Skip to content
/ tls-reject Public

sniff and reject TLS connections to denied hosts

License

MIT license
0 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

sir-go/tls-reject

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
.github/workflows
.github/workflows
 
 
netstack
netstack
 
 
tests
tests
 
 
.gitignore
.gitignore
 
 
LICENSE.txt
LICENSE.txt
 
 
README.md
README.md
 
 
db_scheme.sql
db_scheme.sql
 
 
reject.py
reject.py
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

Tests

Traffic reject by TLS SNI

This is a part of the parental control system.

Script sniffs mirrored users traffic, gets values of TLS SNI extension in each packet, and sends reset packets to the source IP if SNI contains a denied hostname.

Denied hostnames keep in the periodically updated MySQL database.

Configure

Environment variables:

variable description
BLOCK_DB_HOST mysql host
BLOCK_DB_USERNAME db username
BLOCK_DB_PASSWORD db password
BLOCK_DB_NAME db name
BLOCK_UPD_INTERVAL update list from db interval (sec)
BLOCK_IN_IF input interface name
BLOCK_OUT_IF output interface name

Install -> Test -> Run

virtualenv venv
source ./venv/bin/activate
pip install -r requirements.txt
python -m pytest && python reject.py

About

sniff and reject TLS connections to denied hosts

Topics

python tls network traffic-analysis dpi packet-sniffer tcp-ip sni

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

1 watching

Forks

1 fork
Report repository

Releases 1

v0.12a Latest
Nov 3, 2022

Packages

 
 
 

Languages