def _bypass_ssl(self, hostname, port, proxy_aware=False):
"""
SSL bypass, behave like the requested server and provide a certificate.
"""
if proxy_aware:
self.wfile.write("HTTP/1.1 200 Connection established\r\n\r\n") # yes, sure
try:
if conf.ssl_reverse:
s = connect(hostname=hostname, port=port, use_ssl=True)
cert = s.getpeercert()
if cert:
name = extract_name(cert)
if name:
ssl_hostname = name
elif conf.ssl_hostname:
hostname = conf.ssl_hostname
ssl_hostname = hostname
else:
ssl_hostname = hostname
self.ssl_sock = ssl.wrap_socket(self.request, server_side=True,
certfile=generate_ssl_cert(ssl_hostname),
keyfile=get_key_file())
self.rfile = self.ssl_sock.makefile('rb', self.rbufsize)
self.wfile = self.ssl_sock.makefile('wb', self.wbufsize)
return Request(self.rfile, hostname=hostname, port=port, use_ssl=True)
except ssl.SSLError as e:
ui_lock.acquire()
if "alert unknown ca" in str(e) or "alert certificate unknown" in str(e):
print self.pt, "<" + warning("SSLError") + ": " + \
"Abrupt certificate for {} ".format(hostname) + \
"has been rejected by your client. >"
else:
print warning(str(e))
ui_lock.release()
def _forward_ssl(self, hostname, port):
client = self.request
server = connect(hostname, port, False)
self.wfile.write("HTTP/1.1 200 Connection established\r\n\r\n")
ui_lock.acquire()
print self.pt, "<" + info("CONNECT"), hostname + ">"
ui_lock.release()
if not server:
raise UnableToConnect()
try:
while not self.server._BaseServer__shutdown_request:
ready, _, excpt = select.select([client, server], [], [], 2)
if ready:
for s in ready:
data = s.recv(4096)
if len(data) == 0:
ui_lock.acquire()
print self.pt, "<" + info("CONNECT"), hostname + "> ended"
ui_lock.release()
return
for d in [client, server]:
if d != s:
d.send(data)
except socket.error:
ui_lock.acquire()
print self.pt, "<" + info("CONNECT"), hostname + "> died"
ui_lock.release()
def _bypass_ssl(self, hostname, port, proxy_aware=False):
"""
SSL bypass, behave like the requested server and provide a certificate.
"""
if proxy_aware:
self.wfile.write("HTTP/1.1 200 Connection established\r\n\r\n") # yes, sure
try:
if conf.ssl_reverse:
s = connect(hostname=hostname, port=port, use_ssl=True)
cert = s.getpeercert()
if cert:
name = extract_name(cert)
if name:
ssl_hostname = name
elif conf.ssl_hostname:
hostname = conf.ssl_hostname
ssl_hostname = hostname
else:
ssl_hostname = hostname
self.ssl_sock = ssl.wrap_socket(self.request, server_side=True,
certfile=generate_ssl_cert(ssl_hostname),
keyfile=get_key_file(), ssl_version=conf._ssl_version)
self.rfile = self.ssl_sock.makefile('rb', self.rbufsize)
self.wfile = self.ssl_sock.makefile('wb', self.wbufsize)
return Request(self.rfile, hostname=hostname, port=port, use_ssl=True)
except ssl.SSLError as e:
ui_lock.acquire()
if "alert unknown ca" in str(e) or "alert certificate unknown" in str(e):
print self.pt, "<" + warning("SSLError") + ": " + \
"Abrupt certificate for {} ".format(hostname) + \
"has been rejected by your client. >"
elif "EOF occurred in violation of protocol" in str(e):
print self.pt, "<" + warning("SSLError") + ": " + \
"Connection to {} has been dropped by the client. ".format(hostname) + \
"Fake certificate may have been refused? >"
else:
print warning(str(e))
ui_lock.release()
def _init_connection(self): """ Init the connection with the remote server """ return connect(self.r.hostname, self.r.port, self.r.use_ssl)
def _init_connection(self): """ Init the connection with the remote server """ return connect(self.r.hostname, self.r.port, self.r.use_ssl)
