summaryrefslogtreecommitdiffstats
path: root/intercept.sh
blob: 2af1abfd6a3071865b3630466890eae8030ef64b (plain) (blame) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77

#!/bin/bash

# File stdin format:
#
# baseIP	basePort	netmask	baseDevice
# interceptedIP	interceptedPort
# interceptedIP	interceptedPort
# interceptedIP	interceptedPort
# interceptedIP	interceptedPort
# interceptedIP	interceptedPort
# ...
#
# Sample:
# 192.168.0.200	9000	255.255.255.0	wlan0
# 123.48.12.122	443
# 123.48.12.128	143
# 123.43.12.112	587

set -e

read localBase
localBaseIP="$(cut -f 1 <<< "$localBase")"
localBasePort="$(cut -f 2 <<< "$localBase")"
localBaseNetmask="$(cut -f 3 <<< "$localBase")"
localBaseDevice="$(cut -f 4 <<< "$localBase")"
stunnelConfigDir="$(mktemp -d)"
cd $stunnelConfigDir

echo "[+] Generating wildcard certificate."
openssl genrsa 2048 > host.key
subj="
C=CR
ST=ST
O=ACME
localityName=TOWN
commonName=*
organizationalUnitName=INTERCEPT
emailAddress=$(whoami)@$(uname -n)"
openssl req -new -x509 -nodes -sha1 -days 3650 -key host.key -subj "$(tr "\n" "/" <<< "$subj")" > host.cert
cat host.cert host.key > host.pem


counter=0
while read line; do
	remoteIP="$(cut -f 1 <<< "$line")"
	remotePort="$(cut -f 2 <<< "$line")"
	localIP="$(cut -f 1,2,3 -d . <<< "$localBaseIP").$(($(cut -f 4 -d . <<< "$localBaseIP") + $counter))"
	localPort="$(($localBasePort + $counter))"
	device="$localBaseDevice:$counter"
	serverConfig="server-$counter.conf"
	clientConfig="client-$counter.conf"
	
	echo "[+] Configuring $device to $localIP"
	ifconfig "$device" "$localIP" netmask "$localBaseNetmask up"
	echo "[+] Writing stunnel config for $remoteIP:$remotePort <--> $localIP:$localPort"
	echo "	foreground=no
		service=stunnel
		cert=host.pem
		[server]
		accept=$localIP:$remotePort
		connect=127.0.0.1:$localPort" > "$serverConfig"
	echo "	foreground=no
		client=yes
		[client]
		accept=127.0.0.1:$localPort
		connect=$remoteIP:$remotePort" > "$clientConfig"
	
	echo "[+] Starting server-$counter"
	stunnel "$serverConfig"
	echo "[+] Starting client-$counter"
	stunnel "$clientConfig"
	
	counter="$(($counter + 1))"
done

cd - > /dev/null
rm -rf "$stunnelConfigDir"
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.