Skip to content
/ HTTPS-SNI-Proxy Public
forked from dlundquist/sniproxy

TCP proxy that inspects the TLS handshake for server name extension then proxies the request

1 star 397 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

john7doe/HTTPS-SNI-Proxy

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

136 Commits
src
src
 
 
tests
tests
 
 
.gitignore
.gitignore
 
 
ARCHITECTURE.md
ARCHITECTURE.md
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
TODO
TODO
 
 
sni_proxy.conf
sni_proxy.conf
 
 

Repository files navigation

HTTPS SNI Proxy

Proxies TLS and HTTP requests to backend servers based on SNI (server name indication) TLS extension.

Features

  • Namebased proxying of HTTPS without decrypting traffic. No keys or certificates required.
  • Also supports HTTP
  • Support IPv4, IPv6 and Unix domain sockets for both backend servers and listeners
  • Multiple listeners per daemon

Usage

Usage: sni_proxy [-c <config>] [-f]
    -c  configruation file, defaults to /etc/sni_proxy.conf
    -f  run in foreground, do not drop privileges

Configuration Syntax

user daemon

listener 127.0.0.1 443 {
    protocol tls
    table "TableName"
}

table "TableName" {
    # Match exact request hostnames
    example.com 192.0.2.10      4343
    example.net 2001:DB8::1:10  443
    # Or use PCRE to match
    .*\\.com    2001:DB8::1:11  443
    # Combining PCRE and wildchard will resolve the hostname client requested and proxy to it
    .*\\.edu    *               443
}

About

TCP proxy that inspects the TLS handshake for server name extension then proxies the request

Resources

Readme
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published