Use Openssl to tunnel plaintext connections over SSL/TLS (Misc)
It's not a common requirement, but sometimes you want to have something to use a plaintext connection, and then tunnel that onwards over a TLS connection.
My most common use for this is to make it easy to intercept/inspect behaviour between some software and a HTTPS endpoint controlled by someone else - if you can get the software to make a plaintext connection, you can tunnel it onwards whilst running pcaps/logging to observe the conversation
To achieve this, we
- Create a FIFO to pass output through
- Have
netcatlisten on a port of our choosing - Pass netcat's output into the FIFO, and read from the FIFO
- Read the FIFO into OpenSSL's
s_clientto effect the tunnel - Have our plaintext app speak to
netcat
Details
- Language: Misc
Snippet
mkfifo foobar
# With logging to /tmp/testlog
nc -k -l $PORT < foobar | tee /tmp/testlog | openssl s_client -quiet -connect $DEST_NAME:443 -servername $DEST_NAME | tee -a /tmp/testlog >foobar
# Without logging
nc -k -l $PORT < foobar | openssl s_client -quiet -connect $DEST_NAME:443 -servername $DEST_NAME > foobar
Usage Example
mkfifo foobar
nc -k -l 4444 < foobar | tee -a /tmp/testlog | openssl s_client -quiet -connect snippets.bentasker.co.uk:443 -servername snippets.bentasker.co.uk | tee -a /tmp/testlog >foobar
# Place a requests
curl -H "Host: snippets.bentasker.co.uk" http://127.0.0.1:4444/
# Request headers and the response will be logged to /tmp/testlog
# you can also just run a packet capture against 4444 to get
# the entire plaintext conversation
#
# tcpdump -i lo -s0 -w cap.pcap -v port 4444
# Although we've used HTTP for an example, this will work for various other protocols too.
# For a slightly more advanced example, we might also want to manipulate the output somehow
#
#
nc -k -l 4444 < foobar | tee -a /tmp/testlog | openssl s_client -quiet -connect snippets.bentasker.co.uk:443 -servername snippets.bentasker.co.uk | sed '~s/bentasker/me/g' | tee -a /tmp/testlog >foobar
# or even manipulate the input
nc -k -l 4444 < foobar | tee -a /tmp/testlog | python my_evil_script | openssl s_client -quiet -connect snippets.bentasker.co.uk:443 -servername snippets.bentasker.co.uk | tee -a /tmp/testlog >foobar