self-hosted/dockerfiles
1
0
Fork 0
mirror of https://github.com/vimagick/dockerfiles.git synced 2025-04-19 12:02:19 +02:00
Code Issues Releases Activity

update sslsplit

Browse Source
This commit is contained in:
kev 2016-07-19 13:05:10 +08:00
parent fa6197faf6
commit ea31d4db73
6 changed files with 28 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
sslsplit/README.md
View File

@ -10,8 +10,8 @@ network connections.
sslsplit: sslsplit:
image: vimagick/sslsplit image: vimagick/sslsplit
command: command:
-k key/ca.key -c key/ca.crt -P -k keys/ca.key -c keys/ca.crt -P
-l log/cnn.log -S log -l logs/connections.log -S logs
tcp 0.0.0.0 8080 tcp 0.0.0.0 8080
ssl 0.0.0.0 8443 ssl 0.0.0.0 8443
net: host net: host
@ -21,21 +21,37 @@ sslsplit:
restart: unless-stopped restart: unless-stopped
``` ```
## up and running ## Server Setup
```bash ```bash
$ mkdir -p data/{key,log} $ mkdir -p data/{key,log}
$ openssl req -x509 -newkey rsa:2048 -nodes -keyout data/key/ca.key -out data/key/ca.crt -days 365 -subj '/CN=EasyPi' $ openssl req -x509 -newkey rsa:2048 -nodes -keyout data/key/ca.key -out data/key/ca.crt -days 3650 -subj '/CN=EasyPi'
$ docker-compose up -d $ docker-compose up -d
``` ```
``` ```bash
# setup
sysctl -w net.ipv4.ip_forward=1 sysctl -w net.ipv4.ip_forward=1
iptables -t nat -F iptables -t nat -N SSLSPLIT
iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 8080 iptables -t nat -A SSLSPLIT -p tcp --dport 80 -j REDIRECT --to-ports 8080
iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-ports 8443 iptables -t nat -A SSLSPLIT -p tcp --dport 443 -j REDIRECT --to-ports 8443
# enable
iptables -t nat -A PREROUTING -j SSLSPLIT
# disable
iptables -t nat -D PREROUTING -j SSLSPLIT
``` ```
## Client Setup
```bash
sudo route change default 192.168.31.231
curl -k https://www.baidu.com/s?wd=hello+world
```
> ProTip: No warning dialog after importing `ca.crt` into system/browser.
## read more ## read more
- <https://blog.heckel.xyz/2013/08/04/use-sslsplit-to-transparently-sniff-tls-ssl-connections/> - <https://blog.heckel.xyz/2013/08/04/use-sslsplit-to-transparently-sniff-tls-ssl-connections/>

4
sslsplit/arm/docker-compose.yml
View File

@ -1,8 +1,8 @@
sslsplit: sslsplit:
image: easypi/sslsplit-arm image: easypi/sslsplit-arm
command: command:
-k key/ca.key -c key/ca.crt -P -k keys/ca.key -c keys/ca.crt -P
-l log/cnn.log -S log -l logs/connections.log -S logs
tcp 0.0.0.0 8080 tcp 0.0.0.0 8080
ssl 0.0.0.0 8443 ssl 0.0.0.0 8443
net: host net: host

0
sslsplit/data/key/ca.crt → sslsplit/data/keys/ca.crt
View File

0
sslsplit/data/key/ca.key → sslsplit/data/keys/ca.key
View File

0
sslsplit/data/log/cnn.log → sslsplit/data/logs/connections.log
View File

4
sslsplit/docker-compose.yml
View File

@ -1,8 +1,8 @@
sslsplit: sslsplit:
image: vimagick/sslsplit image: vimagick/sslsplit
command: command:
-k key/ca.key -c key/ca.crt -P -k keys/ca.key -c keys/ca.crt -P
-l log/cnn.log -S log -l logs/connections.log -S logs
tcp 0.0.0.0 8080 tcp 0.0.0.0 8080
ssl 0.0.0.0 8443 ssl 0.0.0.0 8443
net: host net: host