You signed in with another tab or window.Reload to refresh your session.You signed out in another tab or window.Reload to refresh your session.You switched accounts on another tab or window.Reload to refresh your session.Dismiss alert
>>> pip install pyOpenSSL>>> pip install twisted>>> pip install cryptography>>> ./omniproxy.py -husage: omniproxy.py [-h] [--local-port<port>] --destination<destination> [--listen-address<listen-address>] [--tcp] [--udp] [--cafile<certificate-file>] [--log-folder LOG_FOLDER] [--quiet]Modular Intercept Proxyoptional arguments: -h, --help show thishelp message andexit --local-port<port>, -p<port> Local proxy port (default:443) --destination<destination>, -d<destination> Server Destination example www.google.com:80 --listen-address<listen-address>, -l<listen-address> Specify the listen address (default is 0.0.0.0) --tcp, -t --udp, -u --cafile<certificate-file>, -c<certificate-file> --log-folder LOG_FOLDER --quiet, -q
Converting Burp Certs
Export your Burp Certificate
Export with theCertificate in DER format option
Export your Burp Private key
Export with thePrivate Key in DER format option
Use the./burp2omni.sh script
This Converts both the Private Key and Certifate from the binary DER format to the base64 PEM format. Then merges them into a single file.
SNI Proxy
When the Proxy recieves a SSL Connection. The first packet the of theClient Hello Packet contains the destination server. Using this information we can block anymore data transfer and query the Destination Server for their Certificate.
Once the Server has the paramaters for that certificate you can generate a new key certificate pair and sign it with a CA Cert.
TLDR: This proxy waits until the connection tells the proxy where the origional destination is. Then it clones that servers Certificate and continues negotating the connection.
This makes it possoble to have a single proxy on a single port and foward it to many destinations.
SNI Proxy Example:
[gen0@gen0-test OmniProxy]$ sudo ./omniproxy.py -c ca.pem --local-port 443 -d example.com:443Getting Server Certificate from example.com:443Cert already exists common_name=www.example.orgTCP[SSL] 0.0.0.0:443 -> example.com:443#0: New Connection to destination <forwarder.SSLProxyServer object at 0x7f080ea639a0>Getting Server Certificate from example.com:443Cert already exists common_name=www.example.org#0: New Connection on local server <forwarder.SSLProxyClient object at 0x7f080ea79460>#1:C->S (75 bytes):GET / HTTP/1.1Host: example.comUser-Agent: curl/7.74.0Accept:*/*#1:C<-S (335 bytes):HTTP/1.1 200 OKAge: 534892Cache-Control: max-age=604800Content-Type: text/html; charset=UTF-8Date: Mon, 18 Jan 2021 19:57:15 GMTEtag:"3147526947+ident"Expires: Mon, 25 Jan 2021 19:57:15 GMTLast-Modified: Thu, 17 Oct 2019 07:18:26 GMTServer: ECS (nyb/1D1A)Vary: Accept-EncodingX-Cache: HITContent-Length: 1256#1:C<-S (1256 bytes):<!doctype html><html><head><title>Example Domain</title><meta charset="utf-8" /><meta http-equiv="Content-type" content="text/html; charset=utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1" /><style type="text/css"> body { background-color:#f0f0f2; margin: 0; padding: 0; font-family: -apple-system, system-ui, BlinkMacSystemFont,"Segoe UI","Open Sans","Helvetica Neue", Helvetica, Arial, sans-serif; } div { width: 600px; margin: 5em auto; padding: 2em; background-color:#fdfdff; border-radius: 0.5em; box-shadow: 2px 3px 7px 2px rgba(0,0,0,0.02); } a:link, a:visited { color:#38488f; text-decoration: none; } @media (max-width: 700px) { div { margin: 0 auto; width: auto; } }</style></head><body><div><h1>Example Domain</h1><p>This domain isforusein illustrative examplesin documents. You may use this domainin literature without prior coordination or askingfor permission.</p><p><a href="https://www.iana.org/domains/example">More information...</a></p></div></body></html>#1: Server closed connection#1: Client closed connected
TCP Proxy
TCP Proxy Example:
gen0@gen0-test OmniProxy]$ sudo ./omniproxy.py --local-port 80 --tcp -d example.com:80TCP 0.0.0.0:80 -> example.com:80#0: New Connection to destination <twisted.protocols.portforward.ProxyServer object at 0x7f467df20850>#0: New Connection on local server <twisted.protocols.portforward.ProxyClient object at 0x7f467df20af0>#1:C->S (75 bytes):GET / HTTP/1.1Host: example.comUser-Agent: curl/7.74.0Accept:*/*#1:C<-S (1591 bytes):HTTP/1.1 200 OKAge: 471203Cache-Control: max-age=604800Content-Type: text/html; charset=UTF-8Date: Mon, 18 Jan 2021 19:46:18 GMTEtag:"3147526947+ident"Expires: Mon, 25 Jan 2021 19:46:18 GMTLast-Modified: Thu, 17 Oct 2019 07:18:26 GMTServer: ECS (nyb/1D0C)Vary: Accept-EncodingX-Cache: HITContent-Length: 1256<!doctype html><html><head><title>Example Domain</title><meta charset="utf-8" /><meta http-equiv="Content-type" content="text/html; charset=utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1" /><style type="text/css"> body { background-color:#f0f0f2; margin: 0; padding: 0; font-family: -apple-system, system-ui, BlinkMacSystemFont,"Segoe UI","Open Sans","Helvetica Neue", Helvetica, Arial, sans-serif; } div { width: 600px; margin: 5em auto; padding: 2em; background-color:#fdfdff; border-radius: 0.5em; box-shadow: 2px 3px 7px 2px rgba(0,0,0,0.02); } a:link, a:visited { color:#38488f; text-decoration: none; } @media (max-width: 700px) { div { margin: 0 auto; width: auto; } }</style></head><body><div><h1>Example Domain</h1><p>This domain isforusein illustrative examplesin documents. You may use this domainin literature without prior coordination or askingfor permission.</p><p><a href="https://www.iana.org/domains/example">More information...</a></p></div></body></html>#1: Server closed connection#1: Client closed connected
There are 6 Callback functions that are called on specific events.
ClientReceiveCallback: Called when the Destination Server Responds with data for the Client (C<-S)
ServerReceiveCallback: Called when data is sent to the Desination Server from the Client. (C->S)
ServerStartCallback: Called when the Proxy Server Makes the connection to the desitnation server.
ClientStartCallback: Called when the Proxy Server Gets a Connection from the The origin of the request.
ServerStartCallback: Called when the Proxy Server Connection is closed.
ClientStartCallback: Called when the Client Connection is closed.
An implimentation of the Callbacks are located in thelogger_callbacks.py file in theSocketLogger Class.These can change the information before the data is sent or recieved from the server.