_connect do |client,server|
    puts "#{address[client]} <- #{proxy} [connected]"
  end

  proxy.on_server_disconnect do |client,server|
    puts "#{address[client]} <- #{proxy} [disconnected]"
  end
end

Callbacks

In addition to the events supported by the Proxy base class, the SSL Proxy also supports the following callbacks.

client_connect

When a client connects to the proxy:

on_client_connect do |client|
  puts "[connected] #{client.remote_address.ip_address}:#{client.remote_addre
end

client_disconnect

When a client disconnects from the proxy:

on_client_disconnect do |client,server|
  puts "[disconnected] #{client.remote_address.ip_address}:#{client.remote_ad
end

server_connect

When the server accepts a connection from the proxy:

on_server_connect do |client,server|
  puts "[connected] #{proxy}"
end

server_disconnect

When the server closes a connection from the proxy.

on_server_disconnect do |client,server|
  puts "[disconnected] #{proxy}"
end

connect

Alias for TCP::Proxy#on_server_connect.

disconnect

Alias for TCP::Proxy#on_client_disconnect.

Since:

• 0.6.0

Direct Known Subclasses

TLS::Proxy

Constant Summary

Constants inherited from Proxy

Proxy::DEFAULT_BUFFER_SIZE, Proxy::DEFAULT_HOST

Instance Attribute Summary

• #ca_bundle ⇒ String

  Path to the CA certificate file or directory.

• #cert ⇒ Crypto::Cert, ...

  The X509 certificate to use.

• #cert_file ⇒ String^?

  The path to the X509 .crt or .pem file.

• #key ⇒ Crypto::Key::RSA, ...

  The RSA key to use.

• #key_file ⇒ String^?

  The path to the SSL .key file.

• #verify ⇒ Symbol, Boolean

  The SSL verify mode.

• #version ⇒ 1, ... readonly

  The SSL version to use.

Attributes inherited from Proxy

#buffer_size, #connections, #host, #port, #server_host, #server_port

Instance Method Summary

• #accept_client_connection ⇒ OpenSSL::SSL::SSLSocket protected

  Accepts a client connection from the server socket.

• #initialize(version: nil, key: SSL.key, key_file: nil, cert: SSL.cert, cert_file: nil, verify: :none, ca_bundle: nil, **kwargs, &block) ⇒ Proxy constructor

  Creates a new SSL Proxy.

• #open_server_connection ⇒ OpenSSL::SSL::SSLSocket protected

  Opens a new connection to the server.

• #recv(connection) ⇒ String^? protected

  Receives data from a connection.

• #send(connection, data) ⇒ Object protected

  Sends data to a connection.

Methods inherited from TCP::Proxy

#client_connect, #client_disconnect, #close_client_connection, #close_proxy, #close_server_connection, #on_client_connect, #on_client_disconnect, #on_server_connect, #on_server_disconnect, #open, #poll, #server_connect, #server_disconnect

Methods inherited from Proxy

#callback, #client_connection_for, #client_connections, #client_data, #close, #close!, #close_client_connection, #close_connection, #close_connections, #close_proxy, #close_server_connection, #ignore!, #inspect, #listen, #on_client_data, #on_data, #on_server_data, #open, #poll, #reset!, #reset_connection, #server_connection_for, #server_connections, #server_data, start, #start, #stop, #stop!, #to_s

Constructor Details

#initialize(version: nil, key: SSL.key, key_file: nil, cert: SSL.cert, cert_file: nil, verify: :none, ca_bundle: nil, **kwargs, &block) ⇒ Proxy

Creates a new SSL Proxy.

Parameters:

• version (1, 1.1, 1.2, String, Symbol, nil) (defaults to: nil) —

  The SSL version to use.

• key (Crypto::Key::RSA, OpenSSL::PKey::RSA) (defaults to: SSL.key) —

  The SSL key.

• key_file (String) (defaults to: nil) —

  The path to the SSL .key file.

• cert (Crypto::Cert, OpenSSL::X509::Certificate) (defaults to: SSL.cert) —

  The SSL X509 certificate.

• cert_file (String) (defaults to: nil) —

  The path to the SSL .crt file.

• verify (Symbol, Boolean) (defaults to: :none) —

  The SSL verify mode. Must be one of:

  • :none
  • :peer
  • :fail_if_no_peer_cert
  • :client_once
  • true (alias for :peer)
  • false (alias for :none)
• ca_bundle (String, nil) (defaults to: nil) —

  Path to the CA certificate file or directory.

• kwargs (Hash{Symbol => Object}) —

  Additional keyword arguments for TCP::Proxy#initialize.

See Also:

• Proxy#initialize

Since:

• 0.6.0

# File 'lib/ronin/support/network/ssl/proxy.rb', line 192

def initialize(version:   nil,
               key:       SSL.key,
               key_file:  nil,
               cert:      SSL.cert,
               cert_file: nil,
               verify:    :none,
               ca_bundle: nil,
               **kwargs,
               &block)
  @version   = version
  @key       = key
  @key_file  = key_file
  @cert      = cert
  @cert_file = cert_file
  @verify    = verify
  @ca_bundle = ca_bundle

  super(**kwargs,&block)
end

Instance Attribute Details

#ca_bundle ⇒ String

Path to the CA certificate file or directory.

Returns:

• (String)

Since:

• 0.6.0

# File 'lib/ronin/support/network/ssl/proxy.rb', line 154

def ca_bundle
  @ca_bundle
end

#cert ⇒ Crypto::Cert, ...

The X509 certificate to use.

Returns:

• (Crypto::Cert, OpenSSL::X509::Certificate, nil)

Since:

• 0.6.0

# File 'lib/ronin/support/network/ssl/proxy.rb', line 139

def cert
  @cert
end

#cert_file ⇒ String^?

The path to the X509 .crt or .pem file.

Returns:

• (String, nil)

Since:

• 0.6.0

# File 'lib/ronin/support/network/ssl/proxy.rb', line 144

def cert_file
  @cert_file
end

#key ⇒ Crypto::Key::RSA, ...

The RSA key to use.

Returns:

• (Crypto::Key::RSA, OpenSSL::PKey::RSA, nil)

Since:

• 0.6.0

# File 'lib/ronin/support/network/ssl/proxy.rb', line 129

def key
  @key
end

#key_file ⇒ String^?

The path to the SSL .key file.

Returns:

• (String, nil)

Since:

• 0.6.0

# File 'lib/ronin/support/network/ssl/proxy.rb', line 134

def key_file
  @key_file
end

#verify ⇒ Symbol, Boolean

The SSL verify mode

Returns:

• (Symbol, Boolean)

Since:

• 0.6.0

# File 'lib/ronin/support/network/ssl/proxy.rb', line 149

def verify
  @verify
end

#version ⇒ 1, ... (readonly)

The SSL version to use.

Returns:

• (1, 1.1, 1.2, String, Symbol, nil)

Since:

• 1.0.0

# File 'lib/ronin/support/network/ssl/proxy.rb', line 124

def version
  @version
end

Instance Method Details

#accept_client_connection ⇒ OpenSSL::SSL::SSLSocket (protected)

Accepts a client connection from the server socket.

Returns:

• (OpenSSL::SSL::SSLSocket) —

  The new SSL connection.

Since:

• 0.6.0

# File 'lib/ronin/support/network/ssl/proxy.rb', line 252

def accept_client_connection
  client     = super
  context    = SSL.context(version:   @version,
                           key:       @key,
                           key_file:  @key_file,
                           cert:      @cert,
                           cert_file: @cert_file,
                           verify:    @verify)
  ssl_socket = OpenSSL::SSL::SSLSocket.new(client,context)

  ssl_socket.sync_close = true

  begin
    ssl_socket.accept
  rescue OpenSSL::SSL::SSLError
    return nil
  end

  return ssl_socket
end

#open_server_connection ⇒ OpenSSL::SSL::SSLSocket (protected)

Opens a new connection to the server.

Returns:

• (OpenSSL::SSL::SSLSocket) —

  The new server connection.

Since:

• 0.6.0

# File 'lib/ronin/support/network/ssl/proxy.rb', line 279

def open_server_connection
  server_socket = super
  context       = SSL.context(verify: @verify, ca_bundle: @ca_bundle)
  ssl_socket    = OpenSSL::SSL::SSLSocket.new(server_socket,context)

  ssl_socket.sync_close = true
  ssl_socket.connect

  return ssl_socket
end

#recv(connection) ⇒ String^? (protected)

Receives data from a connection.

Parameters:

• connection (OpenSSL::SSL::SSLSocket) —

  The SSL connection to receive data from.

Returns:

• (String, nil) —

  The received data.

Since:

• 0.6.0

# File 'lib/ronin/support/network/ssl/proxy.rb', line 240

def recv(connection)
  connection.readpartial(@buffer_size)
rescue Errno::ECONNRESET, EOFError
  ''
end

#send(connection, data) ⇒ Object (protected)

Sends data to a connection.

Parameters:

• connection (OpenSSL::SSL::SSLSocket) —

  A SSL connection to write data to.

• data (String) —

  The data to write.

Since:

• 0.6.0

# File 'lib/ronin/support/network/ssl/proxy.rb', line 225

def send(connection,data)
  connection.write(data)
end