├── .git_pre-commit ├── .gitattributes ├── .github ├── FUNDING.yml └── workflows │ └── build-ubuntu-22.04.yml ├── .gitignore ├── .gitmodules ├── .travis.yml ├── CMakeLists.txt ├── FindLibConfig.cmake ├── FindLibMicroHttpd.cmake ├── Findhiredis.cmake ├── LICENSE ├── QuickHowto-Webhook.md ├── QuickInstall-Mitm.md ├── README.md ├── Release_Notes.md ├── TODO-dev.md ├── coverity.cmake ├── docs └── README.md ├── etc ├── apparmor │ └── usr.bin.smithproxy ├── certs │ └── default │ │ ├── ca-cert.pem │ │ ├── ca-key.pem │ │ ├── cl-cert.pem │ │ ├── cl-key.pem │ │ ├── portal-cert.pem │ │ ├── portal-gen.info │ │ ├── portal-key.pem │ │ ├── srv-cert.pem │ │ ├── srv-key.pem │ │ └── sslca.json ├── logrotate.d │ └── smithproxy ├── msg │ └── en │ │ ├── html_img_warning.txt │ │ ├── html_page.txt │ │ └── test.txt ├── service │ ├── initd │ │ └── smithproxy.init │ └── systemd │ │ ├── sx-core@.service │ │ └── sx-network@.service ├── smithd.cfg ├── smithproxy.cfg ├── smithproxy.startup.cfg ├── smithproxy.startup.sh ├── smithproxy_cli.sh ├── users.cfg └── users.key ├── helpers.cmake ├── install.cmake ├── man ├── TESTING_README.txt ├── smithproxy.1 └── tproxy.txt ├── snap └── hooks │ ├── install │ └── post-refresh ├── snapcraft-core18.yaml ├── snapcraft-core20.yaml ├── snapcraft.yaml ├── src ├── async │ ├── asyncdns.hpp │ ├── asyncocsp.hpp │ └── asyncsocket.hpp ├── ext │ ├── hpack │ │ ├── hpack.hpp │ │ └── hpack_tests.cpp │ ├── libcidr │ │ ├── cidr.cpp │ │ └── cidr.hpp │ └── nltemplate │ │ ├── nltemplate.cpp │ │ └── nltemplate.hpp ├── infra │ ├── __init__.py │ ├── daemon.py │ ├── smithdog.py │ ├── sslca │ │ ├── askbot.py │ │ ├── makecerts.py │ │ ├── makeportalcert.py │ │ └── sxyca.py │ └── uxserv.py ├── inspect │ ├── dns.cpp │ ├── dns.hpp │ ├── dnsengine.hpp │ ├── dnsinspector.cpp │ ├── dnsinspector.hpp │ ├── engine.hpp │ ├── engine │ │ ├── http.cpp │ │ └── http.hpp │ ├── fp │ │ ├── ja4.cpp │ │ └── ja4.hpp │ ├── kb │ │ ├── kb.hpp │ │ └── node.hpp │ ├── pyinspector.hpp │ ├── sigfactory.hpp │ ├── sxsignature.hpp │ └── tests │ │ ├── dns_tests.cpp │ │ ├── http1_tests.cpp │ │ ├── ja4_tests.cpp │ │ └── node_tests.cpp ├── main.cpp ├── main.hpp ├── policy │ ├── addrobj.cpp │ ├── addrobj.hpp │ ├── authfactory.hpp │ ├── authfactory4.cpp │ ├── authfactory6.cpp │ ├── cfgelement.hpp │ ├── inspectors.cpp │ ├── inspectors.hpp │ ├── loadb.cpp │ ├── loadb.hpp │ ├── policy.cpp │ ├── policy.hpp │ ├── profiles.cpp │ ├── profiles.hpp │ └── tests │ │ ├── addrobj_test.cpp │ │ └── policy_test.cpp ├── proxy │ ├── filters │ │ ├── access_filter.cpp │ │ ├── access_filter.hpp │ │ ├── filterproxy.cpp │ │ ├── filterproxy.hpp │ │ ├── sinkhole.cpp │ │ ├── sinkhole.hpp │ │ ├── statistics │ │ │ ├── entropy.cpp │ │ │ ├── entropy.hpp │ │ │ ├── flowanalysis.cpp │ │ │ └── flowanalysis.hpp │ │ ├── statsfilter.cpp │ │ ├── statsfilter.hpp │ │ ├── tesfilter.hpp │ │ └── testfilter.cpp │ ├── mitmcom.cpp │ ├── mitmcom.hpp │ ├── mitmhost.cpp │ ├── mitmhost.hpp │ ├── mitmproxy.cpp │ ├── mitmproxy.hpp │ ├── nbrhood.hpp │ ├── ocspinvoker.cpp │ ├── ocspinvoker.hpp │ ├── proxymaker.cpp │ ├── proxymaker.hpp │ ├── redison.hpp │ └── socks5 │ │ ├── sockshostcx.cpp │ │ ├── sockshostcx.hpp │ │ ├── socksproxy.cpp │ │ └── socksproxy.hpp ├── service │ ├── cfgapi │ │ ├── cfgapi.cpp │ │ ├── cfgapi.hpp │ │ ├── cfgvalue.cpp │ │ └── cfgvalue.hpp │ ├── cmd │ │ ├── cligen.cpp │ │ ├── cligen.hpp │ │ ├── clistate.cpp │ │ ├── clistate.hpp │ │ ├── cmdserver.cpp │ │ ├── cmdserver.hpp │ │ └── diag │ │ │ ├── diag_cmds.cpp │ │ │ └── diag_cmds.hpp │ ├── core │ │ ├── authpam.cpp │ │ ├── authpam.hpp │ │ ├── service.cpp │ │ ├── service.hpp │ │ ├── smithproxy.cpp │ │ ├── smithproxy.hpp │ │ ├── smithproxy_objapi.cpp │ │ └── smithproxy_objapi.hpp │ ├── daemon.cpp │ ├── daemon.hpp │ ├── dnsupd │ │ ├── smithdnsupd.cpp │ │ └── smithdnsupd.hpp │ ├── http │ │ ├── async_request.hpp │ │ ├── jsonize.cpp │ │ ├── jsonize.hpp │ │ ├── request.cpp │ │ ├── request.hpp │ │ ├── webhooks.cpp │ │ └── webhooks.hpp │ ├── httpd │ │ ├── cfg │ │ │ ├── add.hpp │ │ │ ├── get.hpp │ │ │ └── set.hpp │ │ ├── diag │ │ │ ├── daig_proxy.hpp │ │ │ └── diag_ssl.hpp │ │ ├── do │ │ │ └── do_comands.hpp │ │ ├── handlers │ │ │ ├── dispatchers.cpp │ │ │ ├── dispatchers.hpp │ │ │ ├── handlers.cpp │ │ │ └── handlers.hpp │ │ ├── httpd.cpp │ │ ├── httpd.hpp │ │ ├── util.hpp │ │ └── wh │ │ │ └── whcontrol.hpp │ ├── netservice.cpp │ ├── netservice.hpp │ ├── smithd │ │ ├── smithd.cpp │ │ ├── smithdc.cpp │ │ ├── smithdcx.cpp │ │ └── smithdcx.hpp │ └── tpool.hpp ├── shm │ ├── shmauth.cpp │ ├── shmauth.hpp │ └── shmtest.cpp ├── smithlog.cpp ├── smithlog.hpp ├── smithproxy_version.h.in ├── staticcontent.cpp ├── staticcontent.hpp ├── tests │ └── test_misc.cpp └── utils │ ├── checkpoints.hpp │ ├── fs.cpp │ ├── fs.hpp │ ├── lazy_ptr.hpp │ ├── lru.hpp │ ├── mem.cpp │ ├── mem.hpp │ ├── singleton.hpp │ ├── str.cpp │ ├── str.hpp │ ├── tenants.cpp │ ├── tenants.hpp │ └── tests │ └── str_test.cpp ├── tools ├── BUILD.md ├── NOTES.md ├── docker │ ├── 0.9 │ │ ├── build │ │ │ ├── README.md │ │ │ ├── debian10-dbg │ │ │ │ ├── Dockerfile │ │ │ │ └── hooks │ │ │ ├── debian10 │ │ │ │ ├── Dockerfile │ │ │ │ └── hooks │ │ │ ├── debian11-dbg │ │ │ │ ├── Dockerfile │ │ │ │ └── hooks │ │ │ │ │ └── build │ │ │ ├── debian11 │ │ │ │ ├── Dockerfile │ │ │ │ └── hooks │ │ │ │ │ └── build │ │ │ ├── debian12-dbg │ │ │ │ ├── Dockerfile │ │ │ │ └── hooks │ │ │ │ │ └── build │ │ │ ├── debian12 │ │ │ │ ├── Dockerfile │ │ │ │ └── hooks │ │ │ │ │ └── build │ │ │ ├── hooks │ │ │ │ └── build │ │ │ ├── ubuntu18.04-dbg │ │ │ │ ├── Dockerfile │ │ │ │ └── hooks │ │ │ ├── ubuntu18.04 │ │ │ │ ├── Dockerfile │ │ │ │ └── hooks │ │ │ ├── ubuntu20.04-dbg │ │ │ │ ├── Dockerfile │ │ │ │ └── hooks │ │ │ ├── ubuntu20.04 │ │ │ │ ├── Dockerfile │ │ │ │ └── hooks │ │ │ ├── ubuntu22.04-dbg │ │ │ │ ├── Dockerfile │ │ │ │ └── hooks │ │ │ ├── ubuntu22.04 │ │ │ │ ├── Dockerfile │ │ │ │ └── hooks │ │ │ ├── ubuntu24.04-dbg │ │ │ │ ├── Dockerfile │ │ │ │ └── hooks │ │ │ └── ubuntu24.04 │ │ │ │ ├── Dockerfile │ │ │ │ └── hooks │ │ └── run │ │ │ ├── alpine3.11-0.9-run.dockerfile │ │ │ ├── debian10-0.9-run.dockerfile │ │ │ ├── fedora31-0.9-run.dockerfile │ │ │ ├── smithproxy-0.9.30.dockerfile │ │ │ ├── smithproxy-latest.dockerfile │ │ │ ├── ubuntu18.04-0.9-run.dockerfile │ │ │ ├── ubuntu20.04-0.9-debug-localsrc.dockerfile │ │ │ ├── ubuntu20.04-0.9-debug.dockerfile │ │ │ ├── ubuntu20.04-0.9-release-localsrc.dockerfile │ │ │ └── ubuntu20.04-0.9-run.dockerfile │ ├── current │ ├── guest-scripts │ │ ├── README.md │ │ └── debugsx.sh │ └── host-scripts │ │ ├── make-run-own-debug-localsrc-isolated.sh │ │ ├── make-run-own-debug-localsrc.sh │ │ ├── make-run-own-debug.sh │ │ ├── make-run-own-release-localsrc.sh │ │ ├── make-run-own.sh │ │ ├── redir-output-chain.sh │ │ ├── runsx-debug-isolated.sh │ │ ├── runsx-debug.sh │ │ └── sx_container.sh ├── gen_changelog.py ├── linux-build.sh ├── linux-deps.sh ├── pkg-scripts │ ├── deb │ │ ├── README.txt │ │ ├── createdeb-0.9-debug.sh │ │ ├── createdeb-0.9.sh │ │ ├── debian-0.9-debug │ │ │ ├── compat │ │ │ ├── control │ │ │ ├── copyright │ │ │ ├── postinst │ │ │ ├── rules │ │ │ ├── smithproxy.dirs │ │ │ └── source │ │ │ │ └── format │ │ ├── debian-0.9-debug_Linux-Debian-12 │ │ │ └── control │ │ ├── debian-0.9-debug_Linux-Ubuntu-22.04 │ │ │ └── control │ │ ├── debian-0.9 │ │ │ ├── compat │ │ │ ├── control │ │ │ ├── copyright │ │ │ ├── postinst │ │ │ ├── rules │ │ │ ├── smithproxy.dirs │ │ │ └── source │ │ │ │ └── format │ │ ├── debian-0.9_Linux-Debian-11 │ │ │ └── control │ │ ├── debian-0.9_Linux-Debian-12 │ │ │ └── control │ │ ├── debian-0.9_Linux-Ubuntu-22.04 │ │ │ └── control │ │ ├── distro.sh │ │ └── gen_debian_changelog.sh │ └── repo │ │ └── repoman.sh ├── python-libsmcap │ ├── smcap.py │ └── smcap_http.py ├── sx-builder.py ├── sx_certinfo_ca ├── sx_certinfo_portal ├── sx_download_ca_bundle └── sx_download_ctlog └── version-bumper.sh /.git_pre-commit: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # create symlink to your hook directory with (from project dir) 4 | # ln -s ../../.git_pre-commit .git/hooks/pre-commit 5 | 6 | 7 | . git-sh-setup # for die 8 | if git-diff-index -p -M --cached HEAD -- \ 9 | | grep '^+' \ 10 | | grep 'USE_EXPERIMENT= *"Y"'; then 11 | die Blocking commit because of banned string 12 | fi 13 | -------------------------------------------------------------------------------- /.gitattributes: -------------------------------------------------------------------------------- 1 | etc/users.key -text 2 | -------------------------------------------------------------------------------- /.github/FUNDING.yml: -------------------------------------------------------------------------------- 1 | patreon: mag0 2 | liberapay: astib 3 | -------------------------------------------------------------------------------- /.github/workflows/build-ubuntu-22.04.yml: -------------------------------------------------------------------------------- 1 | name: Build and Package 2 | 3 | on: 4 | push: 5 | branches: 6 | - master 7 | - 'release/**' 8 | 9 | workflow_dispatch: 10 | 11 | jobs: 12 | build: 13 | runs-on: ubuntu-22.04 14 | 15 | steps: 16 | - name: Checkout code 17 | uses: actions/checkout@v4 18 | with: 19 | submodules: 'recursive' 20 | 21 | - name: Install dependencies 22 | run: sudo ./tools/linux-deps.sh 23 | 24 | - name: Build project 25 | run: sudo ./tools/linux-build.sh 26 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | /build*/** 2 | **/cmake-build*/** 3 | .idea/** 4 | .vscode/** 5 | .kdev4/** 6 | smithproxy.kdev4 7 | **/*.pyc 8 | **/*.deb 9 | tools/build-scripts/deb/debian/changelog 10 | /src/smithproxy_version.h 11 | /venv/ 12 | /smithproxy.srctrl* 13 | /build/ 14 | -------------------------------------------------------------------------------- /.gitmodules: -------------------------------------------------------------------------------- 1 | [submodule "socle"] 2 | path = socle 3 | url = ../socle.git 4 | branch = master 5 | update = merge 6 | 7 | [submodule "src/ext/libcli"] 8 | path = src/ext/libcli 9 | url = ../libcli 10 | branch = main 11 | 12 | [submodule "src/ext/lmhpp"] 13 | path = src/ext/lmhpp 14 | url = ../lmhpp 15 | -------------------------------------------------------------------------------- /.travis.yml: -------------------------------------------------------------------------------- 1 | 2 | language: cpp 3 | 4 | dist: bionic 5 | sudo: required 6 | compiler: 7 | - gcc 8 | os: 9 | - linux 10 | 11 | before_install: 12 | - echo $LANG 13 | - echo $LC_ALL 14 | - if [ $TRAVIS_OS_NAME == linux ]; then echo "dependencies"; cd /tmp; git clone --recursive https://github.com/astibal/smithproxy; cd smithproxy && sudo ./tools/linux-deps.sh; fi 15 | script: 16 | - if [ $TRAVIS_OS_NAME == linux ]; then echo "build"; cd /tmp/smithproxy; sudo ./tools/linux-build.sh; fi 17 | after_success: 18 | - if [ $TRAVIS_OS_NAME == linux ]; then echo "after success"; fi -------------------------------------------------------------------------------- /FindLibConfig.cmake: -------------------------------------------------------------------------------- 1 | # Find the CUnit includes and library 2 | # 3 | # This module defines 4 | # LIBCONFIG_INCLUDE_DIR, where to find cppunit include files, etc. 5 | # LIBCONFIG_LIBRARIES, the libraries to link against to use CppUnit. 6 | # LIBCONFIG_STATIC_LIBRARIY_PATH 7 | # LIBCONFIG_FOUND, If false, do not try to use CppUnit. 8 | 9 | # also defined, but not for general use are 10 | # LIBCONFIG_LIBRARY, where to find the CUnit library. 11 | 12 | #MESSAGE("Searching for libconfig library") 13 | 14 | FIND_PATH(LIBCONFIG_INCLUDE_DIR libconfig.h 15 | /usr/local/include 16 | /usr/include 17 | ~/libs/include 18 | ~/include 19 | ) 20 | 21 | FIND_PATH(LIBCONFIGPP_INCLUDE_DIR libconfig.h++ 22 | /usr/local/include 23 | /usr/include 24 | ~/libs/include 25 | ~/include 26 | ) 27 | 28 | FIND_LIBRARY(LIBCONFIG_LIBRARY config 29 | /usr/local/lib 30 | /usr/lib 31 | ~/libs/lib 32 | ) 33 | 34 | FIND_LIBRARY(LIBCONFIGPP_LIBRARY config++ 35 | /usr/local/lib 36 | /usr/lib 37 | ~/libs/lib 38 | ) 39 | 40 | FIND_LIBRARY(LIBCONFIG_STATIC_LIBRARY "libconfig${CMAKE_STATIC_LIBRARY_SUFFIX}" 41 | /usr/local/lib 42 | /usr/lib 43 | ~/libs/lib 44 | ) 45 | 46 | FIND_LIBRARY(LIBCONFIGPP_STATIC_LIBRARY "libconfig++${CMAKE_STATIC_LIBRARY_SUFFIX}" 47 | /usr/local/lib 48 | /usr/lib 49 | ~/libs/lib 50 | ) 51 | 52 | 53 | IF(LIBCONFIG_INCLUDE_DIR) 54 | IF(LIBCONFIG_LIBRARY) 55 | SET(LIBCONFIG_FOUND TRUE) 56 | SET(LIBCONFIG_LIBRARIES ${LIBCONFIG_LIBRARY}) 57 | SET(LIBCONFIG_STATIC_LIBRARY_PATH ${LIBCONFIG_STATIC_LIBRARY}) 58 | ENDIF(LIBCONFIG_LIBRARY) 59 | ENDIF(LIBCONFIG_INCLUDE_DIR) 60 | 61 | IF(LIBCONFIGPP_INCLUDE_DIR) 62 | IF(LIBCONFIGPP_LIBRARY) 63 | SET(LIBCONFIGPP_FOUND TRUE) 64 | SET(LIBCONFIGPP_LIBRARIES ${LIBCONFIGPP_LIBRARY}) 65 | SET(LIBCONFIGPP_STATIC_LIBRARY_PATH ${LIBCONFIGPP_STATIC_LIBRARY}) 66 | ENDIF(LIBCONFIGPP_LIBRARY) 67 | ENDIF(LIBCONFIGPP_INCLUDE_DIR) 68 | 69 | IF (LIBCONFIG_FOUND) 70 | IF (NOT LibConfig_FIND_QUIETLY) 71 | MESSAGE(STATUS "Found LibConfig++: ${LIBCONFIGPP_LIBRARIES}" ) 72 | MESSAGE(STATUS "Found LibConfig: ${LIBCONFIG_LIBRARIES}") 73 | MESSAGE(STATUS "static LibConfig path: ${LIBCONFIG_STATIC_LIBRARY_PATH}") 74 | ENDIF (NOT LibConfig_FIND_QUIETLY) 75 | ELSE (LIBCONFIG_FOUND) 76 | IF (LibConfig_FIND_REQUIRED) 77 | MESSAGE(SEND_ERROR "Could NOT find LibConfig") 78 | ENDIF (LibConfig_FIND_REQUIRED) 79 | ENDIF (LIBCONFIG_FOUND) 80 | 81 | MARK_AS_ADVANCED(LIBCONFIG_INCLUDE_DIR LIBCONFIG_LIBRARIES) -------------------------------------------------------------------------------- /FindLibMicroHttpd.cmake: -------------------------------------------------------------------------------- 1 | # Find the CUnit includes and library 2 | # 3 | # This module defines 4 | # LIBMICROHTTPD_INCLUDE_DIR, where to find cppunit include files, etc. 5 | # LIBMICROHTTPD_LIBRARIES, the libraries to link against to use CppUnit. 6 | # LIBMICROHTTPD_STATIC_LIBRARIY_PATH 7 | # LIBMICROHTTPD_FOUND, If false, do not try to use CppUnit. 8 | 9 | # also defined, but not for general use are 10 | # LIBMICROHTTPD_LIBRARY, where to find the CUnit library. 11 | 12 | #MESSAGE("Searching for libconfig library") 13 | 14 | FIND_PATH(LIBMICROHTTPD_INCLUDE_DIR microhttpd.h 15 | /usr/local/include 16 | /usr/include 17 | ~/libs/include 18 | ~/include 19 | ) 20 | 21 | FIND_LIBRARY(LIBMICROHTTPD_LIBRARY microhttpd 22 | /usr/local/lib 23 | /usr/lib 24 | ~/libs/lib 25 | ) 26 | 27 | FIND_LIBRARY(LIBMICROHTTPD_STATIC_LIBRARY "libmicrohttpd${CMAKE_STATIC_LIBRARY_SUFFIX}" 28 | /usr/local/lib 29 | /usr/lib 30 | ~/libs/lib 31 | ) 32 | 33 | 34 | IF(LIBMICROHTTPD_INCLUDE_DIR) 35 | IF(LIBMICROHTTPD_LIBRARY) 36 | SET(LIBMICROHTTPD_FOUND TRUE) 37 | SET(LIBMICROHTTPD_LIBRARIES ${LIBMICROHTTPD_LIBRARY}) 38 | SET(LIBMICROHTTPD_STATIC_LIBRARY_PATH ${LIBMICROHTTPD_STATIC_LIBRARY}) 39 | ENDIF(LIBMICROHTTPD_LIBRARY) 40 | ENDIF(LIBMICROHTTPD_INCLUDE_DIR) 41 | 42 | IF(LIBMICROHTTPDPP_INCLUDE_DIR) 43 | IF(LIBMICROHTTPDPP_LIBRARY) 44 | SET(LIBMICROHTTPDPP_FOUND TRUE) 45 | SET(LIBMICROHTTPDPP_LIBRARIES ${LIBMICROHTTPDPP_LIBRARY}) 46 | SET(LIBMICROHTTPDPP_STATIC_LIBRARY_PATH ${LIBMICROHTTPDPP_STATIC_LIBRARY}) 47 | ENDIF(LIBMICROHTTPDPP_LIBRARY) 48 | ENDIF(LIBMICROHTTPDPP_INCLUDE_DIR) 49 | 50 | IF (LIBMICROHTTPD_FOUND) 51 | IF (NOT LibConfig_FIND_QUIETLY) 52 | MESSAGE(STATUS "Found LibConfig++: ${LIBMICROHTTPDPP_LIBRARIES}" ) 53 | MESSAGE(STATUS "Found LibConfig: ${LIBMICROHTTPD_LIBRARIES}") 54 | MESSAGE(STATUS "static LibConfig path: ${LIBMICROHTTPD_STATIC_LIBRARY_PATH}") 55 | ENDIF (NOT LibConfig_FIND_QUIETLY) 56 | ELSE (LIBMICROHTTPD_FOUND) 57 | IF (LibConfig_FIND_REQUIRED) 58 | MESSAGE(SEND_ERROR "Could NOT find LibConfig") 59 | ENDIF (LibConfig_FIND_REQUIRED) 60 | ENDIF (LIBMICROHTTPD_FOUND) 61 | 62 | MARK_AS_ADVANCED(LIBMICROHTTPD_INCLUDE_DIR LIBMICROHTTPD_LIBRARIES) -------------------------------------------------------------------------------- /Findhiredis.cmake: -------------------------------------------------------------------------------- 1 | # Try to find hiredis 2 | # Once done, this will define 3 | # 4 | # HIREDIS_FOUND - system has hiredis 5 | # HIREDIS_INCLUDE_DIRS - hiredis include directories 6 | # HIREDIS_LIBRARIES - libraries need to use hiredis 7 | 8 | if(HIREDIS_INCLUDE_DIRS AND HIREDIS_LIBRARIES) 9 | set(HIREDIS_FIND_QUIETLY TRUE) 10 | else() 11 | find_path( 12 | HIREDIS_INCLUDE_DIR 13 | NAMES hiredis/hiredis.h 14 | HINTS ${HIREDIS_ROOT_DIR} 15 | PATH_SUFFIXES include) 16 | 17 | find_library( 18 | HIREDIS_LIBRARY 19 | NAMES hiredis 20 | HINTS ${HIREDIS_ROOT_DIR} 21 | PATH_SUFFIXES ${CMAKE_INSTALL_LIBDIR}) 22 | 23 | set(HIREDIS_INCLUDE_DIRS ${HIREDIS_INCLUDE_DIR}) 24 | set(HIREDIS_LIBRARIES ${HIREDIS_LIBRARY}) 25 | 26 | include (FindPackageHandleStandardArgs) 27 | find_package_handle_standard_args( 28 | hiredis DEFAULT_MSG HIREDIS_LIBRARY HIREDIS_INCLUDE_DIR) 29 | 30 | mark_as_advanced(HIREDIS_LIBRARY HIREDIS_INCLUDE_DIR) 31 | endif() -------------------------------------------------------------------------------- /TODO-dev.md: -------------------------------------------------------------------------------- 1 | ### developer's todo notes 2 | 3 | - Revisit regex search functions which return single result per a go. 4 | 5 | They should return a container of matches. We can be missing some signature hits! 6 | 7 | ```c++ 8 | range search_function(std::string &expr, std::string &str) override 9 | ``` 10 | -------------------------------------------------------------------------------- /docs/README.md: -------------------------------------------------------------------------------- 1 | # How to obtain help 2 | 3 | For help visit: 4 | * Documentation: [https://smithproxy.readthedocs.org](https://smithproxy.readthedocs.org) 5 | * Discord server: [https://discord.gg/vf4Qwwt](https://discord.gg/vf4Qwwt) 6 | * email support: `` 7 | -------------------------------------------------------------------------------- /etc/apparmor/usr.bin.smithproxy: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | @{SX_BIN}=/usr/bin/smithproxy 4 | @{SX_DATA}=/var/local/smithproxy/ 5 | @{SX_DATA2}=/var/smithproxy/ 6 | @{CERTSTORE}=/usr/share/ca-certificates/ 7 | 8 | # allow reading let's encrypt certificates (don't forget to check the rule below, too!) 9 | # @{CERTSTORE2}=/etc/letsencrypt/ 10 | 11 | 12 | /usr/bin/smithproxy { 13 | #include 14 | #include 15 | #include 16 | 17 | # read self 18 | @{SX_BIN} r, 19 | 20 | # networking 21 | network, 22 | 23 | # capabilities 24 | capability sys_resource, 25 | capability net_admin, 26 | capability net_raw, 27 | capability net_bind_service, 28 | capability dac_read_search, 29 | capability dac_override, 30 | 31 | # read etc 32 | /etc/smithproxy/** r, 33 | /etc/smithproxy/*.cfg rw, 34 | /etc/smithproxy/certs/**/ip/** rw, 35 | /etc/smithproxy/certs/**/sni/** rw, 36 | /etc/smithproxy/certs/**/cc-ip/** rw, 37 | /etc/smithproxy/certs/**/cc-sni/** rw, 38 | 39 | # rename own threads 40 | /proc/@{pid}/task/*/comm rw, 41 | 42 | /etc/hosts r, 43 | /etc/host.conf r, 44 | /etc/gai.conf r, 45 | /etc/nsswitch.conf r, 46 | 47 | # read certificate path 48 | @{CERTSTORE}/** r, 49 | # @{CERTSTORE2}/**/*.pem r, 50 | 51 | # write semaphores, shm, pidfiles 52 | /dev/shm/sem.* rw, 53 | /dev/shm/sem.smithproxy* rw, 54 | /dev/shm/smithproxy* rw, 55 | /run/smithproxy* rw, 56 | 57 | # write logs 58 | /var/log/smithproxy* rw, 59 | /var/log/smithproxy/* rw, 60 | 61 | # write dumpfiles 62 | # 63 | @{SX_DATA}/** rw, 64 | @{SX_DATA2}/** rw, 65 | } 66 | -------------------------------------------------------------------------------- /etc/certs/default/ca-cert.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIICDDCCAbKgAwIBAgIKLKoCO1gU+KhYPjAKBggqhkjOPQQDAjBIMRswGQYDVQQD 3 | DBJTbWl0aHByb3h5IFJvb3QgQ0ExHDAaBgNVBAoME1NtaXRocHJveHkgU29mdHdh 4 | cmUxCzAJBgNVBAYTAkNaMB4XDTIwMDIyMDEyMjEyMloXDTIwMDQyMTEyMjEyMlow 5 | SDEbMBkGA1UEAwwSU21pdGhwcm94eSBSb290IENBMRwwGgYDVQQKDBNTbWl0aHBy 6 | b3h5IFNvZnR3YXJlMQswCQYDVQQGEwJDWjBZMBMGByqGSM49AgEGCCqGSM49AwEH 7 | A0IABJ10gcOSo3O5I5zhKmutlKHE6FQSTILFzb4dH0rL0mxQxpbT1lrsy6Tb29yQ 8 | nFl8oEKjoJMKQBvveb9WJ63Od9SjgYMwgYAwHQYDVR0OBBYEFP8mzHeUk10D7CvW 9 | fNqJaE4pCnzcMB8GA1UdIwQYMBaAFP8mzHeUk10D7CvWfNqJaE4pCnzcMB0GA1Ud 10 | EQQWMBSCElNtaXRocHJveHktUm9vdC1DQTAPBgNVHRMBAf8EBTADAQH/MA4GA1Ud 11 | DwEB/wQEAwIBBjAKBggqhkjOPQQDAgNIADBFAiAmgthT0uaJnkFJrPCKUWXpb3RE 12 | ZUL5QePGkaQbu7x6egIhAMmkx7/oZIY19vklzpYvhF55UYm/sBeOZau/Ec6+LaZ+ 13 | -----END CERTIFICATE----- 14 | -------------------------------------------------------------------------------- /etc/certs/default/ca-key.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN EC PRIVATE KEY----- 2 | MHcCAQEEIJTNFXdGg+Nrj960SduRUpDDjn3QKqjnKmxYauvg9JUuoAoGCCqGSM49 3 | AwEHoUQDQgAEnXSBw5Kjc7kjnOEqa62UocToVBJMgsXNvh0fSsvSbFDGltPWWuzL 4 | pNvb3JCcWXygQqOgkwpAG+95v1Ynrc531A== 5 | -----END EC PRIVATE KEY----- 6 | -------------------------------------------------------------------------------- /etc/certs/default/cl-cert.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIErTCCA5WgAwIBAgIBAjANBgkqhkiG9w0BAQUFADB4MQswCQYDVQQGEwJJTzEc 3 | MBoGA1UEChMTU21pdGhwcm94eSBTb2Z0d2FyZTEdMBsGA1UECxMUU1NMIEluc3Bl 4 | Y3Rpb24gUHJveHkxLDAqBgNVBAMTI1NtaXRocHJveHkgU1NMIEluc3BlY3Rpb24g 5 | QXV0aG9yaXR5MB4XDTE1MDUwNjAzMjEwN1oXDTI1MDMxNDAzMjEwN1owejELMAkG 6 | A1UEBhMCSU8xHDAaBgNVBAoTE1NtaXRocHJveHkgU29mdHdhcmUxHTAbBgNVBAsT 7 | FFNTTCBJbnNwZWN0aW9uIFByb3h5MS4wLAYDVQQDEyVEZWZhdWx0IFNtaXRocHJv 8 | eHkgQ2xpZW50IENlcnRpZmljYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB 9 | CgKCAQEAtBHP/QUjh/oEGSp3y5K2zAe4JPHzL5jIkbmTKxf+2JIEp6fjbxcGYTjv 10 | CoEuB5E4+Ns1ejuX9DOjxc0RBOQ0SvxXKUsQTWmF/E8UGIqZl5sk61iI9lv6NuCY 11 | xEaPb+4O8+l4zWt2vI4F3XM/1Nt72+0dCbGFLCl82MMkFh4R/cyautJD4WHohMvT 12 | F1JfInOJjPzaHlMjttbBCWkbw9WhK3Jt2YAyywLQY7q1/ADTChTFykYp4+c6wjyC 13 | 5issZqVad71PHMbLqvixga7fdfHom1JOlu0Dmh7WBWqHXdvPCisv2NjHwuG/NsYy 14 | TGPsjuzm0cwbUbg09wutPDku2dW9WQIDAQABo4IBPjCCATowCQYDVR0TBAIwADAR 15 | BglghkgBhvhCAQEEBAMCBLAwKwYJYIZIAYb4QgENBB4WHFRpbnlDQSBHZW5lcmF0 16 | ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFN9KzNX1j0rucAHKFEkib71jjp64MIGq 17 | BgNVHSMEgaIwgZ+AFCL2HMW5RMiza+0QiuA+BYr4XZzxoXykejB4MQswCQYDVQQG 18 | EwJJTzEcMBoGA1UEChMTU21pdGhwcm94eSBTb2Z0d2FyZTEdMBsGA1UECxMUU1NM 19 | IEluc3BlY3Rpb24gUHJveHkxLDAqBgNVBAMTI1NtaXRocHJveHkgU1NMIEluc3Bl 20 | Y3Rpb24gQXV0aG9yaXR5ggkAtYjRw62JIWYwCQYDVR0SBAIwADAJBgNVHREEAjAA 21 | MAsGA1UdDwQEAwIFoDANBgkqhkiG9w0BAQUFAAOCAQEAju62kEZJi/jyc7hpbJcM 22 | 7uOn72AdD898nBHIIQ4+wC2im/a8xsapEKJ3HgpKN+QmRp7Hi9YWycwIiMpEgnkP 23 | oRzo4XaAVTXpE/OhAMjHlO+srrffk/MmJKwlAghpx2zv3x+PEwy1aEBdW1ps73mj 24 | K70CV3Imgu1i1/PpwoVJlyxXKorWG4nq+210Pw/2QzHWnoCQAz3+y7ovitrdIFx1 25 | 1useAc4LgXfIHNwOt8obkb6VCye9I1+/EyyGm4MKy+KQswSK1YdZ4MsFr4Iicy4m 26 | trRfYV35OhdC4L7H2zsjfApPLG//LFRplhFoK5rK2PvRZL6lO8IDb+NcGqSqdvDD 27 | 4g== 28 | -----END CERTIFICATE----- 29 | -------------------------------------------------------------------------------- /etc/certs/default/cl-key.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN RSA PRIVATE KEY----- 2 | MIIEpQIBAAKCAQEAtBHP/QUjh/oEGSp3y5K2zAe4JPHzL5jIkbmTKxf+2JIEp6fj 3 | bxcGYTjvCoEuB5E4+Ns1ejuX9DOjxc0RBOQ0SvxXKUsQTWmF/E8UGIqZl5sk61iI 4 | 9lv6NuCYxEaPb+4O8+l4zWt2vI4F3XM/1Nt72+0dCbGFLCl82MMkFh4R/cyautJD 5 | 4WHohMvTF1JfInOJjPzaHlMjttbBCWkbw9WhK3Jt2YAyywLQY7q1/ADTChTFykYp 6 | 4+c6wjyC5issZqVad71PHMbLqvixga7fdfHom1JOlu0Dmh7WBWqHXdvPCisv2NjH 7 | wuG/NsYyTGPsjuzm0cwbUbg09wutPDku2dW9WQIDAQABAoIBAFN2wiosPJjlaQrl 8 | JVvFqFcP6OmvACJ6tdTd6HocCDMIE4JGjmPKj1l3E02SLOyzAm5O5Q3AG6HEYc/o 9 | SlAzGo37QsdQFMFc/Q7C9LSfYavk7IrtoaZXYbYYCpdHgWrHNEUYXbcRbZreVZec 10 | uOSHy3RYBpKcpvaeUFEEunBKBdrWOYJzCZDb3/gurk7XyFF0SEHyK0q1zhrud9v1 11 | vmp45KwCOuS7Rf/8juGyavV+dEce9n02PnPne2nfkvYmexZYC8SU9SnifRXE1Ezx 12 | a1h+8LF4iEviJUQg0qJsmnLdQj+Zzrz3vfI3I9oL1DdHhwAm42Xrz+2yaRwqoXr0 13 | 1MbgNkUCgYEA2JiooMBbMi8HqZeThrktf3rVcxsbuS1QDW2m8ue6Gap7WnOMA1aV 14 | Pq6KcN+4xMpoDHAQsW1f703YtSyV5NI9kkScOEf5LW107LJOg6Oibfk6W7nkJh4w 15 | 5Z01JgDFFbW0w0Cn8MyXzs0XuFCmeA9IKYm2PmJTa6q3hOxcf/m0zksCgYEA1NQH 16 | ABfE6Y5zvCpiIBwbY/sxqj065fNg1sOZJgjnt10st5k95Ng2ZVogrp9kVOQZqQbn 17 | 7r/Hvrr+taZsgXX0utZC5MyHx8BrL3YKIp3qK9vJK8mFevTr2eDjJYQ6a+zYzZrB 18 | 0UYfAlyWiC7DCkPgi1EkozhFcBsW5sZ74SXIDGsCgYEAkD25rrPrB5SCSdKDkGip 19 | gAfRNgKLh9pBQXAQihr/uC/sTeQ9DcwPP9sEnv6eEY+pkv7eXwozpS32b1Dt0aCh 20 | GFNQpbpomnQWNbrYxpmmhg4/au50nV3lukPjLRe+KCMF6jGYpafaQQIcFca/1Zx3 21 | thHbp9fbLgxWgtLVFvS4D9kCgYEAk3d+ij/t/u7nnn+3kgwnpnVNCmp2vxKODQFm 22 | woX1GIaFD4os6r4torh6YMSsnm2WohnY5wMXgj7Lck4obOOweS0xGJvnkS7wlegy 23 | SZ4lvdICaEawKGxAZ619dmdSm6l256/NkBYIMni5DQ9psVkq4x2MR1QcOPtsOOda 24 | uryVCpUCgYEAgw7nKpMryegzfQws62h9+a+ywXdsKSZs6AfemcDTYgjIqtGaaRS7 25 | lw1Cl+qOJMjyiRFl/xLUWX8+rGNscBOMrBf8w31z6ZAG6iTRJhiYognkzSxqhU6o 26 | rS49opv/mMYb5FDZGy23CQIeK0CcdFfidpo0GqEyHUYrPsV6rlI0DaI= 27 | -----END RSA PRIVATE KEY----- 28 | -------------------------------------------------------------------------------- /etc/certs/default/portal-cert.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIDEDCCAragAwIBAgIKRPsXMTynLC8s4jAKBggqhkjOPQQDAjBIMRswGQYDVQQD 3 | DBJTbWl0aHByb3h5IFJvb3QgQ0ExHDAaBgNVBAoME1NtaXRocHJveHkgU29mdHdh 4 | cmUxCzAJBgNVBAYTAkNaMB4XDTIwMDIyMDEyMjEyM1oXDTIwMDMyMjEyMjEyM1ow 5 | OzEOMAwGA1UEAwwFcGl4aWUxHDAaBgNVBAoME1NtaXRocHJveHkgU29mdHdhcmUx 6 | CzAJBgNVBAYTAkNaMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxDh3 7 | HxPV0ug82HTo+C9QsSS+A1zbzfdoBlIgORQkj5UqHfraxwPi9guro3rTeQOE/Iyj 8 | AEQfho4Dq6eVJxCTpWh2LTZx7ig8W2mUkWt+TGGAa+CjzsmfBBjvybgNiZR8O/4C 9 | 3pa+t3xmAyYP08bxhCMeVpM07/WBTyfPtisjHDPquw2WpOGXQcRl9m++zl1cAfWo 10 | Qu9QXoH6TvhD0D1KwCLukH+Jwsn3HRU1NLZMx00peuGyvA7KbvFbc0CR7eSht1X6 11 | MqOmbnob4M4YLjmmsau0l/4Cf1LqJZFqXQldnMq7T04DsLvHr0HPYzvh64YoWqhz 12 | de38xMFTqN0khRkm0wIDAQABo4HJMIHGMB0GA1UdDgQWBBSNZtVIhKPgvxrviAu6 13 | cuGNFUy77TAfBgNVHSMEGDAWgBT/Jsx3lJNdA+wr1nzaiWhOKQp83DBHBgNVHREE 14 | QDA+gh1TbWl0aHByb3h5LVBvcnRhbC1DZXJ0aWZpY2F0ZYIFcGl4aWWHBMCo/gGH 15 | BKwdZLyHBMCoegGHBKwRAAEwDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCBaAw 16 | HQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAoGCCqGSM49BAMCA0gAMEUC 17 | IAHsAzvyATQ/Wglruu/XP8fvtEEIpNnmhx1AFW8uXHv4AiEA65heRif5n6R239US 18 | FqOqgtu5jCAdoN2jJlrthfOMv9k= 19 | -----END CERTIFICATE----- 20 | -------------------------------------------------------------------------------- /etc/certs/default/portal-gen.info: -------------------------------------------------------------------------------- 1 | # feel free to delete this file if you don't want scripts to generate portal certificate automatically on service start. -------------------------------------------------------------------------------- /etc/certs/default/portal-key.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN RSA PRIVATE KEY----- 2 | MIIEpAIBAAKCAQEAxDh3HxPV0ug82HTo+C9QsSS+A1zbzfdoBlIgORQkj5UqHfra 3 | xwPi9guro3rTeQOE/IyjAEQfho4Dq6eVJxCTpWh2LTZx7ig8W2mUkWt+TGGAa+Cj 4 | zsmfBBjvybgNiZR8O/4C3pa+t3xmAyYP08bxhCMeVpM07/WBTyfPtisjHDPquw2W 5 | pOGXQcRl9m++zl1cAfWoQu9QXoH6TvhD0D1KwCLukH+Jwsn3HRU1NLZMx00peuGy 6 | vA7KbvFbc0CR7eSht1X6MqOmbnob4M4YLjmmsau0l/4Cf1LqJZFqXQldnMq7T04D 7 | sLvHr0HPYzvh64YoWqhzde38xMFTqN0khRkm0wIDAQABAoIBAQCatIY+622fvtkS 8 | NILmArAVKonhrtnid1j9+sxLFHWK+ylcv8a0OH0+To9B8no/JCY61EtDz3InrVp5 9 | gURYq3otZMIf/ZgwFGsaC5FGYkEOyaTt6Qxd4ptMKLkOCt4phfe5eRkcFDBEDIGF 10 | pAHAkE8lRmcKDUAknSUZmqLq1vH0rhvA+/1nO3pkRNm6m4lRDdNPdDTtNs3rDs5D 11 | bi/Yoxb3ZTSTLF6Gtv619RVlZWXZhpGowCVBmFi0CACIGTbozA5ROzVUJOoZXN1G 12 | kA96t+ibAzMETij5MgmVE6dc8rkJ2gb0XCcJXH14B7R3X3VrKut2IIhSIcHJkVEy 13 | OI/mTcwJAoGBAPIUwy35vJWikZdP0zsjRdSTyE+ZbKU4a9nsksHsBFxrC8ZiRZC4 14 | 3t5PUn5jBkJcMRlVvNuMHEj950n9LHbDKJs+1p03jvsnPk5qd0Ao/8D9J7cqrNnm 15 | bDhT+K/oymshCwepkUlKPmYkzl/y9itu3a0Z27rmWVOaM8+vWuDVxrN1AoGBAM+A 16 | rElZu+uAalntY5LSK/RNbQOEr37aGhBNFxtzI1OjVbYur/+h9kltPA5dx6rIlm0u 17 | wGJ45zP/QevtELKLWIy/vpV1n0rojL/vQBFxend4OKIOF5Y41vw3/5cDGe7KHNS8 18 | cBdVN052ti3IO8e+u8zzilquYIQSIwqLROiBGpAnAoGBAKOLGU0PIbNpj7hMimSy 19 | cLOrXzE/cmGwW1Rveboe69dPzjWpIFwkORSxPAb8eTcNt3HpNVyRLG63cbDPpGFb 20 | eSxgaHbwGN1d5r7tOEEVMas8m78nynyvKb9oI2Mb/twfB6eWi/uad8tj5DR4HIy9 21 | Km+OP57ljcVoMMaHLfslEUcdAoGAWcieQ3q9UhAVdGXAEPY5qJKb2creuK+cWXNR 22 | zUHLhlQFMTgQVTb6PxkxxDGVxHLYi9OP0MvpllkbZ/8Cm46puPT6fOcRDrOCu0XF 23 | XgbQ68KsFoqscAaWFzoPsILaBLWVNgN3KNFphdzdxP9/xlTkI7E5KzWKc3r5iIVs 24 | QoIiQT8CgYAgexNn0hlW7Ce68MhXBCIYqZq/7BZp1zF7p/A8ywTRo7h5mRpLT/zT 25 | Z2+l+gppXnH7Qqylb0YC5VpRE+hLugN3m6kkntelCMPuqkSqoPorZqd1XhCivTZR 26 | pFQdtIQiAlw2Z3LdlCOjgcHYJ3UvBTGmGvuq3wwbikAaxiyhHvsevw== 27 | -----END RSA PRIVATE KEY----- 28 | -------------------------------------------------------------------------------- /etc/certs/default/srv-cert.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIDCzCCArCgAwIBAgILAPWPOcgR0a4zVSwwCgYIKoZIzj0EAwIwSDEbMBkGA1UE 3 | AwwSU21pdGhwcm94eSBSb290IENBMRwwGgYDVQQKDBNTbWl0aHByb3h5IFNvZnR3 4 | YXJlMQswCQYDVQQGEwJDWjAeFw0yMDAyMjAxMjIxMjJaFw0yMDAzMjIxMjIxMjJa 5 | MFMxJjAkBgNVBAMMHVNtaXRocHJveHkgU2VydmVyIENlcnRpZmljYXRlMRwwGgYD 6 | VQQKDBNTbWl0aHByb3h5IFNvZnR3YXJlMQswCQYDVQQGEwJDWjCCASIwDQYJKoZI 7 | hvcNAQEBBQADggEPADCCAQoCggEBAL1ws5+ZSa9FW5URHqsqTWEst7iteRhhsSjy 8 | nEn9fadBBj8tHZ14TvBBuKPKZVTW1IWxN7M9LTC4Jj1VrHKNArVcisalRZyhqkAd 9 | n7M6VpdgQSj/ASCGsuKwZY2jx+W/dykYYfhhLv0EVSiE99FVFhzY99kLZ4YGa7Tx 10 | CXotjY3k1MV5oh036oTN3JKQuc7baaW8nO5Z+Ag1EnXEI8r/rCdYPF6SNx72TZoG 11 | 5pOYmTBnQObN9vshtUmU0yNrwApidLxWJAqRRqOkZBrpWmvjH3crnSdcdDWN8iig 12 | 166l4tdful5MGrkeZ7yF6aLaTmOfmjCQSa0YOo6EIiwEFOrfbkECAwEAAaOBqjCB 13 | pzAdBgNVHQ4EFgQU94jW3dkprHRxxDxYA7ZCZzD+aOswHwYDVR0jBBgwFoAU/ybM 14 | d5STXQPsK9Z82oloTikKfNwwKAYDVR0RBCEwH4IdU21pdGhwcm94eS1TZXJ2ZXIt 15 | Q2VydGlmaWNhdGUwDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0l 16 | BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAoGCCqGSM49BAMCA0kAMEYCIQDcjkzp 17 | 2nc7qsERgw5mYpRzc7iG1DF4ZYbtz1SCpxi2PgIhALQkU2DS9isrwxb+vvA7fb98 18 | yI8N0Y7HOct367Xi37Tx 19 | -----END CERTIFICATE----- 20 | -------------------------------------------------------------------------------- /etc/certs/default/srv-key.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN RSA PRIVATE KEY----- 2 | MIIEpAIBAAKCAQEAvXCzn5lJr0VblREeqypNYSy3uK15GGGxKPKcSf19p0EGPy0d 3 | nXhO8EG4o8plVNbUhbE3sz0tMLgmPVWsco0CtVyKxqVFnKGqQB2fszpWl2BBKP8B 4 | IIay4rBljaPH5b93KRhh+GEu/QRVKIT30VUWHNj32QtnhgZrtPEJei2NjeTUxXmi 5 | HTfqhM3ckpC5zttppbyc7ln4CDUSdcQjyv+sJ1g8XpI3HvZNmgbmk5iZMGdA5s32 6 | +yG1SZTTI2vACmJ0vFYkCpFGo6RkGulaa+MfdyudJ1x0NY3yKKDXrqXi11+6Xkwa 7 | uR5nvIXpotpOY5+aMJBJrRg6joQiLAQU6t9uQQIDAQABAoIBAF1rubkH//VmT76Y 8 | XbZtOxGj2spBCgnDC3m1AuveDVwwzeLT3dntHYiP8H0db5FCDDYN6fkDP0jaV0lB 9 | +bPX5DEJ/QnvMQAIHYxWz420REWMWzXbY3Pl2Uu/T6Vk0kxzelESzCWPz3tI6rH7 10 | uLZLrob1XGx1mkzW18C4aUMOOdNx30PzWlYJ5JHH4KSwFeRNH7jC2kTyLZf6IOyT 11 | ltJfCysYiQGBHnwrLguwBf71tqAJXNFNrTHz5mXermD8izafYLzVdVUMH7m5zR81 12 | ztJdP7S2zGufFjMneIokIEfQsmdIyahXEx5rxRtn6eWPNo3qUJnFx7DPU93noAE5 13 | DQoxPlECgYEA49E8/0H79Eku8U4gO6dfyv6hgF11We+KoXcVXPpQhvxg0KpdY0O1 14 | Cb5WAiIZujR7EjCcibtWaIHp+BX0MO+pL9aG9Ped7/G2VWospnyx3DMRyqdgZLAq 15 | wpcdpp6KB542W6R7cH5F7oq+7yxbFZvoojmit4WX01nZ5T8FLcnqDf0CgYEA1OAY 16 | wGgbqbff4k3eG4CoZa16UHVTBEbIxZYAjN18Uc1BSqAYBtmN+H+bvuXThL3eiSIK 17 | wJbglLqCiyXXNjypIZF05gm+IH4ZMEqUftSRu4YEB8oS8CDI8yZZ9ZWWHaY1gWk6 18 | hJ/xU1CM4hH8bcFIrAhmF//TMD9q+S+ut1LHkpUCgYAf8w0x4ygZl1XdA47jrtJx 19 | Xop5vSGjDkQL5u55DqXSeHx/ZxUXwbwW9LmNLQkcoxWLdIPPkRVKLMYKQ9HuNv4s 20 | NlLQ8hUVPHnMusouQxiSgBsDp7uOA2LLzXOcFWnYLakD6ypgmWTnUk/6rObNPgM/ 21 | FQQr5rFnM5eqXc81H7cSZQKBgQDT5CR/EKHIc+CEUGHvGkeEvgLsJ3x020hpdIAj 22 | tytR+W8uKuD/oHmyisKqZ/X9QUlLUvlE7mmpYWUjwIzRzdvEMBceC0CW8y17ZiEd 23 | hdVxxVoprrjfEKM1dE1DKJx98r17jRTUgqgh+CHjvWd4kFYX91w4M0sx0U5Xr2DH 24 | 1bwVaQKBgQCY/bUEuirxUYTLkh0PVHg2p74hfCG8Rp5+eB0DyR6OR/s/ISTvmMki 25 | hCVrWPkSjqR9zxAwztpFlFWB2AanJn0LBPI5aPeZIrR2P/CuRnPSUM4WCZfm0tq/ 26 | QtVzuLG/1fdm5i4z/kOsbzGfmuK8y3nMWr4bDh+8v0oNayVccABjOg== 27 | -----END RSA PRIVATE KEY----- 28 | -------------------------------------------------------------------------------- /etc/certs/default/sslca.json: -------------------------------------------------------------------------------- 1 | { 2 | "ca": { 3 | "ou": null, 4 | "o": "Smithproxy Software", 5 | "s": null, 6 | "l": null, 7 | "c": "CZ", 8 | "cn": "Smithproxy Root CA", 9 | "settings": { 10 | "grant_ca": "false" 11 | } 12 | }, 13 | "srv": { 14 | "ou": null, 15 | "o": "Smithproxy Software", 16 | "s": null, 17 | "l": null, 18 | "c": "CZ", 19 | "cn": "Smithproxy Server Certificate" 20 | }, 21 | "clt": { 22 | "ou": null, 23 | "o": "Smithproxy Software", 24 | "s": null, 25 | "l": null, 26 | "c": "CZ", 27 | "cn": "Smithproxy Client Certificate" 28 | }, 29 | "prt": { 30 | "ou": null, 31 | "o": "Smithproxy Software", 32 | "s": null, 33 | "l": null, 34 | "c": "CZ", 35 | "cn": "Smithproxy Portal Certificate" 36 | }, 37 | "path": "/etc/smithproxy/certs/default/" 38 | } -------------------------------------------------------------------------------- /etc/logrotate.d/smithproxy: -------------------------------------------------------------------------------- 1 | # log rotating for smithproxy 2 | 3 | /var/log/smithproxy/*[!.]gz 4 | /var/log/smithproxy/*.[!g]z 5 | /var/log/smithproxy/*.g[!z] 6 | /var/log/smithproxy/*[!.][!g]z 7 | /var/log/smithproxy/*[!.]g[!z] 8 | /var/log/smithproxy/*.[!g][!z] 9 | /var/log/smithproxy/*[!.][!g][!z] { 10 | copytruncate 11 | rotate 7 12 | daily 13 | compress 14 | missingok 15 | notifempty 16 | } 17 | -------------------------------------------------------------------------------- /etc/msg/en/html_img_warning.txt: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /etc/msg/en/test.txt: -------------------------------------------------------------------------------- 1 | smithproxy testing message -------------------------------------------------------------------------------- /etc/service/systemd/sx-core@.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=Smithproxy Core - tenant %i 3 | After=network.target remote-fs.target nss-lookup.target 4 | 5 | [Service] 6 | #User=_sxy 7 | Type=simple 8 | PIDFile=/var/run/smithproxy.%i.pid 9 | ExecStart=/usr/bin/smithproxy --tenant-name %i 10 | Restart=always 11 | LimitNOFILE=infinity 12 | 13 | [Install] 14 | WantedBy=multi-user.target 15 | -------------------------------------------------------------------------------- /etc/service/systemd/sx-network@.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=Smithproxy Networking - tenant %i 3 | After=network.target remote-fs.target nss-lookup.target 4 | 5 | [Service] 6 | Type=OneShot 7 | ExecStart=/usr/bin/sx_network start %i 8 | ExecStop=/usr/bin/sx_network stop %i 9 | RemainAfterExit=yes 10 | 11 | [Install] 12 | WantedBy=multi-user.target -------------------------------------------------------------------------------- /etc/smithd.cfg: -------------------------------------------------------------------------------- 1 | settings = { 2 | /* 3 | Logging levels 4 | NON 0 INF 6 5 | FAT 1 DIA 7 6 | CRI 2 DEB 8 7 | ERR 3 DUM 9 8 | WAR 4 EXT 10 9 | NOT 5 10 | */ 11 | log_level = 6; // INF 12 | log_file = "/var/log/smithproxy/smithmerged.log"; // comment this line out if you don't want to log in the file 13 | } -------------------------------------------------------------------------------- /etc/smithproxy.startup.cfg: -------------------------------------------------------------------------------- 1 | # 2 | # ### SMITHPROXY 3 | # ### use this file to tune-up smithproxy networking setup. 4 | # 5 | # echo " smithproxy.startup.cfg executed: $1:$2" 6 | # 7 | # SMITH_CHAIN_NAME='SMITH' # you can choose different CHAIN names if you wish 8 | # DIVERT_CHAIN_NAME='DIVERT' # you can choose different CHAIN names if you wish 9 | # 10 | # # SMITH_INTERFACE # 11 | # # used to specify where the TPROXY will be applied. It should be usually i 12 | # # the internal interface, heading to user machines which will be mitm'ed. 13 | # # Action: you should adjust it according to your network setup. 14 | # 15 | # SMITH_INTERFACE='-' # '-' : enable on downlink interfaces (without default route applied) 16 | # '*' : enable on ALL interfaces 17 | 18 | 19 | # # PLAINTEXT/TLS TCP/UDP ports to be intercepted # 20 | # # used to list all protocol ports which will be mitm'ed. 21 | # # Action: you may add other ports, according your sniffing desires. 22 | # 23 | # SMITH_TCP_PORTS='80 25 587 21 143 110 5222' 24 | # SMITH_UDP_PORTS='53' 25 | # SMITH_TLS_PORTS='443 465 636 993 995' 26 | # SMITH_DTLS_PORTS='' 27 | # TEMP_DTLS_DROP='443' # DTLS is being used for example by google, and evades smithproxy if not blocked 28 | # 29 | # # uncomment this if you want to proxy ALL TCP traffic. 30 | 31 | # SMITH_TCP_PORTS_ALL=1 32 | # SMITH_UDP_PORTS_ALL=0 33 | 34 | # # set this to 1 if you have older kernel than 4.3 35 | 36 | # SMITH_IPV6_UDP_BYPASS=0 37 | 38 | # # Smithproxy TPROXY ports # 39 | # # default TPROXY ports where traffic is diverted. Unlikely needed 40 | # # to change it. If so, you will need to adjust also smithproxy.cfg. 41 | # SMITH_TCP_TPROXY='50080' 42 | # SMITH_UDP_TPROXY='50080' 43 | # SMITH_DTLS_TPROXY='50443' 44 | # SMITH_TLS_TPROXY='50443' 45 | 46 | # # Diverting marks/rules 47 | # # Action: usually not needed to adjust. 48 | # DIVERT_FWMARK=1 49 | # DIVERT_IP_RULE=100 50 | 51 | # BYPASS_CONNECTIONS - three, semicolon-separated, ipv4 or ipv6 connection identifiers to be 52 | # totally bypassed (i.e. control SSH connections, etc) 53 | # Example: (bypass all connections from 1.10 -> 122.0/24 on ports 22 and 8443) 54 | # BYPASS_CONNECTIONS="192.168.1.10;192.168.122.0/24;22 192.168.1.10;192.168.122.0/24;8443" 55 | # BYPASS_CONNECTIONS="" # default 56 | -------------------------------------------------------------------------------- /etc/users.cfg: -------------------------------------------------------------------------------- 1 | sources = { 2 | local = { 3 | } 4 | ldap = { 5 | example_ldap = { 6 | ip = "192.168.254.1"; 7 | port = 389; 8 | base_dn = "dc=nodomain"; 9 | bind_dn = "cn=admin,dc=nodomain" 10 | bind_pw = "smithproxy"; 11 | cnid = "uid"; 12 | } 13 | } 14 | } 15 | 16 | 17 | users = { 18 | lion = { 19 | encrypted_password = "ifT54xNPXH4E2pEyBLYwxtLIe+YFs6sp-tamhjw=="; 20 | } 21 | kamzik = { 22 | encrypted_password = "hC02HZKNBozLZJKIkPrq0w155cwtPusB-v3hsZUND"; 23 | } 24 | leopard = { 25 | encrypted_password = "SZ1eHHt9eHfEyPwugRxNj9uSaOsAbtC9-dcwGbqKq+g=="; 26 | } 27 | } 28 | 29 | groups = { 30 | czech_groups = { 31 | members = ("local:kamzik") 32 | } 33 | peoples1 = { 34 | members = ("local:lion","local:kamzik","local:leopard","local@czech_groups","local@tree1") 35 | } 36 | tree1 = { 37 | members = ("example_ldap@cn=users,dc=nodomain","local@czech_groups") 38 | } 39 | } 40 | 41 | identities = { 42 | trees = { 43 | groups = ("tree1"); 44 | } 45 | peoples = { 46 | groups = ("peoples1"); 47 | } 48 | } 49 | -------------------------------------------------------------------------------- /etc/users.key: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/astibal/smithproxy/ea0fe8a850c7e08d6d0882718c0affcc01239028/etc/users.key -------------------------------------------------------------------------------- /helpers.cmake: -------------------------------------------------------------------------------- 1 | cmake_minimum_required(VERSION 3.0) 2 | 3 | # taken from http://public.kitware.com/Bug/view.php?id=12646 4 | function(install_if_not_exists src dest) 5 | if(NOT IS_ABSOLUTE "${src}") 6 | set(src "${CMAKE_CURRENT_SOURCE_DIR}/${src}") 7 | endif() 8 | get_filename_component(src_name "${src}" NAME) 9 | if (NOT IS_ABSOLUTE "${dest}") 10 | set(dest "${CMAKE_INSTALL_PREFIX}/${dest}") 11 | endif() 12 | install(CODE " 13 | if(NOT EXISTS \"\$ENV{DESTDIR}${dest}/${src_name}\") 14 | #file(INSTALL \"${src}\" DESTINATION \"${dest}\") 15 | message(STATUS \"Installing: \$ENV{DESTDIR}${dest}/${src_name}\") 16 | execute_process(COMMAND \${CMAKE_COMMAND} -E copy \"${src}\" 17 | \"\$ENV{DESTDIR}${dest}/${src_name}\" 18 | RESULT_VARIABLE copy_result 19 | ERROR_VARIABLE error_output) 20 | if(copy_result) 21 | message(FATAL_ERROR \${error_output}) 22 | endif() 23 | else() 24 | message(STATUS \"Skipping : \$ENV{DESTDIR}${dest}/${src_name}\") 25 | endif() 26 | ") 27 | endfunction(install_if_not_exists) 28 | 29 | function (create_dir _dirpath) 30 | install(CODE " 31 | message(STATUS \"Directory : ${_dirpath}\") 32 | execute_process(COMMAND \"${CMAKE_COMMAND}\" -E make_directory ${_dirpath}) 33 | ") 34 | endfunction (create_dir) 35 | 36 | 37 | function(create_symlink _src _dst) 38 | execute_process(COMMAND ${CMAKE_COMMAND} -E create_symlink ${_src} ${_dst} 39 | RESULT_VARIABLE res 40 | ERROR_VARIABLE err) 41 | if(res) 42 | message(">> installing git hooks failed: ${err}") 43 | endif() 44 | endfunction() 45 | 46 | 47 | function(create_git_hooks) 48 | if(NOT EXISTS "${CMAKE_CURRENT_SOURCE_DIR}/.git/hooks/pre-commit") 49 | message(">> Installing git hooks") 50 | create_symlink(../../.git_pre-commit ${CMAKE_CURRENT_SOURCE_DIR}/.git/hooks/pre-commit) 51 | else() 52 | message(">> Git hooks present") 53 | endif() 54 | endfunction() 55 | 56 | macro(InstallSymlink _filepath _sympath) 57 | get_filename_component(_symname ${_sympath} NAME) 58 | get_filename_component(_installdir ${_sympath} PATH) 59 | 60 | if (BINARY_PACKAGING_MODE) 61 | execute_process(COMMAND "${CMAKE_COMMAND}" -E create_symlink 62 | ${_filepath} 63 | ${CMAKE_CURRENT_BINARY_DIR}/${_symname}) 64 | install(FILES ${CMAKE_CURRENT_BINARY_DIR}/${_symname} 65 | DESTINATION ${_installdir}) 66 | else () 67 | # scripting the symlink installation at install time should work 68 | # for CMake 2.6.x and 2.8.x 69 | install(CODE " 70 | if (\"\$ENV{DESTDIR}\" STREQUAL \"\") 71 | execute_process(COMMAND \"${CMAKE_COMMAND}\" -E create_symlink 72 | ${_filepath} 73 | ${_installdir}/${_symname}) 74 | else () 75 | execute_process(COMMAND \"${CMAKE_COMMAND}\" -E create_symlink 76 | ${_filepath} 77 | \$ENV{DESTDIR}/${_installdir}/${_symname}) 78 | endif () 79 | ") 80 | endif () 81 | endmacro(InstallSymlink) 82 | 83 | -------------------------------------------------------------------------------- /man/tproxy.txt: -------------------------------------------------------------------------------- 1 | 2 | # root@deb-router-1:~# cat run_tproxy.sh 3 | # enable ipv4 routing 4 | 5 | sysctl -w net.ipv4.ip_forward=1 6 | 7 | # also possibly this for allowing non-local binds! 8 | echo 1 > /proc/sys/net/ipv4/ip_nonlocal_bind 9 | 10 | 11 | iptables -t mangle -F PREROUTING 12 | iptables -t mangle -F DIVERT 13 | 14 | iptables -t mangle -N DIVERT 15 | iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT 16 | iptables -t mangle -A PREROUTING -p udp -m socket -j DIVERT 17 | iptables -t mangle -A DIVERT -j MARK --set-mark 1 18 | iptables -t mangle -A DIVERT -j ACCEPT 19 | iptables -t mangle -N SMITH 20 | iptables -t mangle -A PREROUTING -j SMITH 21 | 22 | 23 | 24 | ip rule add fwmark 1 lookup 100 25 | ip route add local 0.0.0.0/0 dev lo table 100 26 | 27 | 28 | 29 | 30 | 31 | iptables -t mangle -A SMITH -p tcp -i eth1 --dport 80 -j TPROXY \ 32 | --tproxy-mark 0x1/0x1 --on-port 50080 33 | 34 | iptables -t mangle -A SMITH -p tcp -i eth1 --dport 25 -j TPROXY \ 35 | --tproxy-mark 0x1/0x1 --on-port 50080 36 | 37 | iptables -t mangle -A SMITH -p tcp -i eth1 --dport 587 -j TPROXY \ 38 | --tproxy-mark 0x1/0x1 --on-port 50080 39 | 40 | iptables -t mangle -A SMITH -p tcp -i eth1 --dport 21 -j TPROXY \ 41 | --tproxy-mark 0x1/0x1 --on-port 50080 42 | 43 | iptables -t mangle -A SMITH -p tcp -i eth1 --dport 143 -j TPROXY \ 44 | --tproxy-mark 0x1/0x1 --on-port 50080 45 | 46 | iptables -t mangle -A SMITH -p tcp -i eth1 --dport 110 -j TPROXY \ 47 | --tproxy-mark 0x1/0x1 --on-port 50080 48 | 49 | iptables -t mangle -A SMITH -p tcp -i eth1 --dport 5222 -j TPROXY \ 50 | --tproxy-mark 0x1/0x1 --on-port 50080 51 | 52 | iptables -t mangle -A SMITH -p tcp -i eth1 --dport 443 -j TPROXY \ 53 | --tproxy-mark 0x1/0x1 --on-port 50443 54 | 55 | iptables -t mangle -A SMITH -p tcp -i eth1 --dport 465 -j TPROXY \ 56 | --tproxy-mark 0x1/0x1 --on-port 50443 57 | 58 | 59 | iptables -t mangle -A SMITH -p udp -i eth1 --dport 53 -j TPROXY \ 60 | --tproxy-mark 0x1/0x1 --on-port 50081 61 | 62 | 63 | 64 | 65 | 66 | -------------------------------------------------------------------------------- /src/async/asyncdns.hpp: -------------------------------------------------------------------------------- 1 | /* 2 | Smithproxy- transparent proxy with SSL inspection capabilities. 3 | Copyright (c) 2014, Ales Stibal , All rights reserved. 4 | 5 | Smithproxy is free software: you can redistribute it and/or modify 6 | it under the terms of the GNU General Public License as published by 7 | the Free Software Foundation, either version 3 of the License, or 8 | (at your option) any later version. 9 | 10 | Smithproxy is distributed in the hope that it will be useful, 11 | but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | GNU General Public License for more details. 14 | 15 | You should have received a copy of the GNU General Public License 16 | along with Smithproxy. If not, see . 17 | 18 | Linking Smithproxy statically or dynamically with other modules is 19 | making a combined work based on Smithproxy. Thus, the terms and 20 | conditions of the GNU General Public License cover the whole combination. 21 | 22 | In addition, as a special exception, the copyright holders of Smithproxy 23 | give you permission to combine Smithproxy with free software programs 24 | or libraries that are released under the GNU LGPL and with code 25 | included in the standard release of OpenSSL under the OpenSSL's license 26 | (or modified versions of such code, with unchanged license). 27 | You may copy and distribute such a system following the terms 28 | of the GNU GPL for Smithproxy and the licenses of the other code 29 | concerned, provided that you include the source code of that other code 30 | when and as the GNU GPL requires distribution of source code. 31 | 32 | Note that people who make modified versions of Smithproxy are not 33 | obligated to grant this special exception for their modified versions; 34 | it is their choice whether to do so. The GNU General Public License 35 | gives permission to release a modified version without this exception; 36 | this exception also makes it possible to release a modified version 37 | which carries forward this exception. 38 | */ 39 | #ifndef ASYNCDNS_HPP 40 | #define ASYNCDNS_HPP 41 | 42 | #include 43 | #include 44 | 45 | 46 | using dns_response_t = std::pair, ssize_t>; 47 | 48 | class AsyncDnsQuery : public AsyncSocket, WithID { 49 | public: 50 | explicit AsyncDnsQuery(baseHostCX* owner, callback_t callback = nullptr): 51 | AsyncSocket(owner, std::move(callback)), 52 | log(get_log()) 53 | {} 54 | 55 | 56 | task_state_t update() override { 57 | auto raw_response = DNSFactory::get().recv_dns_response(socket(),0); 58 | response.first.reset(raw_response.first); 59 | response.second = raw_response.second; 60 | 61 | if(response.first) { 62 | _dia("AsyncDnsQuery::update[%u] finished request for %s", id, response.first->question_str_0().c_str()); 63 | return task_state_t::FINISHED; 64 | } 65 | 66 | _dia("AsyncDnsQuery::update[%u] running request", id); 67 | return task_state_t::RUNNING; 68 | } 69 | 70 | dns_response_t const& yield () const override { 71 | return response; 72 | } 73 | 74 | private: 75 | dns_response_t response {nullptr, -1}; 76 | logan_lite& log; 77 | logan_lite& get_log() { static auto l = logan_lite("com.dns.async"); return l; } 78 | }; 79 | 80 | #endif //ASYNCDNS_HPP 81 | -------------------------------------------------------------------------------- /src/infra/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/astibal/smithproxy/ea0fe8a850c7e08d6d0882718c0affcc01239028/src/infra/__init__.py -------------------------------------------------------------------------------- /src/infra/sslca/askbot.py: -------------------------------------------------------------------------------- 1 | def ask_bot_filter_int(val): 2 | try: 3 | tmp = int(val) 4 | return True 5 | except ValueError: 6 | return False 7 | 8 | 9 | # 10 | # Ask question, until you get answer from the list. 11 | # Default is the first choice, choices are case insensitive. 12 | # If choices start with same letters, shortcut response is ambiguous and first in the choice list will be returned. 13 | # So you want avoid ambiguous choices ;-) 14 | # 15 | def ask_bot(answers, question, other_choices=False, other_label='Other', other_shortcut='o', other_value_filter=None): 16 | norm_answers = [] 17 | for a in answers: 18 | norm_answers.append(str(a).strip().lower()) 19 | 20 | trailer = '[' 21 | for a in answers: 22 | trailer += str(a) 23 | trailer += '/' 24 | 25 | if other_choices: 26 | trailer += other_label 27 | trailer += '/' 28 | 29 | # remove last / 30 | trailer = trailer[:-1] 31 | trailer += ']' 32 | 33 | ask_question = question + " " + trailer + "? " 34 | 35 | ret = None 36 | while True: 37 | response = input(ask_question) 38 | rr = response.strip().lower() 39 | 40 | # print("response: '" + rr + "'") 41 | 42 | if other_choices: 43 | if rr.startswith(other_shortcut) or rr.startswith(other_label.strip().lower()): 44 | 45 | while True: 46 | response = input(" -> enter new value: ") 47 | if other_value_filter: 48 | if not other_value_filter(response): 49 | print(" !! error: invalid value") 50 | continue 51 | if ask_bot(['Yes','No'], " -> is %s correct?" % response) == "Yes": 52 | return response 53 | 54 | 55 | 56 | i = 0 57 | for a in norm_answers: 58 | # print(a + "?" + rr) 59 | 60 | if a.startswith(rr): 61 | ret = answers[i] 62 | 63 | # print("ret="+a) 64 | break 65 | i += 1 66 | 67 | if ret: 68 | # print("ret="+a) 69 | break 70 | return ret 71 | -------------------------------------------------------------------------------- /src/infra/sslca/makeportalcert.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | 3 | # this script will only refresh portal certificates 4 | 5 | import os 6 | import sys 7 | 8 | sys.path.append('/usr/share/smithproxy/infra/sslca') 9 | sys.path.append('/usr/share/smithproxy/infra/bend') 10 | 11 | import sxyca 12 | import makecerts as utils 13 | 14 | 15 | def portal_autogen(): 16 | 17 | sxyca.init_directories("/etc/smithproxy") 18 | sxyca.init_settings(cn=None, c=None) 19 | sxyca.load_settings() 20 | 21 | ca_key = sxyca.load_key(os.path.join(sxyca.SETTINGS["path"], "ca-key.pem")) 22 | ca_cert = sxyca.load_certificate(os.path.join(sxyca.SETTINGS["path"], "ca-cert.pem")) 23 | 24 | prt_key, prt_cert = utils.generate_portal_cert(ca_key, ca_cert) 25 | 26 | print("portal certificate regenerated") 27 | 28 | return prt_key, prt_cert 29 | 30 | 31 | if __name__ == "__main__": 32 | 33 | 34 | 35 | 36 | portal_autogen() -------------------------------------------------------------------------------- /src/inspect/dnsengine.hpp: -------------------------------------------------------------------------------- 1 | #ifndef DNSENGINE_HPP 2 | #define DNSENGINE_HPP 3 | 4 | #include 5 | 6 | struct app_DNS : public ApplicationData { 7 | DNS_Request* request = nullptr; 8 | DNS_Response* response = nullptr; 9 | 10 | TYPENAME_OVERRIDE("app_DNS") 11 | }; 12 | 13 | #endif 14 | -------------------------------------------------------------------------------- /src/inspect/kb/kb.hpp: -------------------------------------------------------------------------------- 1 | /* 2 | Smithproxy- transparent proxy with SSL inspection capabilities. 3 | Copyright (c) 2014, Ales Stibal , All rights reserved. 4 | 5 | Smithproxy is free software: you can redistribute it and/or modify 6 | it under the terms of the GNU General Public License as published by 7 | the Free Software Foundation, either version 3 of the License, or 8 | (at your option) any later version. 9 | 10 | Smithproxy is distributed in the hope that it will be useful, 11 | but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | GNU General Public License for more details. 14 | 15 | You should have received a copy of the GNU General Public License 16 | along with Smithproxy. If not, see . 17 | 18 | Linking Smithproxy statically or dynamically with other modules is 19 | making a combined work based on Smithproxy. Thus, the terms and 20 | conditions of the GNU General Public License cover the whole combination. 21 | 22 | In addition, as a special exception, the copyright holders of Smithproxy 23 | give you permission to combine Smithproxy with free software programs 24 | or libraries that are released under the GNU LGPL and with code 25 | included in the standard release of OpenSSL under the OpenSSL's license 26 | (or modified versions of such code, with unchanged license). 27 | You may copy and distribute such a system following the terms 28 | of the GNU GPL for Smithproxy and the licenses of the other code 29 | concerned, provided that you include the source code of that other code 30 | when and as the GNU GPL requires distribution of source code. 31 | 32 | Note that people who make modified versions of Smithproxy are not 33 | obligated to grant this special exception for their modified versions; 34 | it is their choice whether to do so. The GNU General Public License 35 | gives permission to release a modified version without this exception; 36 | this exception also makes it possible to release a modified version 37 | which carries forward this exception. 38 | */ 39 | 40 | 41 | #ifndef SMITHPROXY_KB_HPP 42 | #define SMITHPROXY_KB_HPP 43 | 44 | #include 45 | 46 | namespace sx { 47 | 48 | struct KB_String : public Node_Data { 49 | KB_String() = default; 50 | 51 | KB_String(std::string const &s) : value(s) {}; 52 | std::string value; 53 | 54 | bool empty() const override { return value.empty(); } 55 | 56 | nlohmann::json to_json() const override { return value; }; 57 | 58 | std::string to_string() const override { return "value=" + value + "\""; }; 59 | }; 60 | 61 | struct KB_Int : public Node_Data { 62 | KB_Int() = default; 63 | 64 | KB_Int(int i) : value(i) {}; 65 | int value; 66 | 67 | nlohmann::json to_json() const override { return value; }; 68 | 69 | std::string to_string() const override { return "value=" + std::to_string(value) + "\""; }; 70 | }; 71 | 72 | struct KB { 73 | static inline std::mutex lck_; 74 | static auto get() { 75 | auto static r = std::make_shared>(); 76 | return r; 77 | } 78 | 79 | static std::mutex& lock() { return lck_; }; 80 | }; 81 | 82 | } 83 | #endif //SMITHPROXY_KB_HPP 84 | -------------------------------------------------------------------------------- /src/inspect/sigfactory.hpp: -------------------------------------------------------------------------------- 1 | /* 2 | Smithproxy- transparent proxy with SSL inspection capabilities. 3 | Copyright (c) 2014, Ales Stibal , All rights reserved. 4 | 5 | Smithproxy is free software: you can redistribute it and/or modify 6 | it under the terms of the GNU General Public License as published by 7 | the Free Software Foundation, either version 3 of the License, or 8 | (at your option) any later version. 9 | 10 | Smithproxy is distributed in the hope that it will be useful, 11 | but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | GNU General Public License for more details. 14 | 15 | You should have received a copy of the GNU General Public License 16 | along with Smithproxy. If not, see . 17 | 18 | Linking Smithproxy statically or dynamically with other modules is 19 | making a combined work based on Smithproxy. Thus, the terms and 20 | conditions of the GNU General Public License cover the whole combination. 21 | 22 | In addition, as a special exception, the copyright holders of Smithproxy 23 | give you permission to combine Smithproxy with free software programs 24 | or libraries that are released under the GNU LGPL and with code 25 | included in the standard release of OpenSSL under the OpenSSL's license 26 | (or modified versions of such code, with unchanged license). 27 | You may copy and distribute such a system following the terms 28 | of the GNU GPL for Smithproxy and the licenses of the other code 29 | concerned, provided that you include the source code of that other code 30 | when and as the GNU GPL requires distribution of source code. 31 | 32 | Note that people who make modified versions of Smithproxy are not 33 | obligated to grant this special exception for their modified versions; 34 | it is their choice whether to do so. The GNU General Public License 35 | gives permission to release a modified version without this exception; 36 | this exception also makes it possible to release a modified version 37 | which carries forward this exception. 38 | */ 39 | 40 | #ifndef SIGFACTORY_HPP 41 | #define SIGFACTORY_HPP 42 | 43 | #include 44 | 45 | class SigFactory { 46 | 47 | public: 48 | auto& tls() { 49 | return signatures_.sensors_[0]; 50 | } 51 | 52 | auto& base() { 53 | return signatures_.sensors_[1]; 54 | } 55 | 56 | auto& signature_tree() { return signatures_; } 57 | 58 | SigFactory& operator=(SigFactory const&) = delete; 59 | SigFactory(SigFactory const&) = delete; 60 | 61 | static SigFactory& get() { 62 | static SigFactory s; 63 | return s; 64 | } 65 | 66 | private: 67 | 68 | SigFactory() : signatures_(2) {}; 69 | 70 | // signature tree contains also match states, which are unused by factory 71 | SignatureTree signatures_; 72 | }; 73 | 74 | #endif //SIGFACTORY_HPP 75 | -------------------------------------------------------------------------------- /src/inspect/sxsignature.hpp: -------------------------------------------------------------------------------- 1 | /* 2 | Smithproxy- transparent proxy with SSL inspection capabilities. 3 | Copyright (c) 2014, Ales Stibal , All rights reserved. 4 | 5 | Smithproxy is free software: you can redistribute it and/or modify 6 | it under the terms of the GNU General Public License as published by 7 | the Free Software Foundation, either version 3 of the License, or 8 | (at your option) any later version. 9 | 10 | Smithproxy is distributed in the hope that it will be useful, 11 | but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | GNU General Public License for more details. 14 | 15 | You should have received a copy of the GNU General Public License 16 | along with Smithproxy. If not, see . 17 | 18 | Linking Smithproxy statically or dynamically with other modules is 19 | making a combined work based on Smithproxy. Thus, the terms and 20 | conditions of the GNU General Public License cover the whole combination. 21 | 22 | In addition, as a special exception, the copyright holders of Smithproxy 23 | give you permission to combine Smithproxy with free software programs 24 | or libraries that are released under the GNU LGPL and with code 25 | included in the standard release of OpenSSL under the OpenSSL's license 26 | (or modified versions of such code, with unchanged license). 27 | You may copy and distribute such a system following the terms 28 | of the GNU GPL for Smithproxy and the licenses of the other code 29 | concerned, provided that you include the source code of that other code 30 | when and as the GNU GPL requires distribution of source code. 31 | 32 | Note that people who make modified versions of Smithproxy are not 33 | obligated to grant this special exception for their modified versions; 34 | it is their choice whether to do so. The GNU General Public License 35 | gives permission to release a modified version without this exception; 36 | this exception also makes it possible to release a modified version 37 | which carries forward this exception. 38 | */ 39 | 40 | #ifndef SMITHPROXY_SXSIGNATURE_HPP 41 | #define SMITHPROXY_SXSIGNATURE_HPP 42 | 43 | #include 44 | 45 | class MyDuplexFlowMatch : public duplexFlowMatch { 46 | 47 | public: 48 | std::string sig_side; 49 | std::string sig_category; 50 | int sig_severity {7}; // set severity to 7: log only if diagnosing 51 | std::string sig_group; 52 | std::string sig_enables; 53 | std::string sig_engine; // start specific engine (ie. http1) 54 | 55 | ~MyDuplexFlowMatch() override = default; 56 | }; 57 | 58 | #endif //SMITHPROXY_SXSIGNATURE_HPP 59 | -------------------------------------------------------------------------------- /src/inspect/tests/node_tests.cpp: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | #include "src/inspect/kb/node.hpp" 4 | 5 | using namespace sx; 6 | 7 | struct KB_String : public Node_Data { 8 | KB_String() = default; 9 | KB_String(std::string const& s) : value(s) {}; 10 | std::string value; 11 | nlohmann::json to_json() const override { return value; }; 12 | std::string to_string() const override { return "value=" + value + "\""; }; 13 | }; 14 | 15 | struct KB_Int : public Node_Data { 16 | KB_Int() = default; 17 | KB_Int(int i) : value(i) {}; 18 | int value; 19 | nlohmann::json to_json() const override { return value; }; 20 | std::string to_string() const override { return "value=" + std::to_string(value) + "\""; }; 21 | }; 22 | 23 | struct KB_XY : public Node_Data { 24 | KB_XY() = default; 25 | KB_XY(double x, double y) : x(x), y(y) {}; 26 | double x; 27 | double y; 28 | 29 | nlohmann::json to_json() const override { return { x, y }; }; 30 | std::string to_string() const override { 31 | std::stringstream ss; 32 | ss << "value=(" << x << "," << y << ")"; 33 | return ss.str(); 34 | }; 35 | }; 36 | 37 | 38 | TEST(KB_test, test_string) { 39 | 40 | auto root_kb = std::make_shared(); 41 | //root_kb->value = "root"; 42 | Node root; 43 | 44 | 45 | auto new_kb = std::make_shared(); 46 | new_kb->value = "some"; 47 | auto one = root.replace("1", new_kb); 48 | 49 | auto new_kb2 = std::make_shared(); 50 | new_kb2->value = "some2"; 51 | auto two = one->replace("2", new_kb2); 52 | 53 | two->at("3", "some")->at("another", "some_value"); 54 | 55 | 56 | auto sub_kb = std::make_shared(); 57 | sub_kb->value = "sub"; 58 | one->replace("10", sub_kb); 59 | 60 | 61 | auto x = root.to_json(); 62 | std::cout << x.dump(4) << "\n"; 63 | 64 | std::cout << one->to_json().dump(4) << "\n"; 65 | std::cout << "\n"; 66 | std::cout << "\n"; 67 | std::cout << "\n"; 68 | 69 | } 70 | 71 | TEST(KB_test, test_mixed) { 72 | 73 | auto root_kb = std::make_shared(); 74 | Node root; 75 | root.at("header1", "abc"); 76 | root.at("header2", "123"); 77 | root.at("Content-Length", 12356); 78 | auto coo = root.at("Coords", -3453, 345); 79 | coo->label = "xy"; 80 | root["Coords"].lock()->label = "XY"; 81 | coo->at("Z", 0); 82 | 83 | auto x = root.to_json(); 84 | std::cout << x.dump(4) << "\n"; 85 | 86 | // std::cout << to_string(one->to_json()) << "\n"; 87 | std::cout << "\n"; 88 | std::cout << "\n"; 89 | std::cout << "\n"; 90 | 91 | } 92 | 93 | TEST(KB_test, test_quota) { 94 | 95 | auto root_kb = std::make_shared(); 96 | Node root; 97 | root.max_elements = 10; 98 | 99 | for (int i = 0; i < 1000; ++i) { 100 | root.at("header"+std::to_string(i), "abc" + std::to_string(i)); 101 | } 102 | 103 | auto x = root.to_json(); 104 | std::cout << x.dump(4) << "\n"; 105 | 106 | std::cout << "\n"; 107 | std::cout << "\n"; 108 | std::cout << "\n"; 109 | 110 | } -------------------------------------------------------------------------------- /src/main.hpp: -------------------------------------------------------------------------------- 1 | /* 2 | Smithproxy- transparent proxy with SSL inspection capabilities. 3 | Copyright (c) 2014, Ales Stibal , All rights reserved. 4 | 5 | Smithproxy is free software: you can redistribute it and/or modify 6 | it under the terms of the GNU General Public License as published by 7 | the Free Software Foundation, either version 3 of the License, or 8 | (at your option) any later version. 9 | 10 | Smithproxy is distributed in the hope that it will be useful, 11 | but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | GNU General Public License for more details. 14 | 15 | You should have received a copy of the GNU General Public License 16 | along with Smithproxy. If not, see . 17 | 18 | Linking Smithproxy statically or dynamically with other modules is 19 | making a combined work based on Smithproxy. Thus, the terms and 20 | conditions of the GNU General Public License cover the whole combination. 21 | 22 | In addition, as a special exception, the copyright holders of Smithproxy 23 | give you permission to combine Smithproxy with free software programs 24 | or libraries that are released under the GNU LGPL and with code 25 | included in the standard release of OpenSSL under the OpenSSL's license 26 | (or modified versions of such code, with unchanged license). 27 | You may copy and distribute such a system following the terms 28 | of the GNU GPL for Smithproxy and the licenses of the other code 29 | concerned, provided that you include the source code of that other code 30 | when and as the GNU GPL requires distribution of source code. 31 | 32 | Note that people who make modified versions of Smithproxy are not 33 | obligated to grant this special exception for their modified versions; 34 | it is their choice whether to do so. The GNU General Public License 35 | gives permission to release a modified version without this exception; 36 | this exception also makes it possible to release a modified version 37 | which carries forward this exception. 38 | */ 39 | 40 | #ifndef SMITHPROXY_MAIN_HPP 41 | #define SMITHPROXY_MAIN_HPP 42 | 43 | #define SMITH_VERSION "0.9.32" 44 | #define SMITH_DEVEL 0 45 | 46 | 47 | 48 | bool load_config(std::string& config_f, bool reload = false); 49 | 50 | #endif //SMITHPROXY_MAIN_HPP 51 | -------------------------------------------------------------------------------- /src/policy/cfgelement.hpp: -------------------------------------------------------------------------------- 1 | // 2 | // Created by astib on 15.12.20. 3 | // 4 | 5 | #ifndef SMITHPROXY_CFGELEMENT_HPP 6 | #define SMITHPROXY_CFGELEMENT_HPP 7 | 8 | #include 9 | #include 10 | 11 | #include 12 | #include 13 | #include 14 | 15 | 16 | class CfgElement { 17 | std::string name_; 18 | 19 | using dependency_vec_t = std::vector>; 20 | dependency_vec_t usage_references_; 21 | 22 | public: 23 | virtual ~CfgElement() = default; 24 | 25 | std::string element_name() const { return name_; } 26 | std::string& element_name() { return name_; } 27 | 28 | dependency_vec_t& usage_vec() noexcept { return usage_references_; }; 29 | dependency_vec_t const& usage_vec() const noexcept { return usage_references_; }; 30 | bool has_usage() const { return ! usage_references_.empty(); } 31 | void usage_add(std::weak_ptr a); 32 | 33 | inline std::vector usage_strvec() const; 34 | }; 35 | 36 | 37 | inline std::vector CfgElement::usage_strvec() const { 38 | std::vector depnames; 39 | 40 | for(auto const& dep: usage_vec()) { 41 | auto dep_ptr = dep.lock(); 42 | 43 | // if the dependency is still valid 44 | if(dep_ptr) { 45 | 46 | auto depstr = dep_ptr->element_name(); 47 | 48 | if(dep_ptr->has_usage()) { 49 | depstr += ":"; 50 | 51 | auto vec_of_deps = dep_ptr->usage_strvec(); 52 | std::for_each(vec_of_deps.begin(), vec_of_deps.end(), [&](auto e) { depstr+= e; } ); 53 | } 54 | 55 | depnames.push_back(depstr); 56 | } 57 | } 58 | 59 | return depnames; 60 | } 61 | 62 | inline void CfgElement::usage_add (std::weak_ptr a) { usage_vec().emplace_back(a); } 63 | 64 | 65 | template 66 | struct CfgSingle : public CfgElement { 67 | CfgSingle(val_type const& v) { value_ = v; } 68 | CfgSingle(std::string const& name, val_type const& v) { element_name() = name; value_ = v; } 69 | val_type value_; 70 | 71 | // explicit operator val_type() const { return value_; } 72 | val_type& value() { return value_; } 73 | val_type value() const { return value_; } 74 | }; 75 | 76 | 77 | 78 | using CfgUint8 = CfgSingle; 79 | using CfgUint16 = CfgSingle; 80 | using CfgUint32 = CfgSingle; 81 | using CfgRange = CfgSingle; 82 | using CfgString = CfgSingle; 83 | 84 | 85 | using shared_CfgElement = std::shared_ptr; 86 | using shared_CfgUint8 = std::shared_ptr; 87 | using shared_CfgUint16 = std::shared_ptr; 88 | using shared_CfgUint32 = std::shared_ptr; 89 | using shared_CfgRange = std::shared_ptr; 90 | using shared_CfgString = std::shared_ptr; 91 | 92 | 93 | #endif //SMITHPROXY_CFGELEMENT_HPP 94 | -------------------------------------------------------------------------------- /src/policy/loadb.cpp: -------------------------------------------------------------------------------- 1 | /* 2 | Smithproxy- transparent proxy with SSL inspection capabilities. 3 | Copyright (c) 2014, Ales Stibal , All rights reserved. 4 | 5 | Smithproxy is free software: you can redistribute it and/or modify 6 | it under the terms of the GNU General Public License as published by 7 | the Free Software Foundation, either version 3 of the License, or 8 | (at your option) any later version. 9 | 10 | Smithproxy is distributed in the hope that it will be useful, 11 | but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | GNU General Public License for more details. 14 | 15 | You should have received a copy of the GNU General Public License 16 | along with Smithproxy. If not, see . 17 | 18 | Linking Smithproxy statically or dynamically with other modules is 19 | making a combined work based on Smithproxy. Thus, the terms and 20 | conditions of the GNU General Public License cover the whole combination. 21 | 22 | In addition, as a special exception, the copyright holders of Smithproxy 23 | give you permission to combine Smithproxy with free software programs 24 | or libraries that are released under the GNU LGPL and with code 25 | included in the standard release of OpenSSL under the OpenSSL's license 26 | (or modified versions of such code, with unchanged license). 27 | You may copy and distribute such a system following the terms 28 | of the GNU GPL for Smithproxy and the licenses of the other code 29 | concerned, provided that you include the source code of that other code 30 | when and as the GNU GPL requires distribution of source code. 31 | 32 | Note that people who make modified versions of Smithproxy are not 33 | obligated to grant this special exception for their modified versions; 34 | it is their choice whether to do so. The GNU General Public License 35 | gives permission to release a modified version without this exception; 36 | this exception also makes it possible to release a modified version 37 | which carries forward this exception. 38 | */ 39 | 40 | 41 | #include 42 | 43 | template 44 | HostPool::~HostPool() { 45 | 46 | auto lc_ = std::scoped_lock(*this); 47 | 48 | candidates.clear(); 49 | 50 | for(auto i: host_data_) { 51 | delete i.second(); 52 | } 53 | } 54 | 55 | template 56 | bool HostPool::insert_new(Host h) { 57 | 58 | auto lc_ = std::scoped_lock(*this); 59 | 60 | auto i = host_data_.find(h); 61 | 62 | if(i != host_data_.end()) { 63 | return false; 64 | } 65 | 66 | host_data_[h] = new HostInfoType(h); 67 | 68 | return true; 69 | } 70 | 71 | 72 | template 73 | const HostInfoType* HostPool::compute() { 74 | auto lc_ = std::scoped_lock(*this); 75 | 76 | int i = compute_index(); 77 | HostInfoType* r = candidates.at(i); 78 | } 79 | 80 | template 81 | void HostPool::refresh() { 82 | auto lc_ = std::scoped_lock(*this); 83 | 84 | candidates.clear(); 85 | for(auto i: host_data_) { 86 | HostInfoType* hit = i.second(); 87 | if(hit->is_active) { 88 | candidates.push_back(hit); 89 | } 90 | } 91 | } 92 | -------------------------------------------------------------------------------- /src/policy/profiles.cpp: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | 4 | #include 5 | #include 6 | 7 | void ProfileRouting::update() { 8 | lb_state.expand_candidates(dnat_addresses); 9 | lb_state.rr_counter++; 10 | } 11 | 12 | std::vector> ProfileRouting::lb_candidates(int family) const { 13 | return family == CIDR_IPV6 ? lb_state.candidates_v6 : lb_state.candidates_v4; 14 | } 15 | 16 | size_t ProfileRouting::lb_index_rr(size_t sz) const { 17 | return sz == 0 ? 0 : lb_state.rr_counter % sz; 18 | } 19 | 20 | 21 | static uint32_t crc32_proxy_key(MitmProxy* proxy, bool add_port) { 22 | std::stringstream ss; 23 | 24 | if(auto const* l = proxy->first_left(); l) { 25 | ss << l->host(); 26 | } 27 | if(auto const* r = proxy->first_right(); r) { 28 | ss << r->host(); 29 | if(add_port) { 30 | ss << r->port(); 31 | } 32 | } 33 | 34 | auto key = ss.str(); 35 | 36 | return socle::tools::crc32::compute(0, key.data(), key.size()); 37 | } 38 | 39 | size_t ProfileRouting::lb_index_l3 (MitmProxy* proxy, size_t sz) const { 40 | 41 | return sz == 0 ? 0 : crc32_proxy_key(proxy, false) % sz; 42 | } 43 | 44 | size_t ProfileRouting::lb_index_l4(MitmProxy* proxy, size_t sz) const { 45 | 46 | return sz == 0 ? 0 : crc32_proxy_key(proxy, proxy) % sz; 47 | } 48 | 49 | 50 | bool ProfileRouting::LbState::expand_candidates(std::vector const& addresses) { 51 | 52 | if(auto now = time(nullptr); now - last_refresh > refresh_interval) { 53 | last_refresh = now; 54 | 55 | // get a fresh, expanded list of all IP addresses 56 | const std::vector> update4 = CfgFactory::get()->expand_to_cidr(addresses, AF_INET); 57 | const std::vector> update6 = CfgFactory::get()->expand_to_cidr(addresses, AF_INET6); 58 | 59 | auto l_ = std::scoped_lock(lock_); 60 | candidates_v4 = update4; 61 | candidates_v6 = update6; 62 | } 63 | 64 | return false; 65 | } -------------------------------------------------------------------------------- /src/policy/tests/addrobj_test.cpp: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | 4 | #include 5 | 6 | using namespace cidr; 7 | 8 | TEST(CidrAddressTest, ZeroZeroMatchesAll) { 9 | auto all = CidrAddress(cidr_from_str("0.0.0.0/0")); 10 | auto ip4_min = cidr_from_str("1.0.0.1"); 11 | ASSERT_TRUE(all.contains(ip4_min) == 0); 12 | } 13 | 14 | 15 | TEST(CidrAddressTest, NonsenseInput) { 16 | auto garbage = CidrAddress(cidr_from_str("this is not an address")); 17 | ASSERT_TRUE(garbage.cidr() == nullptr); 18 | } 19 | 20 | TEST(CidrAddressTest, NonsenseInput2) { 21 | auto garbage = CidrAddress(cidr_from_str("this.is.a.4")); 22 | ASSERT_TRUE(garbage.cidr() == nullptr); 23 | } 24 | 25 | TEST(CidrAddressTest, NonsenseInput3) { 26 | auto garbage = CidrAddress(cidr_from_str("this.is.a.4/23423")); 27 | ASSERT_TRUE(garbage.cidr() == nullptr); 28 | } 29 | 30 | TEST(CidrAddressTest, Host_HostTest) { 31 | auto a = cidr_from_str("1.1.1.1"); 32 | ASSERT_TRUE(std::string(cidr_numhost(a)) == "1"); 33 | } -------------------------------------------------------------------------------- /src/policy/tests/policy_test.cpp: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | #include 4 | #include 5 | 6 | #include 7 | 8 | using namespace cidr; 9 | 10 | TEST(PolicyTest, match_addrgrp_cx) { 11 | PolicyRule p; 12 | auto h = baseHostCX(new TCPCom(), "192.168.1.1", "80"); 13 | 14 | PolicyRule::group_of_addresses g; 15 | 16 | // matching range 17 | g.push_back(std::make_shared(std::make_shared("192.168.1.0/24"))); 18 | ASSERT_TRUE(p.match_addrgrp_cx(g, &h)); 19 | 20 | // empty should return true 21 | g.clear(); 22 | ASSERT_TRUE(p.match_addrgrp_cx(g, &h)); 23 | 24 | // different subnet must return false 25 | g.clear(); 26 | g.push_back(std::make_shared(std::make_shared("192.168.11.0/24"))); 27 | ASSERT_FALSE(p.match_addrgrp_cx(g, &h)); 28 | 29 | // two ranges one should match 30 | g.clear(); 31 | g.push_back(std::make_shared(std::make_shared("192.168.11.0/24"))); 32 | g.push_back(std::make_shared(std::make_shared("192.168.1.0/24"))); 33 | ASSERT_TRUE(p.match_addrgrp_cx(g, &h)); 34 | 35 | 36 | // two ranges NONE should match 37 | g.clear(); 38 | g.push_back(std::make_shared(std::make_shared("192.168.11.0/24"))); 39 | g.push_back(std::make_shared(std::make_shared("192.168.21.0/24"))); 40 | ASSERT_FALSE(p.match_addrgrp_cx(g, &h)); 41 | } 42 | 43 | 44 | TEST(PolicyTest, match_rangevec_cx) { 45 | PolicyRule p; 46 | auto h = baseHostCX(new TCPCom(), "192.168.1.1", "80"); 47 | 48 | PolicyRule::group_of_ports g; 49 | 50 | // matching range 51 | g.push_back(std::make_shared(std::pair(80,80))); 52 | ASSERT_TRUE(p.match_rangegrp_cx(g, &h)); 53 | 54 | // empty should return true 55 | g.clear(); 56 | ASSERT_TRUE(p.match_rangegrp_cx(g, &h)); 57 | 58 | // different subnet must return false 59 | g.clear(); 60 | g.push_back(std::make_shared(std::pair(443,443))); 61 | ASSERT_FALSE(p.match_rangegrp_cx(g, &h)); 62 | 63 | // two ranges one should match 64 | g.clear(); 65 | g.push_back(std::make_shared(std::pair(443,443))); 66 | g.push_back(std::make_shared(std::pair(0,65535))); 67 | ASSERT_TRUE(p.match_rangegrp_cx(g, &h)); 68 | 69 | 70 | // two ranges NONE should match 71 | g.clear(); 72 | g.push_back(std::make_shared(std::pair(443,443))); 73 | g.push_back(std::make_shared(std::pair(143,143))); 74 | ASSERT_FALSE(p.match_rangegrp_cx(g, &h)); 75 | } 76 | -------------------------------------------------------------------------------- /src/proxy/filters/access_filter.hpp: -------------------------------------------------------------------------------- 1 | /* 2 | Smithproxy- transparent proxy with SSL inspection capabilities. 3 | Copyright (c) 2014, Ales Stibal , All rights reserved. 4 | 5 | Smithproxy is free software: you can redistribute it and/or modify 6 | it under the terms of the GNU General Public License as published by 7 | the Free Software Foundation, either version 3 of the License, or 8 | (at your option) any later version. 9 | 10 | Smithproxy is distributed in the hope that it will be useful, 11 | but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | GNU General Public License for more details. 14 | 15 | You should have received a copy of the GNU General Public License 16 | along with Smithproxy. If not, see . 17 | 18 | Linking Smithproxy statically or dynamically with other modules is 19 | making a combined work based on Smithproxy. Thus, the terms and 20 | conditions of the GNU General Public License cover the whole combination. 21 | 22 | In addition, as a special exception, the copyright holders of Smithproxy 23 | give you permission to combine Smithproxy with free software programs 24 | or libraries that are released under the GNU LGPL and with code 25 | included in the standard release of OpenSSL under the OpenSSL's license 26 | (or modified versions of such code, with unchanged license). 27 | You may copy and distribute such a system following the terms 28 | of the GNU GPL for Smithproxy and the licenses of the other code 29 | concerned, provided that you include the source code of that other code 30 | when and as the GNU GPL requires distribution of source code. 31 | 32 | Note that people who make modified versions of Smithproxy are not 33 | obligated to grant this special exception for their modified versions; 34 | it is their choice whether to do so. The GNU General Public License 35 | gives permission to release a modified version without this exception; 36 | this exception also makes it possible to release a modified version 37 | which carries forward this exception. 38 | */ 39 | 40 | #ifndef ACCESSFILTER_HPP 41 | #define ACCESSFILTER_HPP 42 | 43 | #include 44 | 45 | #include 46 | 47 | class AccessFilter : public FilterProxy { 48 | 49 | public: 50 | 51 | enum state_t {INIT=0, DATA=1} state {INIT}; 52 | static inline constexpr std::array state_str = { "init", "data" }; 53 | 54 | 55 | std::string connection_label; 56 | 57 | AccessFilter() = delete; 58 | explicit AccessFilter(MitmProxy* parent) : FilterProxy(parent) { 59 | if(parent) 60 | connection_label = parent->to_connection_label(false); 61 | } 62 | ~AccessFilter() override; 63 | 64 | bool update_states() override; 65 | std::string to_string(int verbosity) const override; 66 | nlohmann::json to_json(int verbosity) const override; 67 | 68 | void init() override; 69 | void proxy(baseHostCX *from, baseHostCX *to, socle::side_t side, bool redirected) override; 70 | void update(socle::side_t side, buffer const& buf); 71 | 72 | private: 73 | 74 | std::mutex update_lock; 75 | 76 | bool access_allowed = false; 77 | nlohmann::json access_response; 78 | bool already_applied = false; 79 | 80 | static inline logan_lite log {"proxy.accessfilter"}; 81 | }; 82 | 83 | 84 | #endif //ACCESSFILTER_HPP 85 | -------------------------------------------------------------------------------- /src/proxy/filters/filterproxy.cpp: -------------------------------------------------------------------------------- 1 | /* 2 | Smithproxy- transparent proxy with SSL inspection capabilities. 3 | Copyright (c) 2014, Ales Stibal , All rights reserved. 4 | 5 | Smithproxy is free software: you can redistribute it and/or modify 6 | it under the terms of the GNU General Public License as published by 7 | the Free Software Foundation, either version 3 of the License, or 8 | (at your option) any later version. 9 | 10 | Smithproxy is distributed in the hope that it will be useful, 11 | but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | GNU General Public License for more details. 14 | 15 | You should have received a copy of the GNU General Public License 16 | along with Smithproxy. If not, see . 17 | 18 | Linking Smithproxy statically or dynamically with other modules is 19 | making a combined work based on Smithproxy. Thus, the terms and 20 | conditions of the GNU General Public License cover the whole combination. 21 | 22 | In addition, as a special exception, the copyright holders of Smithproxy 23 | give you permission to combine Smithproxy with free software programs 24 | or libraries that are released under the GNU LGPL and with code 25 | included in the standard release of OpenSSL under the OpenSSL's license 26 | (or modified versions of such code, with unchanged license). 27 | You may copy and distribute such a system following the terms 28 | of the GNU GPL for Smithproxy and the licenses of the other code 29 | concerned, provided that you include the source code of that other code 30 | when and as the GNU GPL requires distribution of source code. 31 | 32 | Note that people who make modified versions of Smithproxy are not 33 | obligated to grant this special exception for their modified versions; 34 | it is their choice whether to do so. The GNU General Public License 35 | gives permission to release a modified version without this exception; 36 | this exception also makes it possible to release a modified version 37 | which carries forward this exception. 38 | */ 39 | 40 | 41 | #include 42 | 43 | 44 | 45 | bool FilterProxy::ask_destroy() { 46 | if(parent_) { 47 | parent()->state().dead(true); return true; 48 | } 49 | return false; 50 | } 51 | 52 | -------------------------------------------------------------------------------- /src/proxy/filters/statistics/entropy.cpp: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | #include 4 | #include 5 | 6 | 7 | void Entropy::update(const uint8_t *data, size_t len) { 8 | 9 | // safeguard invalid inputs 10 | if(not data or len == 0) { return; } 11 | 12 | size_t then_counter = 0; 13 | 14 | for (size_t i = 0; i < len; ++i) { 15 | if(i < first_bytes) { 16 | frequencies[data[i]]++; 17 | ++data_accounted; 18 | } 19 | else if (i % then_each == 0 and then_counter < then_max_count) { 20 | ++then_counter; 21 | frequencies[data[i]]++; 22 | ++data_accounted; 23 | } 24 | else { 25 | break; 26 | } 27 | } 28 | } 29 | 30 | std::string Entropy::to_string(unsigned int verbosity) const { 31 | std::stringstream ss; 32 | 33 | ss << " entropy: " << entropy; 34 | ss << ", top_byte: " << int(top_byte); 35 | ss << ", top_byte_fr: " << top_freq; 36 | ss << ", top_byte_ra: " << top_byte_ratio; 37 | ss << ", bytes_acct: " << data_accounted; 38 | 39 | if(verbosity > iINF) { 40 | ss << "\r\n frequencies: "; 41 | for (size_t i = 0; i < frequencies.size(); ++i) { 42 | auto val = frequencies[i]; 43 | if (val) 44 | ss << "[" << i << "]=" << val << " "; 45 | } 46 | } 47 | return ss.str(); 48 | } 49 | 50 | nlohmann::json Entropy::to_json(int verbosity) const { 51 | auto ret = nlohmann::json(); 52 | ret["entropy"] = entropy; 53 | ret["top_byte"] = top_byte; 54 | ret["top_byte_frequency"] = top_freq; 55 | ret["top_byte_ratio"] = top_byte_ratio; 56 | ret["bytes_accounted"] = data_accounted; 57 | 58 | if(verbosity > iINF) { 59 | for (size_t i = 0; i < frequencies.size(); ++i) { 60 | auto val = frequencies[i]; 61 | if (val > 0) 62 | ret["byte_counts"].push_back({i, val}); 63 | } 64 | } 65 | return ret; 66 | } 67 | 68 | void Entropy::reset_results() { 69 | // all other variables are re-counted, or have no impact on consecutive calls 70 | entropy = 0.0f; 71 | } 72 | 73 | void Entropy::calculate() { 74 | 75 | reset_results(); 76 | 77 | for (size_t i = 0; i < frequencies.size(); ++i) { 78 | auto freq = frequencies[i]; 79 | if (freq > 0) { 80 | 81 | if (freq > top_freq) { 82 | top_freq = freq; 83 | top_byte = static_cast(i); // this is safe, size is always 256 to count byte values 84 | } 85 | 86 | double probability = static_cast(freq) / data_accounted; 87 | entropy -= probability * std::log2(probability); 88 | } 89 | } 90 | 91 | top_byte_ratio = static_cast(top_freq) / data_accounted; 92 | } 93 | 94 | 95 | void Entropy::update(buffer const& buf) { 96 | update(buf.data(), buf.size()); 97 | } 98 | -------------------------------------------------------------------------------- /src/proxy/filters/statistics/entropy.hpp: -------------------------------------------------------------------------------- 1 | 2 | 3 | #pragma once 4 | 5 | #ifndef ENTROPY_HPP 6 | #define ENTROPY_HPP 7 | 8 | #include 9 | class buffer; 10 | 11 | struct Entropy { 12 | static inline constexpr uint16_t first_bytes = 512; // number of bytes at the beginning of "packet" always calculated in 13 | static inline constexpr uint16_t then_each = 5; // after first bytes, calculate-in only each n-th byte 14 | static inline constexpr uint16_t then_max_count = 50; // calculate-in n-th byte only N-times 15 | 16 | 17 | std::array frequencies {0}; 18 | uint8_t top_byte = 0; 19 | uint64_t top_freq = 0; 20 | double top_byte_ratio = 0; 21 | double entropy = 0.0f; 22 | 23 | uint64_t data_accounted = 0; 24 | 25 | void update(const uint8_t* data, size_t len); 26 | void update(buffer const& buf); 27 | 28 | void reset_results(); 29 | void calculate(); 30 | 31 | std::string to_string(unsigned int verbosity) const; 32 | nlohmann::json to_json(int verbosity) const; 33 | }; 34 | 35 | #endif -------------------------------------------------------------------------------- /src/proxy/filters/tesfilter.hpp: -------------------------------------------------------------------------------- 1 | /* 2 | Smithproxy- transparent proxy with SSL inspection capabilities. 3 | Copyright (c) 2014, Ales Stibal , All rights reserved. 4 | 5 | Smithproxy is free software: you can redistribute it and/or modify 6 | it under the terms of the GNU General Public License as published by 7 | the Free Software Foundation, either version 3 of the License, or 8 | (at your option) any later version. 9 | 10 | Smithproxy is distributed in the hope that it will be useful, 11 | but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | GNU General Public License for more details. 14 | 15 | You should have received a copy of the GNU General Public License 16 | along with Smithproxy. If not, see . 17 | 18 | Linking Smithproxy statically or dynamically with other modules is 19 | making a combined work based on Smithproxy. Thus, the terms and 20 | conditions of the GNU General Public License cover the whole combination. 21 | 22 | In addition, as a special exception, the copyright holders of Smithproxy 23 | give you permission to combine Smithproxy with free software programs 24 | or libraries that are released under the GNU LGPL and with code 25 | included in the standard release of OpenSSL under the OpenSSL's license 26 | (or modified versions of such code, with unchanged license). 27 | You may copy and distribute such a system following the terms 28 | of the GNU GPL for Smithproxy and the licenses of the other code 29 | concerned, provided that you include the source code of that other code 30 | when and as the GNU GPL requires distribution of source code. 31 | 32 | Note that people who make modified versions of Smithproxy are not 33 | obligated to grant this special exception for their modified versions; 34 | it is their choice whether to do so. The GNU General Public License 35 | gives permission to release a modified version without this exception; 36 | this exception also makes it possible to release a modified version 37 | which carries forward this exception. 38 | */ 39 | 40 | #ifndef TESTFILTER_HPP 41 | #define TESTFILTER_HPP 42 | 43 | #include 44 | 45 | // testing filter which triggers action after defined seconds 46 | class TestFilter : public FilterProxy { 47 | public: 48 | TestFilter(MitmProxy* parent, int seconds); 49 | void proxy(baseHostCX* from, baseHostCX* to, side_t side, bool redirected); 50 | 51 | 52 | time_t trigger_at; 53 | int counter = 0; 54 | private: 55 | static inline logan_lite log {"proxy"}; 56 | }; 57 | 58 | #endif -------------------------------------------------------------------------------- /src/proxy/filters/testfilter.cpp: -------------------------------------------------------------------------------- 1 | /* 2 | Smithproxy- transparent proxy with SSL inspection capabilities. 3 | Copyright (c) 2014, Ales Stibal , All rights reserved. 4 | 5 | Smithproxy is free software: you can redistribute it and/or modify 6 | it under the terms of the GNU General Public License as published by 7 | the Free Software Foundation, either version 3 of the License, or 8 | (at your option) any later version. 9 | 10 | Smithproxy is distributed in the hope that it will be useful, 11 | but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | GNU General Public License for more details. 14 | 15 | You should have received a copy of the GNU General Public License 16 | along with Smithproxy. If not, see . 17 | 18 | Linking Smithproxy statically or dynamically with other modules is 19 | making a combined work based on Smithproxy. Thus, the terms and 20 | conditions of the GNU General Public License cover the whole combination. 21 | 22 | In addition, as a special exception, the copyright holders of Smithproxy 23 | give you permission to combine Smithproxy with free software programs 24 | or libraries that are released under the GNU LGPL and with code 25 | included in the standard release of OpenSSL under the OpenSSL's license 26 | (or modified versions of such code, with unchanged license). 27 | You may copy and distribute such a system following the terms 28 | of the GNU GPL for Smithproxy and the licenses of the other code 29 | concerned, provided that you include the source code of that other code 30 | when and as the GNU GPL requires distribution of source code. 31 | 32 | Note that people who make modified versions of Smithproxy are not 33 | obligated to grant this special exception for their modified versions; 34 | it is their choice whether to do so. The GNU General Public License 35 | gives permission to release a modified version without this exception; 36 | this exception also makes it possible to release a modified version 37 | which carries forward this exception. 38 | */ 39 | 40 | #include 41 | 42 | TestFilter::TestFilter(MitmProxy* parent, int seconds): FilterProxy(parent) { 43 | trigger_at = time(nullptr) + seconds; 44 | } 45 | 46 | void TestFilter::proxy(baseHostCX* from, baseHostCX* to, side_t side, bool redirected) { 47 | 48 | if(time(nullptr) >= trigger_at) { 49 | counter++; 50 | trigger_at = time(nullptr) + 5; 51 | 52 | auto parent_name = [this](){ if(parent()) return parent()->to_string(iNOT); else return std::string("???"); }; 53 | 54 | _inf("%s: filter triggered event counter %d", parent_name().c_str() ,counter); 55 | } 56 | } 57 | -------------------------------------------------------------------------------- /src/proxy/mitmcom.cpp: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | 4 | baseCom* MySSLMitmCom::replicate() { 5 | return new MySSLMitmCom(); 6 | } 7 | 8 | bool MySSLMitmCom::spoof_cert(X509* x, SpoofOptions& spo) { 9 | 10 | //std::string cert = SSLFactory::print_cert(x); 11 | //comlog().append("\n ==== Server certificate:\n" + cert + "\n ====\n"); 12 | 13 | bool r = baseSSLMitmCom::spoof_cert(x,spo); 14 | 15 | //_ext("MySSLMitmCom::spoof_cert: cert:\n%s",cert.c_str()); 16 | 17 | return r; 18 | } 19 | 20 | std::string MySSLMitmCom::ssl_error_details() const { 21 | auto ret = SSLCom::ssl_error_details(); 22 | 23 | std::stringstream info; 24 | info << "Workarounds: \r\n"; 25 | info << " # diag ssl whitelist insert_fingerprint " << SSLFactory::fingerprint(sslcom_target_cert) << " 600\r\n"; 26 | if(owner_cx() and owner_cx()->peer()) { 27 | auto l4 = whitelist_make_key_l4(owner_cx()->peer()); 28 | info << " # diag ssl whitelist insert_l4 " << l4 << " 600\r\n"; 29 | } 30 | 31 | info << "\r\n" << ret; 32 | 33 | return info.str(); 34 | }; -------------------------------------------------------------------------------- /src/proxy/mitmcom.hpp: -------------------------------------------------------------------------------- 1 | /* 2 | Smithproxy- transparent proxy with SSL inspection capabilities. 3 | Copyright (c) 2014, Ales Stibal , All rights reserved. 4 | 5 | Smithproxy is free software: you can redistribute it and/or modify 6 | it under the terms of the GNU General Public License as published by 7 | the Free Software Foundation, either version 3 of the License, or 8 | (at your option) any later version. 9 | 10 | Smithproxy is distributed in the hope that it will be useful, 11 | but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | GNU General Public License for more details. 14 | 15 | You should have received a copy of the GNU General Public License 16 | along with Smithproxy. If not, see . 17 | 18 | Linking Smithproxy statically or dynamically with other modules is 19 | making a combined work based on Smithproxy. Thus, the terms and 20 | conditions of the GNU General Public License cover the whole combination. 21 | 22 | In addition, as a special exception, the copyright holders of Smithproxy 23 | give you permission to combine Smithproxy with free software programs 24 | or libraries that are released under the GNU LGPL and with code 25 | included in the standard release of OpenSSL under the OpenSSL's license 26 | (or modified versions of such code, with unchanged license). 27 | You may copy and distribute such a system following the terms 28 | of the GNU GPL for Smithproxy and the licenses of the other code 29 | concerned, provided that you include the source code of that other code 30 | when and as the GNU GPL requires distribution of source code. 31 | 32 | Note that people who make modified versions of Smithproxy are not 33 | obligated to grant this special exception for their modified versions; 34 | it is their choice whether to do so. The GNU General Public License 35 | gives permission to release a modified version without this exception; 36 | this exception also makes it possible to release a modified version 37 | which carries forward this exception. 38 | */ 39 | 40 | #ifndef MITMCOM_HPP 41 | #define MITMCOM_HPP 42 | 43 | #include 44 | 45 | class MySSLMitmCom : public baseSSLMitmCom { 46 | public: 47 | ~MySSLMitmCom() override = default; 48 | 49 | baseCom* replicate() override; 50 | bool spoof_cert(X509* x, SpoofOptions& spo) override; 51 | std::string ssl_error_details() const override; 52 | }; 53 | 54 | class MyDTLSMitmCom : public baseSSLMitmCom { 55 | ~MyDTLSMitmCom() override = default; 56 | }; 57 | 58 | #endif -------------------------------------------------------------------------------- /src/proxy/ocspinvoker.hpp: -------------------------------------------------------------------------------- 1 | /* 2 | Smithproxy- transparent proxy with SSL inspection capabilities. 3 | Copyright (c) 2014, Ales Stibal , All rights reserved. 4 | 5 | Smithproxy is free software: you can redistribute it and/or modify 6 | it under the terms of the GNU General Public License as published by 7 | the Free Software Foundation, either version 3 of the License, or 8 | (at your option) any later version. 9 | 10 | Smithproxy is distributed in the hope that it will be useful, 11 | but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | GNU General Public License for more details. 14 | 15 | You should have received a copy of the GNU General Public License 16 | along with Smithproxy. If not, see . 17 | 18 | Linking Smithproxy statically or dynamically with other modules is 19 | making a combined work based on Smithproxy. Thus, the terms and 20 | conditions of the GNU General Public License cover the whole combination. 21 | 22 | In addition, as a special exception, the copyright holders of Smithproxy 23 | give you permission to combine Smithproxy with free software programs 24 | or libraries that are released under the GNU LGPL and with code 25 | included in the standard release of OpenSSL under the OpenSSL's license 26 | (or modified versions of such code, with unchanged license). 27 | You may copy and distribute such a system following the terms 28 | of the GNU GPL for Smithproxy and the licenses of the other code 29 | concerned, provided that you include the source code of that other code 30 | when and as the GNU GPL requires distribution of source code. 31 | 32 | Note that people who make modified versions of Smithproxy are not 33 | obligated to grant this special exception for their modified versions; 34 | it is their choice whether to do so. The GNU General Public License 35 | gives permission to release a modified version without this exception; 36 | this exception also makes it possible to release a modified version 37 | which carries forward this exception. 38 | */ 39 | 40 | 41 | #ifndef SMITHPROXY_OCSPINVOKER_HPP 42 | #define SMITHPROXY_OCSPINVOKER_HPP 43 | 44 | #include 45 | #include 46 | 47 | class MitmProxy; 48 | 49 | class AsyncOcspInvoker { 50 | 51 | public: 52 | 53 | explicit AsyncOcspInvoker(MitmProxy& parent) : parent_(parent) {} 54 | static std::unique_ptr invoke(MitmProxy& proxy); 55 | 56 | void ssl_ocsp_callback(int response); 57 | 58 | [[nodiscard]] bool is_finished() const { return ocsp_->state() == inet::ocsp::AsyncOCSP::task_state_t::FINISHED; } 59 | std::unique_ptr& ocsp() { return ocsp_; }; 60 | private: 61 | 62 | std::unique_ptr ocsp_; 63 | MitmProxy& parent_; 64 | }; 65 | 66 | #endif //SMITHPROXY_OCSPINVOKER_HPP 67 | -------------------------------------------------------------------------------- /src/proxy/proxymaker.hpp: -------------------------------------------------------------------------------- 1 | /* 2 | Smithproxy- transparent proxy with SSL inspection capabilities. 3 | Copyright (c) 2014, Ales Stibal , All rights reserved. 4 | 5 | Smithproxy is free software: you can redistribute it and/or modify 6 | it under the terms of the GNU General Public License as published by 7 | the Free Software Foundation, either version 3 of the License, or 8 | (at your option) any later version. 9 | 10 | Smithproxy is distributed in the hope that it will be useful, 11 | but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | GNU General Public License for more details. 14 | 15 | You should have received a copy of the GNU General Public License 16 | along with Smithproxy. If not, see . 17 | 18 | Linking Smithproxy statically or dynamically with other modules is 19 | making a combined work based on Smithproxy. Thus, the terms and 20 | conditions of the GNU General Public License cover the whole combination. 21 | 22 | In addition, as a special exception, the copyright holders of Smithproxy 23 | give you permission to combine Smithproxy with free software programs 24 | or libraries that are released under the GNU LGPL and with code 25 | included in the standard release of OpenSSL under the OpenSSL's license 26 | (or modified versions of such code, with unchanged license). 27 | You may copy and distribute such a system following the terms 28 | of the GNU GPL for Smithproxy and the licenses of the other code 29 | concerned, provided that you include the source code of that other code 30 | when and as the GNU GPL requires distribution of source code. 31 | 32 | Note that people who make modified versions of Smithproxy are not 33 | obligated to grant this special exception for their modified versions; 34 | it is their choice whether to do so. The GNU General Public License 35 | gives permission to release a modified version without this exception; 36 | this exception also makes it possible to release a modified version 37 | which carries forward this exception. 38 | */ 39 | 40 | #ifndef PROXYMAKER_HPP 41 | #define PROXYMAKER_HPP 42 | 43 | #include 44 | #include 45 | 46 | #include 47 | 48 | namespace sx::proxymaker { 49 | 50 | std::unique_ptr make (baseHostCX *left, baseHostCX *right); 51 | bool policy (std::unique_ptr &proxy, bool implicit_allow); 52 | bool route_existing(MitmProxy* proxy, std::shared_ptr routing_profile); 53 | bool route(std::unique_ptr &proxy, std::shared_ptr routing_profile); 54 | std::pair to_magic(unsigned short target_port); 55 | bool authorize_is_bad (MitmProxy *proxy); 56 | bool is_replaceable (unsigned short port); 57 | bool authorize (std::unique_ptr &proxy); 58 | 59 | bool setup_snat (std::unique_ptr &proxy, std::string const &source_host, std::string const &source_port); 60 | bool connect (MasterProxy *owner, std::unique_ptr &&new_proxy); 61 | } 62 | 63 | #endif //PROXYMAKER_HPP -------------------------------------------------------------------------------- /src/proxy/redison.hpp: -------------------------------------------------------------------------------- 1 | #ifndef REDISON_HPP 2 | #define REDISON_HPP 3 | 4 | #ifdef USE_REDIS 5 | 6 | #include 7 | 8 | namespace sx::redison { 9 | 10 | } 11 | 12 | 13 | #endif //USE REDIS 14 | 15 | #endif //REDISON_HPP -------------------------------------------------------------------------------- /src/service/cmd/clistate.cpp: -------------------------------------------------------------------------------- 1 | /* 2 | Smithproxy- transparent proxy with SSL inspection capabilities. 3 | Copyright (c) 2014, Ales Stibal , All rights reserved. 4 | 5 | Smithproxy is free software: you can redistribute it and/or modify 6 | it under the terms of the GNU General Public License as published by 7 | the Free Software Foundation, either version 3 of the License, or 8 | (at your option) any later version. 9 | 10 | Smithproxy is distributed in the hope that it will be useful, 11 | but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | GNU General Public License for more details. 14 | 15 | You should have received a copy of the GNU General Public License 16 | along with Smithproxy. If not, see . 17 | 18 | Linking Smithproxy statically or dynamically with other modules is 19 | making a combined work based on Smithproxy. Thus, the terms and 20 | conditions of the GNU General Public License cover the whole combination. 21 | 22 | In addition, as a special exception, the copyright holders of Smithproxy 23 | give you permission to combine Smithproxy with free software programs 24 | or libraries that are released under the GNU LGPL and with code 25 | included in the standard release of OpenSSL under the OpenSSL's license 26 | (or modified versions of such code, with unchanged license). 27 | You may copy and distribute such a system following the terms 28 | of the GNU GPL for Smithproxy and the licenses of the other code 29 | concerned, provided that you include the source code of that other code 30 | when and as the GNU GPL requires distribution of source code. 31 | 32 | Note that people who make modified versions of Smithproxy are not 33 | obligated to grant this special exception for their modified versions; 34 | it is their choice whether to do so. The GNU General Public License 35 | gives permission to release a modified version without this exception; 36 | this exception also makes it possible to release a modified version 37 | which carries forward this exception. 38 | */ 39 | 40 | #include 41 | #include 42 | 43 | 44 | using namespace libcli; 45 | 46 | std::string CliState::template_callback_key (std::string const& section, cli_def* cli) { 47 | 48 | std::string template_key = section; 49 | 50 | if(CliState::get().has_callback(section)) { 51 | 52 | // it is possible object is already in callback db (set up by previous cmd generation), 53 | // but we still need to look for .[x] template! 54 | _debug(cli, "object %s has callbacks set ", template_key.c_str()); 55 | 56 | if (CliState::get().has_callback(section + ".[x]")) { 57 | _debug(cli, "object %s has callbacks set, but prefer .[x] template", template_key.c_str()); 58 | template_key = section + ".[x]"; 59 | } 60 | } 61 | else if (CliState::get().has_callback(section + ".[x]")) { 62 | 63 | _debug(cli, "object %s has no callbacks set, but .[x] found", template_key.c_str()); 64 | template_key = section + ".[x]"; 65 | } 66 | else { 67 | _debug(cli, "object %s has callbacks set, no template set", template_key.c_str()); 68 | // otherwise there is no template and template_cb will be the same as section_cb 69 | template_key = section; 70 | } 71 | 72 | return template_key; 73 | } -------------------------------------------------------------------------------- /src/service/core/authpam.hpp: -------------------------------------------------------------------------------- 1 | // SPDX-License-Identifier: GPL-2.0+ 2 | 3 | #ifndef AUHTPAM_HPP_ 4 | #define AUHTPAM_HPP_ 5 | 6 | #include 7 | #include 8 | 9 | #include 10 | 11 | #ifdef USE_PAM 12 | 13 | namespace sx::auth { 14 | 15 | namespace log { 16 | static logan_lite& auth() { 17 | static auto s = logan_lite("auth"); 18 | return s; 19 | } 20 | } 21 | 22 | bool pam_auth_user_pass (const char* user, const char* pass); 23 | bool unix_is_group_member(const char* username, const char* groupname); 24 | } 25 | 26 | #endif 27 | 28 | #endif -------------------------------------------------------------------------------- /src/service/core/smithproxy_objapi.hpp: -------------------------------------------------------------------------------- 1 | 2 | #pragma once 3 | 4 | #include 5 | 6 | class MitmMproxy; 7 | struct ObjAPI { 8 | void for_each_proxy(std::function callable); 9 | 10 | std::string instance_OID(); 11 | nlohmann::json proxy_session_connid_list(); 12 | nlohmann::json proxy_session_connid_list_plus(); // list, but append also session label 13 | nlohmann::json proxy_session_list_json(uint64_t oid, bool active_only, bool tls_info, bool verbose); 14 | 15 | nlohmann::json neighbor_list(bool flag_raw, unsigned int last_n_days); 16 | nlohmann::json neighbor_update(std::string const& request); 17 | }; 18 | 19 | -------------------------------------------------------------------------------- /src/service/dnsupd/smithdnsupd.hpp: -------------------------------------------------------------------------------- 1 | /* 2 | Smithproxy- transparent proxy with SSL inspection capabilities. 3 | Copyright (c) 2014, Ales Stibal , All rights reserved. 4 | 5 | Smithproxy is free software: you can redistribute it and/or modify 6 | it under the terms of the GNU General Public License as published by 7 | the Free Software Foundation, either version 3 of the License, or 8 | (at your option) any later version. 9 | 10 | Smithproxy is distributed in the hope that it will be useful, 11 | but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | GNU General Public License for more details. 14 | 15 | You should have received a copy of the GNU General Public License 16 | along with Smithproxy. If not, see . 17 | 18 | Linking Smithproxy statically or dynamically with other modules is 19 | making a combined work based on Smithproxy. Thus, the terms and 20 | conditions of the GNU General Public License cover the whole combination. 21 | 22 | In addition, as a special exception, the copyright holders of Smithproxy 23 | give you permission to combine Smithproxy with free software programs 24 | or libraries that are released under the GNU LGPL and with code 25 | included in the standard release of OpenSSL under the OpenSSL's license 26 | (or modified versions of such code, with unchanged license). 27 | You may copy and distribute such a system following the terms 28 | of the GNU GPL for Smithproxy and the licenses of the other code 29 | concerned, provided that you include the source code of that other code 30 | when and as the GNU GPL requires distribution of source code. 31 | 32 | Note that people who make modified versions of Smithproxy are not 33 | obligated to grant this special exception for their modified versions; 34 | it is their choice whether to do so. The GNU General Public License 35 | gives permission to release a modified version without this exception; 36 | this exception also makes it possible to release a modified version 37 | which carries forward this exception. 38 | */ 39 | 40 | #ifndef _SMITHDNSUPD_HPP_ 41 | #define _SMITHDNSUPD_HPP_ 42 | 43 | std::thread* create_dns_updater(); 44 | #endif -------------------------------------------------------------------------------- /src/service/http/jsonize.hpp: -------------------------------------------------------------------------------- 1 | /* 2 | Smithproxy- transparent proxy with SSL inspection capabilities. 3 | Copyright (c) 2014, Ales Stibal , All rights reserved. 4 | 5 | Smithproxy is free software: you can redistribute it and/or modify 6 | it under the terms of the GNU General Public License as published by 7 | the Free Software Foundation, either version 3 of the License, or 8 | (at your option) any later version. 9 | 10 | Smithproxy is distributed in the hope that it will be useful, 11 | but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | GNU General Public License for more details. 14 | 15 | You should have received a copy of the GNU General Public License 16 | along with Smithproxy. If not, see . 17 | 18 | Linking Smithproxy statically or dynamically with other modules is 19 | making a combined work based on Smithproxy. Thus, the terms and 20 | conditions of the GNU General Public License cover the whole combination. 21 | 22 | In addition, as a special exception, the copyright holders of Smithproxy 23 | give you permission to combine Smithproxy with free software programs 24 | or libraries that are released under the GNU LGPL and with code 25 | included in the standard release of OpenSSL under the OpenSSL's license 26 | (or modified versions of such code, with unchanged license). 27 | You may copy and distribute such a system following the terms 28 | of the GNU GPL for Smithproxy and the licenses of the other code 29 | concerned, provided that you include the source code of that other code 30 | when and as the GNU GPL requires distribution of source code. 31 | 32 | Note that people who make modified versions of Smithproxy are not 33 | obligated to grant this special exception for their modified versions; 34 | it is their choice whether to do so. The GNU General Public License 35 | gives permission to release a modified version without this exception; 36 | this exception also makes it possible to release a modified version 37 | which carries forward this exception. 38 | */ 39 | 40 | 41 | #ifndef JSONIZE_HPP_ 42 | #define JSONIZE_HPP_ 43 | 44 | #include 45 | #include 46 | 47 | #include "src/proxy/mitmproxy.hpp" 48 | #include 49 | 50 | namespace jsonize { 51 | 52 | nlohmann::json from(X509 const* x, int verbosity); 53 | nlohmann::json from(baseCom* xcom, int verbosity); 54 | nlohmann::json from(MitmProxy* what, int verbosity); 55 | nlohmann::json from(MitmHostCX* what, int verbosity); 56 | 57 | template 58 | std::optional load_json_params(std::string const& args, const char* varname) { 59 | try { 60 | auto js = nlohmann::json::parse(args); 61 | return js["params"][varname].get(); 62 | } catch (nlohmann::json::exception const& e) { 63 | return std::nullopt; 64 | } 65 | } 66 | 67 | inline nlohmann::json cfg_status_response(std::pair status) { 68 | return { { 69 | (status.first ? "success" : "error"), 70 | status.second 71 | } }; 72 | } 73 | 74 | nlohmann::json from(libconfig::Setting const& s); 75 | } 76 | 77 | #endif -------------------------------------------------------------------------------- /src/service/http/request.cpp: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include 5 | #include 6 | #include 7 | #include 8 | 9 | namespace sx::http { 10 | 11 | Request::Initializator sx::http::Request::curl_initializator; 12 | 13 | expected_reply Request::make_reply(std::string url, long code, std::string reply) { 14 | sx::http::expected_reply_t r; 15 | r.ctrl = this; 16 | r.request = url; 17 | r.response.first = code; 18 | r.response.second = reply; 19 | 20 | return std::optional(r); 21 | } 22 | 23 | } -------------------------------------------------------------------------------- /src/service/httpd/cfg/get.hpp: -------------------------------------------------------------------------------- 1 | #ifndef HTTPD_GET_HPP_ 2 | #define HTTPD_GET_HPP_ 3 | 4 | #include 5 | 6 | #include 7 | #include 8 | #include 9 | 10 | #include 11 | #include 12 | 13 | namespace sx::webserver { 14 | 15 | using nlohmann::json; 16 | using namespace libconfig; 17 | 18 | nlohmann::json json_get_section_entry(struct MHD_Connection * connection, std::string const& meth, std::string const& req) { 19 | 20 | 21 | /* request example (auth token is processed earlier) 22 | * { 23 | * "token": "<>", 24 | * "params" : { 25 | * "section": "port_objects", 26 | * "name": "exiting", 27 | * } 28 | * } 29 | * */ 30 | 31 | if(req.empty()) return { "error", "request empty" }; 32 | 33 | auto section_name = jsonize::load_json_params(req, "section").value_or(""); 34 | auto cfg_name = jsonize::load_json_params(req, "name").value_or(""); 35 | 36 | auto lc_ = std::scoped_lock(CfgFactory::lock()); 37 | 38 | 39 | if(section_name.empty()) { 40 | return { { "error", "parameters needed: 'section', 'name'" } }; 41 | } 42 | else { 43 | bool retrieved_status = false; 44 | std::string ret_status; 45 | json ret_value; 46 | 47 | std::string fullpath = cfg_name.empty() ? section_name : section_name + "." + cfg_name; 48 | try { 49 | 50 | auto& conf = CfgFactory::cfg_obj().lookup(fullpath.c_str()); 51 | 52 | ret_value = jsonize::from(conf); 53 | retrieved_status = true; 54 | 55 | } catch(libconfig::ConfigException const& e) { 56 | ret_status = string_format("EX(%s);", e.what()); 57 | } catch(json::exception const& e) { 58 | ret_status = string_format("EX(%s);", e.what()); 59 | } 60 | 61 | if(retrieved_status) { 62 | json rj; 63 | rj[fullpath] = ret_value; 64 | 65 | return { { "success" , rj } }; 66 | } 67 | else { 68 | return { {"error", ret_status } }; 69 | } 70 | } 71 | } 72 | } 73 | 74 | #endif -------------------------------------------------------------------------------- /src/service/httpd/do/do_comands.hpp: -------------------------------------------------------------------------------- 1 | /* 2 | Smithproxy- transparent proxy with SSL inspection capabilities. 3 | Copyright (c) 2014, Ales Stibal , All rights reserved. 4 | 5 | Smithproxy is free software: you can redistribute it and/or modify 6 | it under the terms of the GNU General Public License as published by 7 | the Free Software Foundation, either version 3 of the License, or 8 | (at your option) any later version. 9 | 10 | Smithproxy is distributed in the hope that it will be useful, 11 | but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | GNU General Public License for more details. 14 | 15 | You should have received a copy of the GNU General Public License 16 | along with Smithproxy. If not, see . 17 | 18 | Linking Smithproxy statically or dynamically with other modules is 19 | making a combined work based on Smithproxy. Thus, the terms and 20 | conditions of the GNU General Public License cover the whole combination. 21 | 22 | In addition, as a special exception, the copyright holders of Smithproxy 23 | give you permission to combine Smithproxy with free software programs 24 | or libraries that are released under the GNU LGPL and with code 25 | included in the standard release of OpenSSL under the OpenSSL's license 26 | (or modified versions of such code, with unchanged license). 27 | You may copy and distribute such a system following the terms 28 | of the GNU GPL for Smithproxy and the licenses of the other code 29 | concerned, provided that you include the source code of that other code 30 | when and as the GNU GPL requires distribution of source code. 31 | 32 | Note that people who make modified versions of Smithproxy are not 33 | obligated to grant this special exception for their modified versions; 34 | it is their choice whether to do so. The GNU General Public License 35 | gives permission to release a modified version without this exception; 36 | this exception also makes it possible to release a modified version 37 | which carries forward this exception. 38 | */ 39 | 40 | #include 41 | 42 | #include 43 | #include 44 | #include 45 | 46 | 47 | static nlohmann::json json_do_ssl_custom_reload(struct MHD_Connection * connection, std::string const& meth, std::string const& req) { 48 | 49 | using namespace jsonize; 50 | 51 | auto& store = SSLFactory::factory(); 52 | auto lc_ = std::scoped_lock(store.lock()); 53 | 54 | store.cache_custom().clear(); 55 | auto ret = store.load_custom_certificates(); 56 | 57 | return { 58 | {"result", ret }, 59 | {"count", store.cache_custom().size()}, 60 | }; 61 | 62 | } 63 | 64 | -------------------------------------------------------------------------------- /src/service/httpd/handlers/dispatchers.hpp: -------------------------------------------------------------------------------- 1 | #ifndef DISPATCHERS_HPP_ 2 | #define DISPATCHERS_HPP_ 3 | 4 | #include 5 | 6 | #include 7 | #include 8 | 9 | #include 10 | #include 11 | 12 | namespace sx::webserver { 13 | namespace dispatchers { 14 | void controller_add_status(lmh::WebServer &server); 15 | void controller_add_commons(lmh::WebServer &server); 16 | void controller_add_diag(lmh::WebServer &server); 17 | void controller_add_uni(lmh::WebServer &server); 18 | void controller_add_wh_register(lmh::WebServer &server); 19 | void controller_add_wh_unregister(lmh::WebServer &server); 20 | } 21 | } 22 | 23 | #endif -------------------------------------------------------------------------------- /src/service/httpd/httpd.cpp: -------------------------------------------------------------------------------- 1 | #ifdef USE_LMHPP 2 | 3 | #include 4 | #include 5 | #include 6 | #include 7 | #include 8 | 9 | namespace sx::webserver { 10 | using json = nlohmann::json; 11 | 12 | 13 | std::thread* create_httpd_thread(unsigned short port) { 14 | return new std::thread([port]() { 15 | 16 | lmh::WebServer server(port); 17 | server.options().bind_loopback = HttpSessions::loopback_only; 18 | server.options().bind_address = HttpSessions::bind_address; 19 | server.options().bind_interface = HttpSessions::bind_interface; 20 | 21 | // keep default fail-open, unless config says otherwise 22 | if(! HttpSessions::allowed_ips.empty()) 23 | server.options().allowed_ips = HttpSessions::allowed_ips; 24 | 25 | server.options().certificate = std::make_pair( 26 | SSLFactory::factory().config.def_po_key_str, 27 | SSLFactory::factory().config.def_po_cert_str); 28 | 29 | dispatchers::controller_add_authorization(server); 30 | 31 | dispatchers::controller_add_status(server); 32 | dispatchers::controller_add_commons(server); 33 | dispatchers::controller_add_diag(server); 34 | dispatchers::controller_add_uni(server); 35 | dispatchers::controller_add_wh_register(server); 36 | dispatchers::controller_add_wh_unregister(server); 37 | 38 | server.options().handler_should_terminate = []() -> bool { 39 | return SmithProxy::instance().terminate_flag; 40 | }; 41 | server.start(); 42 | }); 43 | 44 | } 45 | 46 | } 47 | #endif -------------------------------------------------------------------------------- /src/service/httpd/util.hpp: -------------------------------------------------------------------------------- 1 | /* 2 | Smithproxy- transparent proxy with SSL inspection capabilities. 3 | Copyright (c) 2014, Ales Stibal , All rights reserved. 4 | 5 | Smithproxy is free software: you can redistribute it and/or modify 6 | it under the terms of the GNU General Public License as published by 7 | the Free Software Foundation, either version 3 of the License, or 8 | (at your option) any later version. 9 | 10 | Smithproxy is distributed in the hope that it will be useful, 11 | but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | GNU General Public License for more details. 14 | 15 | You should have received a copy of the GNU General Public License 16 | along with Smithproxy. If not, see . 17 | 18 | Linking Smithproxy statically or dynamically with other modules is 19 | making a combined work based on Smithproxy. Thus, the terms and 20 | conditions of the GNU General Public License cover the whole combination. 21 | 22 | In addition, as a special exception, the copyright holders of Smithproxy 23 | give you permission to combine Smithproxy with free software programs 24 | or libraries that are released under the GNU LGPL and with code 25 | included in the standard release of OpenSSL under the OpenSSL's license 26 | (or modified versions of such code, with unchanged license). 27 | You may copy and distribute such a system following the terms 28 | of the GNU GPL for Smithproxy and the licenses of the other code 29 | concerned, provided that you include the source code of that other code 30 | when and as the GNU GPL requires distribution of source code. 31 | 32 | Note that people who make modified versions of Smithproxy are not 33 | obligated to grant this special exception for their modified versions; 34 | it is their choice whether to do so. The GNU General Public License 35 | gives permission to release a modified version without this exception; 36 | this exception also makes it possible to release a modified version 37 | which carries forward this exception. 38 | */ 39 | 40 | 41 | #ifndef HTTPD_UTIL_HPP_ 42 | #define HTTPD_UTIL_HPP_ 43 | 44 | 45 | unsigned long long connection_ull_param(MHD_Connection* connection, const char* param, unsigned long long defval) { 46 | const char* param_val_str = MHD_lookup_connection_value(connection, MHD_GET_ARGUMENT_KIND, param); 47 | if(not param_val_str) { 48 | return defval; 49 | } 50 | 51 | return safe_ull_value(param_val_str).value_or(defval); 52 | } 53 | 54 | long long connection_ll_param(MHD_Connection* connection, const char* param, long long defval) { 55 | const char* param_val_str = MHD_lookup_connection_value(connection, MHD_GET_ARGUMENT_KIND, param); 56 | if(not param_val_str) { 57 | return defval; 58 | } 59 | 60 | return safe_ll_value(param_val_str).value_or(defval); 61 | } 62 | 63 | 64 | #endif -------------------------------------------------------------------------------- /src/service/httpd/wh/whcontrol.hpp: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | #include 4 | #include 5 | #include 6 | 7 | #include 8 | 9 | static nlohmann::json wh_register(struct MHD_Connection * connection, std::string const& meth, std::string const& req) { 10 | 11 | using namespace jsonize; 12 | 13 | std::string new_url = load_json_params(req, "rande_url").value_or(""); 14 | bool rande_tls_verify = load_json_params(req, "rande_tls_verify").value_or(true); 15 | 16 | const char* response = "rejected"; 17 | { 18 | auto lc_ = std::scoped_lock(CfgFactory::lock()); 19 | auto fac = CfgFactory::get(); 20 | 21 | if(fac->settings_webhook.enabled and fac->settings_webhook.allow_api_override) { 22 | 23 | fac->settings_webhook.override.timeout.set_expiry(time(nullptr) + 60); // extend by next 60s 24 | fac->settings_webhook.override.url = new_url; 25 | fac->settings_webhook.override.tls_verify = rande_tls_verify; 26 | response = "accepted"; 27 | } 28 | } 29 | 30 | return {{"status", response }}; 31 | 32 | } 33 | 34 | static nlohmann::json wh_unregister(struct MHD_Connection * connection, std::string const& meth, std::string const& req) { 35 | 36 | using namespace jsonize; 37 | 38 | const char* response = "unknown"; 39 | { 40 | auto lc_ = std::scoped_lock(CfgFactory::lock()); 41 | auto fac = CfgFactory::get(); 42 | 43 | // set back defaults 44 | if(fac->settings_webhook.enabled and fac->settings_webhook.allow_api_override) { 45 | fac->settings_webhook.override.url = ""; 46 | fac->settings_webhook.cfg_tls_verify = true; 47 | fac->settings_webhook.override.timeout.set_expiry(time(nullptr)-1); // set expired 48 | 49 | response = "unregistered"; 50 | } 51 | } 52 | 53 | return {{"status", response }}; 54 | 55 | } 56 | -------------------------------------------------------------------------------- /src/service/netservice.cpp: -------------------------------------------------------------------------------- 1 | /* 2 | Smithproxy- transparent proxy with SSL inspection capabilities. 3 | Copyright (c) 2014, Ales Stibal , All rights reserved. 4 | 5 | Smithproxy is free software: you can redistribute it and/or modify 6 | it under the terms of the GNU General Public License as published by 7 | the Free Software Foundation, either version 3 of the License, or 8 | (at your option) any later version. 9 | 10 | Smithproxy is distributed in the hope that it will be useful, 11 | but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | GNU General Public License for more details. 14 | 15 | You should have received a copy of the GNU General Public License 16 | along with Smithproxy. If not, see . 17 | 18 | Linking Smithproxy statically or dynamically with other modules is 19 | making a combined work based on Smithproxy. Thus, the terms and 20 | conditions of the GNU General Public License cover the whole combination. 21 | 22 | In addition, as a special exception, the copyright holders of Smithproxy 23 | give you permission to combine Smithproxy with free software programs 24 | or libraries that are released under the GNU LGPL and with code 25 | included in the standard release of OpenSSL under the OpenSSL's license 26 | (or modified versions of such code, with unchanged license). 27 | You may copy and distribute such a system following the terms 28 | of the GNU GPL for Smithproxy and the licenses of the other code 29 | concerned, provided that you include the source code of that other code 30 | when and as the GNU GPL requires distribution of source code. 31 | 32 | Note that people who make modified versions of Smithproxy are not 33 | obligated to grant this special exception for their modified versions; 34 | it is their choice whether to do so. The GNU General Public License 35 | gives permission to release a modified version without this exception; 36 | this exception also makes it possible to release a modified version 37 | which carries forward this exception. 38 | */ 39 | 40 | 41 | #include 42 | 43 | #include 44 | 45 | //#define MEM_DEBUG 1 46 | #ifdef MEM_DEBUG 47 | #include 48 | #endif 49 | 50 | 51 | namespace sx { 52 | netservice_error::netservice_error (const char *string) : runtime_error(string) {} 53 | netservice_cannot_bind::netservice_cannot_bind (const char *string) : netservice_error(string) {} 54 | } -------------------------------------------------------------------------------- /src/shm/shmauth.cpp: -------------------------------------------------------------------------------- 1 | /* 2 | Smithproxy- transparent proxy with SSL inspection capabilities. 3 | Copyright (c) 2014, Ales Stibal , All rights reserved. 4 | 5 | Smithproxy is free software: you can redistribute it and/or modify 6 | it under the terms of the GNU General Public License as published by 7 | the Free Software Foundation, either version 3 of the License, or 8 | (at your option) any later version. 9 | 10 | Smithproxy is distributed in the hope that it will be useful, 11 | but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | GNU General Public License for more details. 14 | 15 | You should have received a copy of the GNU General Public License 16 | along with Smithproxy. If not, see . 17 | 18 | Linking Smithproxy statically or dynamically with other modules is 19 | making a combined work based on Smithproxy. Thus, the terms and 20 | conditions of the GNU General Public License cover the whole combination. 21 | 22 | In addition, as a special exception, the copyright holders of Smithproxy 23 | give you permission to combine Smithproxy with free software programs 24 | or libraries that are released under the GNU LGPL and with code 25 | included in the standard release of OpenSSL under the OpenSSL's license 26 | (or modified versions of such code, with unchanged license). 27 | You may copy and distribute such a system following the terms 28 | of the GNU GPL for Smithproxy and the licenses of the other code 29 | concerned, provided that you include the source code of that other code 30 | when and as the GNU GPL requires distribution of source code. 31 | 32 | Note that people who make modified versions of Smithproxy are not 33 | obligated to grant this special exception for their modified versions; 34 | it is their choice whether to do so. The GNU General Public License 35 | gives permission to release a modified version without this exception; 36 | this exception also makes it possible to release a modified version 37 | which carries forward this exception. 38 | */ 39 | 40 | 41 | #include 42 | #include 43 | #include 44 | 45 | 46 | IdentityInfoBase::IdentityInfoBase() { 47 | idle_timeout = AuthFactory::get().options.global_idle_timeout; 48 | created = time(nullptr); 49 | last_seen_at = created; 50 | } 51 | 52 | -------------------------------------------------------------------------------- /src/smithlog.hpp: -------------------------------------------------------------------------------- 1 | /* 2 | Smithproxy- transparent proxy with SSL inspection capabilities. 3 | Copyright (c) 2014, Ales Stibal , All rights reserved. 4 | 5 | Smithproxy is free software: you can redistribute it and/or modify 6 | it under the terms of the GNU General Public License as published by 7 | the Free Software Foundation, either version 3 of the License, or 8 | (at your option) any later version. 9 | 10 | Smithproxy is distributed in the hope that it will be useful, 11 | but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | GNU General Public License for more details. 14 | 15 | You should have received a copy of the GNU General Public License 16 | along with Smithproxy. If not, see . 17 | 18 | Linking Smithproxy statically or dynamically with other modules is 19 | making a combined work based on Smithproxy. Thus, the terms and 20 | conditions of the GNU General Public License cover the whole combination. 21 | 22 | In addition, as a special exception, the copyright holders of Smithproxy 23 | give you permission to combine Smithproxy with free software programs 24 | or libraries that are released under the GNU LGPL and with code 25 | included in the standard release of OpenSSL under the OpenSSL's license 26 | (or modified versions of such code, with unchanged license). 27 | You may copy and distribute such a system following the terms 28 | of the GNU GPL for Smithproxy and the licenses of the other code 29 | concerned, provided that you include the source code of that other code 30 | when and as the GNU GPL requires distribution of source code. 31 | 32 | Note that people who make modified versions of Smithproxy are not 33 | obligated to grant this special exception for their modified versions; 34 | it is their choice whether to do so. The GNU General Public License 35 | gives permission to release a modified version without this exception; 36 | this exception also makes it possible to release a modified version 37 | which carries forward this exception. 38 | */ 39 | 40 | #ifndef __SMITHLOG_HPP__ 41 | #define __SMITHLOG_HPP__ 42 | 43 | #include 44 | #include 45 | #include 46 | #include 47 | #include 48 | 49 | #include 50 | #include 51 | #include 52 | #include 53 | 54 | typedef std::pair log_entry; 55 | 56 | class QueueLogger : public LogMux, public lockable { 57 | public: 58 | QueueLogger(); 59 | ~QueueLogger() override = default; 60 | size_t write_log(loglevel l, std::string& sss) override; 61 | virtual size_t write_disk(loglevel l, std::string& sss); 62 | 63 | static void run_queue(std::shared_ptr log_src); 64 | 65 | unsigned int max_len = 1000; 66 | bool debug_queue = false; 67 | 68 | bool sig_terminate = false; 69 | protected: 70 | 71 | std::queue logs_; 72 | 73 | private: 74 | unsigned int warned = 0; 75 | }; 76 | 77 | 78 | std::thread *create_log_writer (); 79 | 80 | #endif -------------------------------------------------------------------------------- /src/smithproxy_version.h.in: -------------------------------------------------------------------------------- 1 | #ifndef SX_VERSION_H 2 | #define SX_VERSION_H 3 | 4 | #define SX_GIT_BRANCH "@SX_GIT_BRANCH@" 5 | #define SX_GIT_COMMIT_HASH "@SX_GIT_COMMIT_HASH@" 6 | #define SX_GIT_VERSION "@SX_GIT_VERSION@" 7 | 8 | #endif 9 | -------------------------------------------------------------------------------- /src/staticcontent.hpp: -------------------------------------------------------------------------------- 1 | /* 2 | Smithproxy- transparent proxy with SSL inspection capabilities. 3 | Copyright (c) 2014, Ales Stibal , All rights reserved. 4 | 5 | Smithproxy is free software: you can redistribute it and/or modify 6 | it under the terms of the GNU General Public License as published by 7 | the Free Software Foundation, either version 3 of the License, or 8 | (at your option) any later version. 9 | 10 | Smithproxy is distributed in the hope that it will be useful, 11 | but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | GNU General Public License for more details. 14 | 15 | You should have received a copy of the GNU General Public License 16 | along with Smithproxy. If not, see . 17 | 18 | Linking Smithproxy statically or dynamically with other modules is 19 | making a combined work based on Smithproxy. Thus, the terms and 20 | conditions of the GNU General Public License cover the whole combination. 21 | 22 | In addition, as a special exception, the copyright holders of Smithproxy 23 | give you permission to combine Smithproxy with free software programs 24 | or libraries that are released under the GNU LGPL and with code 25 | included in the standard release of OpenSSL under the OpenSSL's license 26 | (or modified versions of such code, with unchanged license). 27 | You may copy and distribute such a system following the terms 28 | of the GNU GPL for Smithproxy and the licenses of the other code 29 | concerned, provided that you include the source code of that other code 30 | when and as the GNU GPL requires distribution of source code. 31 | 32 | Note that people who make modified versions of Smithproxy are not 33 | obligated to grant this special exception for their modified versions; 34 | it is their choice whether to do so. The GNU General Public License 35 | gives permission to release a modified version without this exception; 36 | this exception also makes it possible to release a modified version 37 | which carries forward this exception. 38 | */ 39 | 40 | #ifndef _STATICCONTENT_HPP 41 | #define _STATICCONTENT_HPP 42 | 43 | #include 44 | #include 45 | #include 46 | 47 | using namespace ext::nltemplate; 48 | 49 | class StaticContent { 50 | 51 | std::unique_ptr> templates_; 52 | StaticContent() { 53 | templates_ = std::make_unique>("content.replacements"); 54 | 55 | }; 56 | ~StaticContent() = default; 57 | 58 | logan_lite& log = get_log(); 59 | std::mutex lock; 60 | public: 61 | // should be populated externally, on start 62 | static inline uint32_t boot_random {0}; 63 | 64 | bool load_files(std::string& dir); 65 | 66 | std::string render_noargs(std::string const& s); 67 | 68 | std::string render_server_response(std::string const& message, unsigned int code=200); 69 | std::string render_msg_html_page(std::string const& caption, std::string const& meta, std::string const& content,const char* window_width="450px"); 70 | std::shared_ptr