THIS IS DRAFT
this is not FOSS, there’s daily quota hence license probably required beyond that, see the logs
polarproxy works with its own CA without issues but we are trying to use ours here and it did not go well:
apparently there is a issue when official root CA RSA while ours is ECDSA (even with --leafcert noclone).
grab the latest binary pack
wget --content-disposition "https://www.netresec.com/?download=PolarProxy" mkdir polar/ tar xzf PolarProxy_0-9-10_linux-x64.tar.gz -C polar/ chmod +x polar/PolarProxy
generate a quick self-signed and CA
cd /etc/ssl/
openssl req -x509 -days 365 -nodes \
-newkey ec:<(openssl ecparam -name prime256v1) \
-keyout prime256v1.key \
-out prime256v1.crt
it has indeed CA:TRUE
openssl x509 -in prime256v1.crt -noout -text | grep CA
now make it readable by PP
openssl pkcs12 -export -out prime256v1.p12 -in prime256v1.crt -inkey prime256v1.key
cd -
the order of the ports matter, donno why 80 is required, but it needs to be there
mkdir -p /data/polar-capture/ polar/PolarProxy --help | less
with built-in PP’s CA
polar/PolarProxy -v -p 443,80 \
--certhttp 10080 \
-o /data/polar-capture
with our own private CA
/root/tp/polar/PolarProxy -v -p 443,80 \
--cacert load:/etc/ssl/prime256v1.p12:PASSWORD \
-o /data/polar-capture \
--leafcert noclone
moar options
# -w /data/polarproxy.pcap
from a remote station
mitm=x.x.x.x curl -I https://www.google.com/ --resolve "www.google.com:443:$mitm" curl -I https://www.google.com/ --resolve "www.google.com:443:$mitm" --insecure
see sslhappy-proxy
<6>[443] 192.168.1.111:443 -> ?:443 Client end-point: 192.168.1.111:55180 <6>[443] 192.168.1.111:443 -> www.google.com:443 Connection request for www.google.com from 192.168.1.111:55180 <4>[443] 192.168.1.111:443 -> www.google.com:443 Internal TLS session authentication System.ArgumentException (0x80070057) : The issuer certificate public key algorithm (1.2.840.10045.2.1) does not match the value for this certificate request (1.2.840.113549.1.1.1), use the X509SignatureGenerator overload. (Parameter 'issuerCertificate') <4>[443] 192.168.1.111:443 -> www.google.com:443 Failed to establish internal TLS session
==> RSA vs ECDSA?
https://oidref.com/1.2.840.10045.2.1 –> Elliptic curve public key cryptography
https://oidref.com/1.2.840.113549.1.1.1 –> Rivest, Shamir and Adleman (RSA) encryption (and signing)
https://superuser.com/questions/301044/how-to-wget-a-file-with-correct-name-when-redirected
https://www.netresec.com/?page=PolarProxy –> modes of operation
https://nibarius.github.io/learning-frida/2022/05/21/sniffing-tls-traffic
https://github.com/0x4F776C/PolarProxy-x-INetSim
https://brezular.com/2022/10/01/decrypting-tls-traffic-with-polarproxy-on-client-pc/
https://weberblog.net/decrypting-tls-traffic-with-polarproxy/
https://superuser.com/questions/1585002/how-do-i-configure-polarproxy-on-ubuntu-20-04
https://blog.apnic.net/2021/08/03/decrypting-tls-traffic-with-polarproxy/