Hi everyone this is my first question on stackoverflow!
I'm using this software (it's a NIDS); one of its features is using socat to create a proxy that saves the traffic to a pcap.
That's the command it uses to do this: /usr/bin/socat -d OPENSSL-LISTEN:50010,cipher=HIGH,method=TLS1.2,reuseaddr,pf=ip4,fk,cert=/usr/local/owlh/src/owlhnode/conf/certs/ca.pem,verify=0 SYSTEM:"/usr/sbin/tcpdump -n -r - -s 0 -G 50 -W 100 -w /usr/local/owlh/pcaps/remote-test%d%m%Y%H%M%S.pcap not port 22"
That's what happens when using curl i try to make a request to google through the proxy:
╭─myasnik@tanuki ~/…/ossihr-poc/docker ‹master*›
╰─$ export https_proxy=https://0.0.0.0:50010/
╭─myasnik@tanuki ~/…/ossihr-poc/docker ‹master*›
╰─$ export http_proxy=https://0.0.0.0:50010/
╭─myasnik@tanuki ~/…/ossihr-poc/docker ‹master*›
╰─$ curl --proxy-insecure www.google.it
curl: (52) Empty reply from server
root@owlh-node:/# /usr/bin/socat -d OPENSSL-LISTEN:50010,cipher=HIGH,method=TLS1.2,reuseaddr,pf=ip4,fk,cert=/usr/local/owlh/src/owlhnode/conf/certs/ca.pem,verify=0 SYSTEM:"/usr/sbin/tcpdump -n -r - -s 0 -G 50 -W 100 -w /usr/local/owlh/pcaps/remote-test%d%m%Y%H%M%S.pcap not port 22"
tcpdump: unknown file format
2020/08/18 12:00:08 socat[1590] W system("/usr/sbin/tcpdump -n -r - -s 0 -G 50 -W 100 -w /usr/local/owlh/pcaps/remote-test%d%m%Y%H%M%S.pcap not port 22") returned with status 256
2020/08/18 12:00:08 socat[1590] W system(): No such file or directory
2020/08/18 12:00:08 socat[1589] E waitpid(): child 1590 exited with status 1
Thanks a lot for your help in advantage!
Here is the answer to the question, i think i misunderstood the way it was supposed to be done: https://github.com/OwlH-net/OwlH-Node/issues/47