2

Existing solutions like openssl-tracer and sslsniff work by intercepting calls to shared libraries like openssl and nss.

But Go has its own SSL library, so those solutions do not work for programs written in Go. How can I intercept calls from Go programs to its own SSL library?

Evan Rolfe
  • 151
  • 1
  • 10
  • Use OS-level network interception, e.g. Fiddler on Windows: https://www.telerik.com/download/fiddler – Dai Apr 20 '23 at 08:36
  • @SteffenUllrich (Pardon the off-topic question, but my I ask what [your avatar picture](https://i.stack.imgur.com/Z2NYm.png?s=256&g=1) is a photo of? I've seen it before somewhere but I can't put my finger on it... - foldable chair? eating utensil?) – Dai Apr 20 '23 at 10:41
  • @SteffenUllrich shouldn't I be able to use uprobe to intercept user-space calls? – Evan Rolfe Apr 20 '23 at 13:06
  • @EvanRolfe: you are probably right, I deleted my comment – Steffen Ullrich Apr 20 '23 at 15:47
  • 1
    @Dai: folding chair – Steffen Ullrich Apr 20 '23 at 15:48
  • @Dai fiddler does not help here 1. because I'm looking to do this programatically, not using paid software 2. Fiddler works by setting the $HTTP_PROXY env var and Go's http library does not use this var – Evan Rolfe Apr 20 '23 at 16:00
  • @EvanRolfe are you using WIndows? Fiddler on Windows ("Fiddler Classic") works very differently to Fiddler's other OS ports (and the Windows ecosystem generally doesn't use the `HTTP_PROXY` env var). – Dai Apr 20 '23 at 16:17
  • @Dai doesn't matter if i'm using windows or something else, this is a programming question so "use fiddler" is not a solution. But i will update my question to specify the OS anyway. – Evan Rolfe Apr 20 '23 at 18:47
  • Wireshark is a powerful tool for intercepting networks, this [post](https://www.benburwell.com/posts/intercepting-golang-tls-with-wireshark/) discusses its 'configuration' with Go. – Jishan Shaikh Apr 21 '23 at 07:32

0 Answers0