From ea31d4db73ee44905e012faea756e6c324b9c7f4 Mon Sep 17 00:00:00 2001
From: kev <vimagick@gmail.com>
Date: Tue, 19 Jul 2016 13:05:10 +0800
Subject: [PATCH] update sslsplit

---
 sslsplit/README.md                            | 32 ++++++++++++++-----
 sslsplit/arm/docker-compose.yml               |  4 +--
 sslsplit/data/{key => keys}/ca.crt            |  0
 sslsplit/data/{key => keys}/ca.key            |  0
 .../{log/cnn.log => logs/connections.log}     |  0
 sslsplit/docker-compose.yml                   |  4 +--
 6 files changed, 28 insertions(+), 12 deletions(-)
 rename sslsplit/data/{key => keys}/ca.crt (100%)
 rename sslsplit/data/{key => keys}/ca.key (100%)
 rename sslsplit/data/{log/cnn.log => logs/connections.log} (100%)

diff --git a/sslsplit/README.md b/sslsplit/README.md
index 289988a..9b98743 100644
--- a/sslsplit/README.md
+++ b/sslsplit/README.md
@@ -10,8 +10,8 @@ network connections.
 sslsplit:
   image: vimagick/sslsplit
   command:
-    -k key/ca.key -c key/ca.crt -P
-    -l log/cnn.log -S log
+    -k keys/ca.key -c keys/ca.crt -P
+    -l logs/connections.log -S logs
     tcp 0.0.0.0 8080
     ssl 0.0.0.0 8443
   net: host
@@ -21,21 +21,37 @@ sslsplit:
   restart: unless-stopped
 ```
 
-## up and running
+## Server Setup
 
 ```bash
 $ mkdir -p data/{key,log}
-$ openssl req -x509 -newkey rsa:2048 -nodes -keyout data/key/ca.key -out data/key/ca.crt -days 365 -subj '/CN=EasyPi'
+$ openssl req -x509 -newkey rsa:2048 -nodes -keyout data/key/ca.key -out data/key/ca.crt -days 3650 -subj '/CN=EasyPi'
 $ docker-compose up -d
 ```
 
-```
+```bash
+# setup
 sysctl -w net.ipv4.ip_forward=1
-iptables -t nat -F
-iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 8080
-iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-ports 8443
+iptables -t nat -N SSLSPLIT
+iptables -t nat -A SSLSPLIT -p tcp --dport 80 -j REDIRECT --to-ports 8080
+iptables -t nat -A SSLSPLIT -p tcp --dport 443 -j REDIRECT --to-ports 8443
+
+# enable
+iptables -t nat -A PREROUTING -j SSLSPLIT
+
+# disable
+iptables -t nat -D PREROUTING -j SSLSPLIT
 ```
 
+## Client Setup
+
+```bash
+sudo route change default 192.168.31.231
+curl -k https://www.baidu.com/s?wd=hello+world
+```
+
+> ProTip: No warning dialog after importing `ca.crt` into system/browser.
+
 ## read more
 
 - <https://blog.heckel.xyz/2013/08/04/use-sslsplit-to-transparently-sniff-tls-ssl-connections/>
diff --git a/sslsplit/arm/docker-compose.yml b/sslsplit/arm/docker-compose.yml
index bba0c4a..668bf64 100644
--- a/sslsplit/arm/docker-compose.yml
+++ b/sslsplit/arm/docker-compose.yml
@@ -1,8 +1,8 @@
 sslsplit:
   image: easypi/sslsplit-arm
   command:
-    -k key/ca.key -c key/ca.crt -P
-    -l log/cnn.log -S log
+    -k keys/ca.key -c keys/ca.crt -P
+    -l logs/connections.log -S logs
     tcp 0.0.0.0 8080
     ssl 0.0.0.0 8443
   net: host
diff --git a/sslsplit/data/key/ca.crt b/sslsplit/data/keys/ca.crt
similarity index 100%
rename from sslsplit/data/key/ca.crt
rename to sslsplit/data/keys/ca.crt
diff --git a/sslsplit/data/key/ca.key b/sslsplit/data/keys/ca.key
similarity index 100%
rename from sslsplit/data/key/ca.key
rename to sslsplit/data/keys/ca.key
diff --git a/sslsplit/data/log/cnn.log b/sslsplit/data/logs/connections.log
similarity index 100%
rename from sslsplit/data/log/cnn.log
rename to sslsplit/data/logs/connections.log
diff --git a/sslsplit/docker-compose.yml b/sslsplit/docker-compose.yml
index caa16ec..7c55684 100644
--- a/sslsplit/docker-compose.yml
+++ b/sslsplit/docker-compose.yml
@@ -1,8 +1,8 @@
 sslsplit:
   image: vimagick/sslsplit
   command:
-    -k key/ca.key -c key/ca.crt -P
-    -l log/cnn.log -S log
+    -k keys/ca.key -c keys/ca.crt -P
+    -l logs/connections.log -S logs
     tcp 0.0.0.0 8080
     ssl 0.0.0.0 8443
   net: host