crabapples
/
websockify
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Feature: target_host is wrapped in SSL using --ssl-target option

This commit is contained in:
Daniel Shields 2012-05-20 13:56:58 -04:00
parent e1c206b315
commit 763d2d7c1c
1 changed files with 17 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
websockify
View File

@ -15,6 +15,14 @@ import socket, optparse, time, os, sys, subprocess
from select import select from select import select
from websocket import WebSocketServer from websocket import WebSocketServer
for mod, sup in [
('ssl', 'TLS/SSL/wss'),
]:
try:
globals()[mod] = __import__(mod)
except ImportError:
globals()[mod] = None
class WebSocketProxy(WebSocketServer): class WebSocketProxy(WebSocketServer):
""" """
Proxy traffic to and from a WebSockets client to a normal TCP Proxy traffic to and from a WebSockets client to a normal TCP
@ -43,6 +51,7 @@ Traffic Legend:
self.target_port = kwargs.pop('target_port') self.target_port = kwargs.pop('target_port')
self.wrap_cmd = kwargs.pop('wrap_cmd') self.wrap_cmd = kwargs.pop('wrap_cmd')
self.wrap_mode = kwargs.pop('wrap_mode') self.wrap_mode = kwargs.pop('wrap_mode')
self.ssl_target = kwargs.pop('ssl_target')
# Last 3 timestamps command was run # Last 3 timestamps command was run
self.wrap_times = [0, 0, 0] self.wrap_times = [0, 0, 0]
@ -143,6 +152,9 @@ Traffic Legend:
self.target_host, self.target_port)) self.target_host, self.target_port))
tsock = self.socket(self.target_host, self.target_port, tsock = self.socket(self.target_host, self.target_port,
connect=True) connect=True)
if ssl and self.ssl_target:
self.msg("wrapping target socket in SSL wrapper")
tsock = ssl.wrap_socket( tsock)
if self.verbose and not self.daemon: if self.verbose and not self.daemon:
print(self.traffic_legend) print(self.traffic_legend)
@ -236,6 +248,8 @@ def websockify_init():
help="SSL key file (if separate from cert)") help="SSL key file (if separate from cert)")
parser.add_option("--ssl-only", action="store_true", parser.add_option("--ssl-only", action="store_true",
help="disallow non-encrypted connections") help="disallow non-encrypted connections")
parser.add_option("--ssl-target", action="store_true",
help="connect to target as SSL client")
parser.add_option("--web", default=None, metavar="DIR", parser.add_option("--web", default=None, metavar="DIR",
help="run webserver on same port. Serve files from DIR.") help="run webserver on same port. Serve files from DIR.")
parser.add_option("--wrap-mode", default="exit", metavar="MODE", parser.add_option("--wrap-mode", default="exit", metavar="MODE",
@ -254,6 +268,9 @@ def websockify_init():
if len(args) > 2: if len(args) > 2:
parser.error("Too many arguments") parser.error("Too many arguments")
if not ssl and opts.ssl_target:
parser.error("SSL target requested and Python SSL module not loaded.");
if opts.ssl_only and not os.path.exists(opts.cert): if opts.ssl_only and not os.path.exists(opts.cert):
parser.error("SSL only and %s not found" % opts.cert) parser.error("SSL only and %s not found" % opts.cert)