class Ronin::Support::Network::SSL::Proxy

The SSL Proxy allows for inspecting and manipulating SSL wrapped protocols.

## Example

require 'ronin/support/network/ssl/proxy'
require 'hexdump'

Ronin::Support::Network::SSL::Proxy.start(port: 1337, server: ['www.wired.com', 443]) do |proxy|
  address = lambda { |socket|
    addrinfo = socket.peeraddr

   "#{addrinfo[3]}:#{addrinfo[1]}"
  }
  hex = Hexdump::Hexdump.new

  proxy.on_client_data do |client,server,data|
    puts "#{address[client]} -> #{proxy}"
    hex.dump(data)
  end

  proxy.on_client_connect do |client|
    puts "#{address[client]} -> #{proxy} [connected]"
  end

  proxy.on_client_disconnect do |client,server|
    puts "#{address[client]} <- #{proxy} [disconnected]"
  end

  proxy.on_server_data do |client,server,data|
    puts "#{address[client]} <- #{proxy}"
    hex.dump(data)
  end

  proxy.on_server_connect do |client,server|
    puts "#{address[client]} <- #{proxy} [connected]"
  end

  proxy.on_server_disconnect do |client,server|
    puts "#{address[client]} <- #{proxy} [disconnected]"
  end
end

## Callbacks

In addition to the events supported by the {Network::Proxy Proxy} base class, the SSL Proxy also supports the following callbacks.

### client_connect

When a client connects to the proxy:

on_client_connect do |client|
  puts "[connected] #{client.remote_address.ip_address}:#{client.remote_addre
end

### client_disconnect

When a client disconnects from the proxy:

on_client_disconnect do |client,server|
  puts "[disconnected] #{client.remote_address.ip_address}:#{client.remote_ad
end

### server_connect

When the server accepts a connection from the proxy:

on_server_connect do |client,server|
  puts "[connected] #{proxy}"
end

### server_disconnect

When the server closes a connection from the proxy.

on_server_disconnect do |client,server|
  puts "[disconnected] #{proxy}"
end

### connect

Alias for {#on_server_connect}.

### disconnect

Alias for {#on_client_disconnect}.

@since 0.6.0

Attributes

ca_bundle[RW]

Path to the CA certificate file or directory.

@return [String]

cert[RW]

The X509 certificate to use.

@return [Crypto::Cert, OpenSSL::X509::Certificate, nil]

cert_file[RW]

The path to the X509 ‘.crt` or `.pem` file.

@return [String, nil]

key[RW]

The RSA key to use.

@return [Crypto::Key::RSA, OpenSSL::PKey::RSA, nil]

key_file[RW]

The path to the SSL ‘.key` file.

@return [String, nil]

verify[RW]

The SSL verify mode

@return [Symbol, Boolean]

version[R]

The SSL version to use.

@return [1, 1.1, 1.2, String, Symbol, nil]

@since 1.0.0

Public Class Methods

new(version: nil, key: SSL.key, key_file: nil, cert: SSL.cert, cert_file: nil, verify: :none, ca_bundle: nil, **kwargs, &block) click to toggle source

Creates a new SSL Proxy.

@param [1, 1.1, 1.2, String, Symbol, nil] version

The SSL version to use.

@param [Crypto::Key::RSA, OpenSSL::PKey::RSA] key

The SSL key.

@param [String] key_file

The path to the SSL `.key` file.

@param [Crypto::Cert, OpenSSL::X509::Certificate] cert

The SSL X509 certificate.

@param [String] cert_file

The path to the SSL `.crt` file.

@param [Symbol, Boolean] verify

The SSL verify mode. Must be one of:

* `:none`
* `:peer`
* `:fail_if_no_peer_cert`
* `:client_once`
* `true` (alias for `:peer`)
* `false` (alias for `:none`)

@param [String, nil] ca_bundle

Path to the CA certificate file or directory.

@param [Hash{Symbol => Object}] kwargs

Additional keyword arguments for {TCP::Proxy#initialize}.

@see Network::Proxy#initialize

Calls superclass method
# File lib/ronin/support/network/ssl/proxy.rb, line 192
def initialize(version:   nil,
               key:       SSL.key,
               key_file:  nil,
               cert:      SSL.cert,
               cert_file: nil,
               verify:    :none,
               ca_bundle: nil,
               **kwargs,
               &block)
  @version   = version
  @key       = key
  @key_file  = key_file
  @cert      = cert
  @cert_file = cert_file
  @verify    = verify
  @ca_bundle = ca_bundle

  super(**kwargs,&block)
end

Protected Instance Methods

accept_client_connection() click to toggle source

Accepts a client connection from the server socket.

@return [OpenSSL::SSL::SSLSocket]

The new SSL connection.
Calls superclass method
# File lib/ronin/support/network/ssl/proxy.rb, line 252
def accept_client_connection
  client     = super
  context    = SSL.context(version:   @version,
                           key:       @key,
                           key_file:  @key_file,
                           cert:      @cert,
                           cert_file: @cert_file,
                           verify:    @verify)
  ssl_socket = OpenSSL::SSL::SSLSocket.new(client,context)

  ssl_socket.sync_close = true

  begin
    ssl_socket.accept
  rescue OpenSSL::SSL::SSLError
    return nil
  end

  return ssl_socket
end
open_server_connection() click to toggle source

Opens a new connection to the server.

@return [OpenSSL::SSL::SSLSocket]

The new server connection.
Calls superclass method
# File lib/ronin/support/network/ssl/proxy.rb, line 279
def open_server_connection
  server_socket = super
  context       = SSL.context(verify: @verify, ca_bundle: @ca_bundle)
  ssl_socket    = OpenSSL::SSL::SSLSocket.new(server_socket,context)

  ssl_socket.sync_close = true
  ssl_socket.connect

  return ssl_socket
end
recv(connection) click to toggle source

Receives data from a connection.

@param [OpenSSL::SSL::SSLSocket] connection

The SSL connection to receive data from.

@return [String, nil]

The received data.

@api public

# File lib/ronin/support/network/ssl/proxy.rb, line 240
def recv(connection)
  connection.readpartial(@buffer_size)
rescue Errno::ECONNRESET, EOFError
  ''
end
send(connection,data) click to toggle source

Sends data to a connection.

@param [OpenSSL::SSL::SSLSocket] connection

A SSL connection to write data to.

@param [String] data

The data to write.

@api public

# File lib/ronin/support/network/ssl/proxy.rb, line 225
def send(connection,data)
  connection.write(data)
end