#!/usr/bin/perl
# SSL Man-In-The-Middle v0.1. Copyright (C) Vlatko Kosturjak, Kost
# Distributed under GPL v2+.

use strict;
use POSIX;
use IO::Socket::SSL qw(debug3);
use Getopt::Long;
use Time::HiRes qw(time);

my $debug = 0;

my $laddr = "127.0.0.1";
my $lport = 8080;
my $raddr      = "127.0.0.1";
my $rport      = 80;

my $logdir;

my $help;
my $daemon;
my $buffersize = 2048;
my $logtype;
my $daemon;
my $serverkey;
my $servercert;
my $serverdh;

$| = 1;

my $goresult = GetOptions(
	"lport=i"      => \$lport,
	"laddr=s"      => \$laddr,
	"rport=i"      => \$rport,
	"raddr=s"      => \$raddr,
	"logtype=i"    => \$logtype,
	"logdir=s"     => \$logdir,
	"daemon"       => \$daemon,
	"serverkey=s"  => \$serverkey,
	"servercert=s" => \$servercert,
	"serverdh=s"   => \$serverdh,
	"help"         => \$help,
	'debug!'	=> \$debug,
);

if ($help) {
	print <<"END";
SSL Man-In-The-Middle v0.1. Copyright (C) Vlatko Kosturjak, Kost
Distributed under GPL v2+. 

Usage: $0 [OPTIONS]

        --lport <port>          Listening port (default 80)
        --laddr <address>       Listening address (default localhost)
        --rport <port>          Remote port to connect to (default 8080)
        --raddr <address>       Remote address to connect to (default localhost)
	--serverkey <file>	Certificate key file for local SSL server
	--servercert <file>	Certificate file for local SSL server
	--serverdh <file>	Diffie-Helman file for key exchange
        --log <type>            Type of log where 0 is no log (default 0)
        --logdir                Directory to log to (default .)
        --daemon                Daemonize (work in background)
        --help                  Display this help message
END
	exit;
}

$Net::SSLeay::trace = 4 if $debug;

$logdir  ||= "$laddr:$lport-$raddr:$rport";
$serverkey ||= "$logdir/ssl.key";
$servercert ||= "$logdir/ssl.cert";

mkdir $logdir;

system "openssl req -new -x509 -days 365 -nodes -out $servercert -keyout $serverkey"
	if ! -e $serverkey && ! -e $servercert;


if ($daemon) {
	my $pid = fork;
	exit if $pid;
	die "$!" unless defined($pid);
	POSIX::setsid() or die "$!";
}

my $ah = IO::Socket::SSL->new(
	'LocalPort'       => $lport,
	'LocalAddr'       => $laddr,
	'Reuse'           => 1,
	'Proto'           => 'tcp',
	'SSL_verify_mode' => '0',
	'SSLdhfile'       => $serverdh,
	'SSL_cert_file'   => $servercert,
	'SSL_key_file'    => $serverkey,
	'Listen'          => 10,
#	'SSL_version' => 'SSLv3',    # SSLv3, SSLv2, TLSv1
#	'SSL_cipher_list' => 'RC4-MD5',
) || die "$!";

$SIG{'CHLD'} = 'IGNORE';
my $num = 0;

while (1) {
	my $ch = $ah->accept();
	if ( !$ch ) {
		print STDERR "cannot accept: $! ", IO::Socket::SSL::errstr(),
			"\n";
		next;
	}
	if ( !$ch ) { print STDERR "cannot accept: $!\n"; next; }
	++$num;
	my $pid = fork();
	if ( !defined($pid) ) { print STDERR "cannot fork while(1) $!\n"; }
	elsif ( $pid == 0 ) {
		$ah->close( SSL_no_shutdown => 1 );
		Run( $ch, $num );
	} else {
		$ch->close( SSL_no_shutdown => 1 );
	}
}

sub hexdump {
	my $bytes = shift;
	my $hex = unpack('H*', $bytes);
	$hex =~ s/(.{8})/$1 /g;
	return $hex;
}

sub Run {
	my ( $ch, $num ) = @_;
	my $th = IO::Socket::SSL->new(
		'PeerAddr'        => $raddr,
		'PeerPort'        => $rport,
#		'SSL_use_cert'    => '0',
#		'SSL_verify_mode' => '0',

		'SSL_version' => 'SSLv3',    # SSLv3, SSLv2, TLSv1
		'SSL_cipher_list' => 'RC4-MD5',
		'Proto'       => 'tcp'
	);
	if ( !$th ) { print "cannot connect $raddr:$rport th: $!"; exit 0; }
	else        { print "connected to $raddr:$rport\n"; }
	my $fh;
	if ( -d $logdir ) {
		$fh = Symbol::gensym();
		my $path = sprintf("%s/%15.5f", $logdir, Time::HiRes::time() );
		open( $fh, '>', $path ) or die "$!";
	}
	$ch->autoflush();
	$th->autoflush();
	my $httpheader = "";
	my $httpbuf    = "";
	while ( $ch || $th ) {
		my $rin = "";
		vec( $rin, fileno($ch), 1 ) = 1 if $ch;
		vec( $rin, fileno($th), 1 ) = 1 if $th;
		my ( $rout, $eout );
		select( $rout = $rin, undef, $eout = $rin, 120 );
		if ( !$rout && !$eout ) { }
		my $cbuffer = "";
		my $tbuffer = "";

		if ($ch
			&& (   vec( $eout, fileno($ch), 1 )
				|| vec( $rout, fileno($ch), 1 ) )
			)
		{
			my $result = sysread( $ch, $tbuffer, $buffersize );
			if ( !defined($result) ) {
				print STDERR "$!\n";
				exit 0;
			}
			if ( $result == 0 ) { exit 0; }
		}
		if ($th
			&& (   vec( $eout, fileno($th), 1 )
				|| vec( $rout, fileno($th), 1 ) )
			)
		{
			my $result = sysread( $th, $cbuffer, $buffersize );
			if ( !defined($result) ) { print STDERR "$!\n"; exit 0; }
			if ( $result == 0 ) { exit 0; }
		}
		if ( $fh && $tbuffer ) {
			print $fh "\n# <<< client\n$tbuffer";
			warn "C>S ", hexdump($tbuffer), "\n";
		}
		while ( my $len = length($tbuffer) ) {
			my $res = syswrite( $th, $tbuffer, $len );
			if ( $res > 0 ) { $tbuffer = substr( $tbuffer, $res ); }
			else            { print STDERR "$!\n"; }
		}
		if ( $fh && $cbuffer ) {
			print $fh "\n# >>> server\n$cbuffer";
			warn "S>C ", hexdump($cbuffer), "\n";
		}
		while ( my $len = length($cbuffer) ) {
			my $res = syswrite( $ch, $cbuffer, $len );
			if ( $res > 0 ) { $cbuffer = substr( $cbuffer, $res ); }
			else            { print STDERR "$!\n"; }
		}
	}
}