Last active
December 4, 2016 16:41
-
-
Save reyk/4b42858d1eab3825f9bc to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#superfish relayd.conf example. | |
# Using Lenovo's pre-installed "superfish" private key and CA certificate. | |
# http://support.lenovo.com/us/en/product_security/superfish | |
# First set up a redirection in pf.conf: | |
#pass in on $int_if inet proto tcp to port 443 divert-to 127.0.0.1 port 8080 | |
#pass out on $ext_if nat-to ($ext_if:0) | |
# Now get the superfish.pem online, eg. from: | |
# https://gist.github.com/mathiasbynens/7a13a467b22c42505490 | |
# And run relayd on the gateway with the following configuration: | |
http protocol "superfish" { | |
return error | |
# The CA key to create and sign server certificates on the fly: | |
tls ca cert "/etc/ssl/superfish.pem" | |
tls ca key "/etc/ssl/superfish.pem" password "komodia" | |
# Simple example: log all HTTPS URLs | |
pass url log | |
} | |
relay "www" { | |
listen on 127.0.0.1 port 8080 tls | |
protocol "superfish" | |
forward with tls to destination | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This could work with #eDellRoot as well.