"Cornelius Jubjub" <cornelius.jub...@gmx.com> writes:
> Hello all,
>
> First off, I hope everyone is staying happy, healthy and sane in these
> difficult times.
>
> I've been working on a little side project involving some IoT devices
> and I'm in the need of a HTTPS MITM proxy so I can do some traffic
> analysis. I'm running OpenBSD 6.6 as my firewall at home doing NAT and
> providing some other network plumbing (great term btw!). I have been
> exploring relayd to do this intercept on the firewall. Currently I have
> this config for a tls proxy:
>
> log connection
>
> http protocol httpfilter {
> return error
> pass
> match url log
>
> tls ca key "/etc/ssl/private/ca.key" password "stinkbutt"
> tls ca cert "/etc/ssl/ca.crt"
> }
>
> relay tlsmitm {
> listen on 127.0.0.1 port 8443 tls
> protocol httpfilter
> forward with tls to destination
> }
>
> EOF
>
> The issues I'm having are two fold, first off I can't, for the life of
> me get anything to appear in the log (/var/log/daemon) except for the
> usual daemon start and stops.
The default log level doesn't log anything besides starts and stops.
Try "relayctl log verbose". You also need to configure syslogd(8)
properly, for that and for things like log connection to work.
You also might try "relayctl monitor".
If you expect to see something but don't, the relayd configuration
isn't doing what you think it's doing. Here's one potential issue:
you might want to have your relay listening on the router's LAN
IP, to listen for incoming connections. I think that listening on
localhost will only catch stuff being sent within the router box, but I
could be wrong.
Make sure you've got the relayd anchor set up for pf, see relayd(8).
> Secondly, I'd really like to dump all of
> the traffic al la tcpdump but I don't really see a place to do so (no
> unencrypted data passes through an interface AFAIK).
> I'm hoping someone might be able to steer me in the right direction
> and maybe let me know if I'm using the wrong tool for the job.
>
> Thank you,
>
> CJ
