Return Styles: Pseud0ch, Terminal, Valhalla, NES, Geocities, Blue Moon.

Pages: 1-

SSL Forwarder (for mitm testing)

Name: Anonymous 2008-06-19 16:45

I have the following Python code:

from OpenSSL import SSL
import thread, socket

TARGET_HOST = 'server.example.com'
TARGET_PORT = 443
CERT_FILE = 'server.pem'
LISTEN_PORT = 443

def forwarder(src, dst):
        data = ' '
        while data:
                data = src.recv(4096)
                print data
                if data:
                        dst.sendall(data)
                else:
                        src.shutdown(socket.SHUT_RD)
                        dst.shutdown(socket.SHUT_WR)

def sslforwarder((cli, endpoint)):
        print "connection from ", endpoint
        ctx = SSL.Context(SSL.SSLv23_METHOD)
        srv = SSL.Connection(ctx, socket.socket())
        srv.setblocking(1)
        srv.connect((TARGET_HOST, TARGET_PORT))
        thread.start_new_thread(forwarder, (cli, srv))
        thread.start_new_thread(forwarder, (srv, cli))

ctx = SSL.Context(SSL.SSLv23_METHOD)
ctx.use_privatekey_file(CERT_FILE)
ctx.use_certificate_file(CERT_FILE)
ss = SSL.Connection(ctx, socket.socket())
ss.setblocking(1)
ss.bind(('0.0.0.0', LISTEN_PORT))
ss.listen(5)

try:
        while True:
                sslforwarder(ss.accept())
except KeyboardInterrupt:
        raise SystemExit

but when I run it I get the error:

Fatal Python error: PyEval_RestoreThread: NULL tstate
Aborted

This occurs when the server is sending data back to the client. Any ideas?

Name: Anonymous 2008-06-19 16:55

I have the following Python code:
I felt somewhat dreary reading the very first sentence of your post.

Name: Anonymous 2008-06-19 16:58

It's ok, I know what it is now.

http://www.openssl.org/support/faq.html#PROG1

Time to rewrite using select.

Name: Anonymous 2008-06-19 16:59

PYTHON

Name: Anonymous 2008-06-19 18:41

It sucks a bit, but it works:

from OpenSSL import SSL
import thread, socket, select

TARGET_HOST = 'server.example.com'
TARGET_PORT = 443
CERT_FILE = 'server.pem'
LISTEN_PORT = 443

def sslforwarder(cli, endpoint):
        print "connection from ", endpoint
        ctx = SSL.Context(SSL.SSLv23_METHOD)
        srv = SSL.Connection(ctx, socket.socket())
        srv.connect((TARGET_HOST, TARGET_PORT))
        print "connected to ", (TARGET_HOST, TARGET_PORT)
        srv.setblocking(0)
        cli.setblocking(0)
        print cli, srv
        while True:
                ready = select.select([srv, cli], [], [], 5)
                if cli in ready[0]:
                        try:
                                data = cli.recv(65536)
                                print "client: ",data
                                srv.sendall(data)
                        except (SSL.WantReadError, SSL.WantWriteError):
                                pass
                        except SSL.ZeroReturnError:
                                cli.shutdown()
                                srv.shutdown()
                                print 'connection closed'
                                return
                if srv in ready[0]:
                        try:
                                data = srv.recv(65536)
                                print "server: ",data
                                cli.sendall(data)
                        except (SSL.WantReadError, SSL.WantWriteError):
                                pass
                        except SSL.ZeroReturnError:
                                cli.shutdown()
                                srv.shutdown()
                                print 'connection closed'
                                return

ctx = SSL.Context(SSL.SSLv23_METHOD)
ctx.use_privatekey_file(CERT_FILE)
ctx.use_certificate_file(CERT_FILE)
ss = SSL.Connection(ctx, socket.socket())
ss.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
ss.setblocking(1)
ss.bind(('0.0.0.0', LISTEN_PORT))
ss.listen(5)

try:
        while True:
                thread.start_new_thread(sslforwarder,ss.accept())
except KeyboardInterrupt:
        raise SystemExit

Name: Anonymous 2008-06-19 20:01

for mitten testing

Name: Anonymous 2008-06-20 0:31

>>6
( ゚ ヮ゚)

Name: Anonymous 2008-06-20 3:21

>>7
KARTOFFELBREI

Name: Anonymous 2008-06-20 3:23

>>8
gtfo #sicp faggot fuck weeaboo shitfaggot wannabee failtroll

Name: Anonymous 2008-06-20 3:31

>>9
YHBT

Name: Anonymous 2008-06-20 3:32

>>9
Jeepers, you are rude.

Name: Anonymous 2008-06-20 4:24

>>9
Don't you confuse DQN for weeaboo.

Name: Anonymous 2008-06-20 5:51

What sort of retarded software doesn't bother to check if the cert or CA is valid? Way to fail at SSL.

Name: Anonymous 2008-06-20 5:55

http://crypto.stanford.edu/ssl-mitm/

Name: Anonymous 2008-06-20 7:25

>>13
http://www.heise-online.co.uk/news/Some-online-backup-services-insecure--/110771

Name: Anonymous 2008-06-21 3:41

SSL MITTENS :D

Name: Anonymous 2008-06-22 7:34

Smittens

Name: Anonymous 2011-02-03 0:21

Name: Sgt.Kabukimanꪛ쳏 2012-05-24 9:42

All work and no play makes Jack a dull boy
 All work and no play makes Jack a dull boy
 All work and no play makes Jack a dull boy
 All work and no play makes Jack a dull boy
 All work and no play makes Jack a dull boy
 All work and no play makes Jack a dull boy
 All work and no play makes Jack a dull boy
 All work and no play makes Jack a dull boy
 All work and no play makes Jack a dull boy
All work and no play makes Jack a dull boy
 All work and no play makes Jack a dull boy
 All work and no play makes Jack a dull boy
 All work and no play makes Jack a dull boy
 All work and no play makes Jack a dull boy
 All work and no play makes Jack a dull boy
 All work and no play makes Jack a dull boy
 All work and no play makes Jack a dull boy
 All work and no play makes Jack a dull boy

Name: bampu pantsu 2012-05-29 3:55

bampu pantsu
Don't change these.
Name: Email:
Entire Thread Thread List
All trademarks and copyrights on this site are owned by their respective parties. All comments and posts are the responsibility of their own posters.
- Tinychan + 2ch Mode -