GitHub - bemoody/islandhack: run a program with simulated WWW access

bemoody / islandhack Public

Notifications You must be signed in to change notification settings
Fork 0
Star 0

run a program with simulated WWW access

Notifications

Name		Name	Last commit message	Last commit date
Latest commit History 17 Commits
example.cache		example.cache
.gitignore		.gitignore
COPYING		COPYING
Makefile		Makefile
README		README
geturl.java		geturl.java
geturl.py		geturl.py
islandhack		islandhack
islandhack-io.c		islandhack-io.c
islandhack.1		islandhack.1
test-client.sh		test-client.sh

Repository files navigation

islandhack
----------

This is a little perl script designed for running obstinate
installation scripts that insist on downloading stuff from the Web, in
situations where you can't or don't want to download anything from the
Web.

It works by running an HTTP proxy server which serves everything from
a local cache directory.  You can populate this cache directory ahead
of time using 'wget', or you can use 'islandhack --update' to populate
it automatically.

For weird clients like git, you can also provide CGI scripts to handle
specific requests.

When the client tries to connect to an HTTPS server, islandhack does
various things to try to persuade the program that its insecure
connection is in fact secure.  This should work for most programs
using OpenSSL or GnuTLS on Debian, Fedora, and derived systems, and
for Java programs using the standard library.  It may or may not work
with other libraries and on other distributions.

(If you find a program/library that doesn't work, and there's an easy
way to kludge around it - setting environment variables, overriding
library functions - please let me know.)

If facing a really stubborn program that insists on using secure
connections (the horror!), you might consider creating a fake CA and
installing it system-wide, and making its private key available to
islandhack.  This of course wrecks the security of your entire system,
but you could do so safely inside a container or VM.  That's beyond
the scope of this program.


History
-------

 0.5 (2019-12-05):
   - An error message is displayed when islandhack exits, if the cache
     has been updated or one or more requests could not be satisfied.
   - New option '--verbose' to print the log to standard error when
     islandhack exits.
   - The server includes the fake CA in its certificate chain.
   - Fake server keys are now 2048 bits.
   - The 'keytool' command will work correctly with JDK 9 or newer.
   - Added a simple test suite, which works by running islandhack
     recursively.

 0.4 (2019-02-12):
   - If 'faketime' is installed, fake certificates are backdated by
     one hour (in case the system clocks are not perfectly
     synchronized between the client and server.)
   - New option '--remember-404' to permit caching of 404 errors.

 0.3 (2018-12-06):
   - Fake certificates now include a subjectAltName.
   - 'openssl genrsa' command line is compatible with newer openssl
     versions.

 0.2 (2018-04-04):
   - HTTPS connections are closed properly, and avoid the 'close() on
     unopened filehandle' error.
   - Higher error status values take precedence over lower ones.
   - The preload library is renamed to libislandhack.so.0, and can be
     installed for multiple architectures in parallel.

 0.1 (2017-02-17):
   - Initial release.