Proof of concept MITM postgres server.
Runs on users machine. Opens a port on localhost machine for psql & other tools to connect to a DB.
Runs next to a Postgres DB it has access to and transforms byte streams for authentication to the DB.
Currently contains:
ColinsBuffer, which is a two-way concurrent byte stream which modifies authentication flow to Postgres for authenticated users.
- Password swap
- Authentication between daemon & relay. Daemon will already know user is authenticated.
- Multi-port relay
Running locally requires:
-
tmuxp
-
bacon
-
docker
-
rust
-
Run dam:
# run daemon and relay in a tmux window make run -
Connect to postgres DB:
# connect to dam-daemon PGPASSWORD=password psql -h 127.0.0.1 -p 8000 -U maddy -d sammydb # connect to the postgres container PGPASSWORD=sammypassword psql -h 127.0.0.1 -p 65432 -U sammy -d sammydb
The password provided by the client must be the same as the one in client_final_message when the final client proof gets created.