Hi, MITM is an ancient attack technique and it is not a good idea because it breaks original cert chain. So client (application) will see that cert is different on its end. Most people and apps reject connection to a resource with fake cert which you're going to send to them.
But you can use Squid for MITM as Stuart recommended, from my side HaProxy/Nginx can help you too to do this. For SNI Snort/Suricata can be useful but for TLS up to v1.2 only. Sniffing the traffic that way is a bad idea, most of services uses TLSv1.3 with encrypted SNI. So your work will disappear in months. Martin ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ On Friday, May 21, 2021 7:08 AM, Stuart Henderson <s...@spacehopper.org> wrote: > On 2021-05-18, BS Daemon b...@post.com wrote: > > > I like using the base OpenBSD utilities, and was > > > > > > wondering if I'm doing something wrong, if relayd could be made to > > support SNI for man-in-the-middle, or if there is an alternative > > tool for doing this which would work. > > I can't help with relayd, but this does work with squid (and you can > filter on user-agent in ACLs).
