MITM is an ancient attack technique and it is not a good idea because it breaks 
original cert chain. So client (application) will see that cert is different on 
its end. Most people and apps reject connection to a resource with fake cert 
which you're going to send to them.

But you can use Squid for MITM as Stuart recommended, from my side 
HaProxy/Nginx can help you too to do this. For SNI Snort/Suricata can be useful 
but for TLS up to v1.2 only.

Sniffing the traffic that way is a bad idea, most of services uses TLSv1.3 with 
encrypted SNI. So your work will disappear in months.


‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On Friday, May 21, 2021 7:08 AM, Stuart Henderson <s...@spacehopper.org> wrote:

> On 2021-05-18, BS Daemon b...@post.com wrote:
> >                I like using the base OpenBSD utilities, and was
> >
> >
> > wondering if I'm doing something wrong, if relayd could be made to
> > support SNI for man-in-the-middle, or if there is an alternative
> > tool for doing this which would work.
> I can't help with relayd, but this does work with squid (and you can
> filter on user-agent in ACLs).

Reply via email to