Complete SSL library support and comprehensive build documentation

- Added comprehensive SSL/TLS hooking for 9 implementations:
  * OpenSSL/LibreSSL (SSL_write/SSL_read)
  * Windows Schannel (EncryptMessage/DecryptMessage)
  * NSS (Mozilla) (SSL_Write/SSL_Read/SSL_ForceHandshake)
  * GnuTLS (gnutls_record_send/gnutls_record_recv)
  * mbed TLS (mbedtls_ssl_write/mbedtls_ssl_read)
  * wolfSSL (wolfSSL_write/wolfSSL_read)
  * Botan TLS (simplified C++ API hooking)

- Enhanced per-connection logging with individual files for each TCP connection
- Fixed all build warnings for clean compilation
- Added comprehensive build documentation for Linux and Windows
- Created Makefile.win for native Windows compilation
- Detailed Detours integration guide for cross-platform builds
- Updated README with complete setup instructions and troubleshooting

Makefile.win

+# Windows Native Build Makefile
+# Requires Visual Studio Developer Command Prompt
+
+CC = cl
+LINK = link
+CFLAGS = /W3 /O2 /MT
+LDFLAGS =
+
+# Detours paths (adjust if installed elsewhere)
+DETOURS_PATH = detours
+DETOURS_LIB = $(DETOURS_PATH)\lib64\detours.lib
+
+# Targets
+all: network_monitor.exe ssl_hook.dll packet_capture.dll bgvnc.exe
+
+network_monitor.exe: network_monitor.c
+	$(CC) $(CFLAGS) network_monitor.c /link ws2_32.lib iphlpapi.lib /out:$@
+
+ssl_hook.dll: ssl_hook.c ssl_hook.h
+	$(CC) /LD $(CFLAGS) ssl_hook.c $(DETOURS_LIB) /I $(DETOURS_PATH)\include /link /out:$@
+
+packet_capture.dll: packet_capture.c
+	$(CC) /LD $(CFLAGS) packet_capture.c /link ws2_32.lib /out:$@
+
+bgvnc.exe: bgvnc.c
+	$(CC) $(CFLAGS) bgvnc.c /link ws2_32.lib gdi32.lib user32.lib /out:$@
+
+# Clean build artifacts
+clean:
+	del /Q *.exe *.dll *.obj *.lib *.exp
+
+.PHONY: all clean
\ No newline at end of file

README.md

@@ -5,10 +5,17 @@ A comprehensive Windows network monitoring and SSL interception toolkit that can
 ## Features
 
 - **Network Connection Monitoring**: Tracks TCP connections and logs internal vs external traffic
-- **SSL/TLS Interception**: Hooks OpenSSL and Windows Schannel to capture unencrypted traffic
+- **Comprehensive SSL/TLS Interception**: Hooks 9 different SSL implementations:
+  - OpenSSL/LibreSSL (`SSL_write`, `SSL_read`)
+  - Windows Schannel (`EncryptMessage`, `DecryptMessage`)
+  - NSS (Mozilla) (`SSL_Write`, `SSL_Read`)
+  - GnuTLS (`gnutls_record_send`, `gnutls_record_recv`)
+  - mbed TLS (`mbedtls_ssl_write`, `mbedtls_ssl_read`)
+  - wolfSSL (`wolfSSL_write`, `wolfSSL_read`)
+  - Botan TLS (simplified C++ API hooking)
 - **DLL Injection**: Loads monitoring DLL into target processes
 - **Syscall Monitoring**: Logs DLL loading and function resolution calls
-- **Packet Capture**: Generates Wireshark-compatible PCAP files and raw dumps
+- **Packet Capture**: Generates Wireshark-compatible PCAP files and raw dumps per connection
 - **VNC Server**: Remote desktop access to monitored Windows applications
 
 ## Components
@@ -49,56 +56,165 @@ For each unique TCP connection, the following files are created:
 
 ### Prerequisites
 
-- Linux system with MinGW-w64 cross-compiler
-- Microsoft Detours library (for full hooking functionality - optional)
+#### For Linux Cross-Compilation:
+- Linux system (Ubuntu/Debian recommended)
+- MinGW-w64 cross-compiler
+- Git
+- Microsoft Detours library (for full hooking functionality - optional but recommended)
 
-### Quick Start (Limited Functionality)
+#### For Native Windows Compilation:
+- Windows 10/11
+- Visual Studio 2019/2022 with C++ build tools
+- Git
+- Microsoft Detours library
 
+### Quick Start
+
+#### Linux (Limited Functionality - No Detours)
 ```bash
+sudo apt-get update
+sudo apt-get install gcc-mingw-w64
+git clone <repository-url>
+cd network-monitoring-suite
 ./configure.sh
 make NO_DETOURS=1
 ```
 
-### Full Build with Detours Support
+#### Linux (Full Functionality with Detours)
+```bash
+# 1. Install base dependencies
+sudo apt-get update
+sudo apt-get install gcc-mingw-w64 git p7zip-full
+
+# 2. Download and extract Microsoft Detours on Windows
+# On Windows machine:
+git clone https://github.com/microsoft/Detours.git
+cd Detours
+# Open Visual Studio Developer Command Prompt
+nmake
+
+# 3. Copy Detours files to Linux
+# Create directory on Linux
+sudo mkdir -p /usr/local/detours
 
-#### 1. Install Base Dependencies
+# Copy from Windows (adjust paths as needed)
+# scp user@windows:/path/to/Detours/include/* /usr/local/detours/include/
+# scp user@windows:/path/to/Detours/lib.X64/* /usr/local/detours/lib64/
 
+# 4. Build the project
+cd network-monitoring-suite
+./configure.sh
+make
+```
+
+#### Windows (Native Build)
+```cmd
+# Install Visual Studio Build Tools if not already installed
+# Download from: https://visualstudio.microsoft.com/downloads/
+
+# Clone and build Detours
+git clone https://github.com/microsoft/Detours.git
+cd Detours
+nmake
+
+# Copy Detours to project directory
+xcopy include\* ..\network-monitoring-suite\detours\include\ /Y /I
+xcopy lib.X64\* ..\network-monitoring-suite\detours\lib64\ /Y /I
+
+# Build the project
+cd ..\network-monitoring-suite
+nmake /f Makefile.win
+```
+
+### Detailed Linux Build Instructions
+
+#### Step 1: Install MinGW-w64 Cross-Compiler
 ```bash
+# Ubuntu/Debian
 sudo apt-get update
-sudo apt-get install gcc-mingw-w64 git
-```
+sudo apt-get install gcc-mingw-w64
 
-#### 2. Build Microsoft Detours (Requires Windows)
+# Verify installation
+x86_64-w64-mingw32-gcc --version
+```
 
-On a Windows machine with Visual Studio Build Tools:
+#### Step 2: Obtain Microsoft Detours
+Microsoft Detours is proprietary software and must be built on Windows. Here's the complete process:
 
+**On Windows:**
+1. Install Visual Studio 2019/2022 with "Desktop development with C++" workload
+2. Open "Developer Command Prompt for VS 2019/2022"
+3. Run these commands:
 ```cmd
 git clone https://github.com/microsoft/Detours.git
 cd Detours
 nmake
 ```
 
-Copy the built Detours to your Linux machine:
-
+**Transfer to Linux:**
 ```bash
-# Create Detours directory on Linux
+# On Linux machine
 sudo mkdir -p /usr/local/detours
 
-# Copy from Windows (adjust paths as needed)
-# scp user@windows:/path/to/Detours/include/* /usr/local/detours/include/
-# scp user@windows:/path/to/Detours/lib.X64/* /usr/local/detours/lib64/
-```
+# Use scp, rsync, or shared folder to copy:
+# /path/to/Detours/include/ -> /usr/local/detours/include/
+# /path/to/Detours/lib.X64/ -> /usr/local/detours/lib64/
 
-#### 3. Configure and Build
+# Verify files are present
+ls -la /usr/local/detours/include/
+ls -la /usr/local/detours/lib64/
+```
 
+#### Step 3: Configure and Build
 ```bash
+# Clone the repository
+git clone <repository-url>
+cd network-monitoring-suite
+
+# Run configuration script
 ./configure.sh
+
+# Build with full functionality
 make
+
+# Or build without Detours (limited functionality)
+make NO_DETOURS=1
+```
+
+### Detailed Windows Build Instructions
+
+#### Prerequisites:
+- Windows 10/11
+- Visual Studio 2019/2022 with C++ build tools
+- Git for Windows
+
+#### Step 1: Install Visual Studio Build Tools
+1. Download Visual Studio Installer
+2. Select "Desktop development with C++"
+3. Install the components
+
+#### Step 2: Build Microsoft Detours
+```cmd
+# Open Developer Command Prompt for VS
+git clone https://github.com/microsoft/Detours.git
+cd Detours
+nmake
+```
+
+#### Step 3: Build the Project
+```cmd
+# Copy Detours to project (adjust paths)
+xcopy Detours\include\* network-monitoring-suite\detours\include\ /Y /I
+xcopy Detours\lib.X64\* network-monitoring-suite\detours\lib64\ /Y /I
+
+# Build using provided Makefile.win
+cd network-monitoring-suite
+nmake /f Makefile.win
 ```
 
 ### Manual Build Commands
 
-#### Without Detours (Limited functionality):
+#### Linux Cross-Compilation (Without Detours):
 ```bash
 x86_64-w64-mingw32-gcc network_monitor.c -o network_monitor.exe -lws2_32 -liphlpapi -static
 x86_64-w64-mingw32-gcc -shared ssl_hook.c -o ssl_hook.dll -DNO_DETOURS -static
@@ -106,18 +222,57 @@ x86_64-w64-mingw32-gcc -shared packet_capture.c -o packet_capture.dll -lws2_32 -
 x86_64-w64-mingw32-gcc bgvnc.c -o bgvnc.exe -lws2_32 -lgdi32 -luser32 -static
 ```
 
-#### With Detours (Full functionality):
+#### Linux Cross-Compilation (With Detours):
 ```bash
 x86_64-w64-mingw32-gcc network_monitor.c -o network_monitor.exe -lws2_32 -liphlpapi -static
-x86_64-w64-mingw32-gcc -shared ssl_hook.c -o ssl_hook.dll -L/usr/local/detours/lib64 -ldetours -lsspi -static
+x86_64-w64-mingw32-gcc -shared ssl_hook.c -o ssl_hook.dll -I/usr/local/detours/include -L/usr/local/detours/lib64 -ldetours -lsspi -static
 x86_64-w64-mingw32-gcc -shared packet_capture.c -o packet_capture.dll -lws2_32 -static
 x86_64-w64-mingw32-gcc bgvnc.c -o bgvnc.exe -lws2_32 -lgdi32 -luser32 -static
 ```
 
-### Build Options
+#### Windows Native Compilation:
+```cmd
+# Using provided Makefile.win
+nmake /f Makefile.win
+
+# Or manual compilation with cl.exe:
+cl network_monitor.c /link ws2_32.lib iphlpapi.lib /out:network_monitor.exe
+cl /LD ssl_hook.c detours.lib /I detours\include /link /out:ssl_hook.dll
+cl /LD packet_capture.c ws2_32.lib /out:packet_capture.dll
+cl bgvnc.c /link ws2_32.lib gdi32.lib user32.lib /out:bgvnc.exe
+```
 
-- `NO_DETOURS=1`: Build without Detours (limited SSL hooking)
+### Build Configuration
+
+#### Linux Build Options:
+- `NO_DETOURS=1`: Build without Detours (limited SSL hooking functionality)
 - `DETOURS_PATH=/custom/path`: Specify custom Detours installation path
+- Clean build: `make clean`
+
+#### Windows Build Options:
+- Uses `Makefile.win` for native Windows compilation
+- Requires Detours in `detours\` subdirectory
+- Clean build: `nmake /f Makefile.win clean`
+
+#### Environment Variables:
+- `DETOURS_PATH`: Custom path to Detours installation (Linux default: `/usr/local/detours`)
+
+### Troubleshooting
+
+#### Linux Issues:
+- **"cannot find -ldetours"**: Ensure Detours is properly installed in `/usr/local/detours`
+- **"x86_64-w64-mingw32-gcc: command not found"**: Install MinGW-w64: `sudo apt-get install gcc-mingw-w64`
+- **Permission denied**: Use `sudo` for system-wide installations
+
+#### Windows Issues:
+- **"nmake: command not found"**: Use Visual Studio Developer Command Prompt
+- **Missing headers**: Ensure all Visual Studio components are installed
+- **Linker errors**: Verify Detours library paths are correct
+
+#### General Issues:
+- **Build fails with warnings**: Warnings are normal; the build should still succeed
+- **Runtime issues**: Ensure all DLLs are in the same directory as executables
+- **UAC/Admin rights**: Some features may require administrator privileges
 
 ## Usage
 

ssl_hook.h

@@ -44,16 +44,73 @@ int hooked_SSL_read(void* ssl, void* buf, int num);
 SECURITY_STATUS hooked_EncryptMessage(PCtxtHandle phContext, ULONG fQOP, PSecBufferDesc pMessage, ULONG MessageSeqNo);
 SECURITY_STATUS hooked_DecryptMessage(PCtxtHandle phContext, PSecBufferDesc pMessage, ULONG MessageSeqNo, PULONG pfQOP);
 
+// Function pointer types for additional SSL libraries
+
+// LibreSSL (same as OpenSSL)
+typedef int (*LibreSSL_write_t)(void* ssl, const void* buf, int num);
+typedef int (*LibreSSL_read_t)(void* ssl, void* buf, int num);
+
+// NSS (Mozilla)
+typedef int (*NSS_SSL_Write_t)(void* ssl, const void* buf, int num);
+typedef int (*NSS_SSL_Read_t)(void* ssl, void* buf, int num);
+typedef int (*NSS_SSL_ForceHandshake_t)(void* ssl);
+
+// GnuTLS
+typedef int (*GnuTLS_record_send_t)(void* session, const void* data, size_t data_size);
+typedef int (*GnuTLS_record_recv_t)(void* session, void* data, size_t data_size);
+
+// mbed TLS
+typedef int (*mbedTLS_ssl_write_t)(void* ssl, const unsigned char* buf, size_t len);
+typedef int (*mbedTLS_ssl_read_t)(void* ssl, unsigned char* buf, size_t len);
+
+// wolfSSL
+typedef int (*wolfSSL_write_t)(void* ssl, const void* data, int sz);
+typedef int (*wolfSSL_read_t)(void* ssl, void* data, int sz);
+
+// Botan (C++ - simplified)
+typedef int (*Botan_TLS_write_t)(void* channel, const void* buf, size_t length);
+typedef int (*Botan_TLS_read_t)(void* channel, void* buf, size_t length);
+
 // Function pointer types for syscall monitoring
 typedef HMODULE (*LoadLibraryA_t)(LPCSTR lpLibFileName);
 typedef HMODULE (*LoadLibraryW_t)(LPCWSTR lpLibFileName);
 typedef FARPROC (*GetProcAddress_t)(HMODULE hModule, LPCSTR lpProcName);
 
+// Original function pointers for additional SSL libraries
+extern LibreSSL_write_t original_LibreSSL_write;
+extern LibreSSL_read_t original_LibreSSL_read;
+extern NSS_SSL_Write_t original_NSS_SSL_Write;
+extern NSS_SSL_Read_t original_NSS_SSL_Read;
+extern NSS_SSL_ForceHandshake_t original_NSS_SSL_ForceHandshake;
+extern GnuTLS_record_send_t original_GnuTLS_record_send;
+extern GnuTLS_record_recv_t original_GnuTLS_record_recv;
+extern mbedTLS_ssl_write_t original_mbedTLS_ssl_write;
+extern mbedTLS_ssl_read_t original_mbedTLS_ssl_read;
+extern wolfSSL_write_t original_wolfSSL_write;
+extern wolfSSL_read_t original_wolfSSL_read;
+extern Botan_TLS_write_t original_Botan_TLS_write;
+extern Botan_TLS_read_t original_Botan_TLS_read;
+
 // Original function pointers for syscall monitoring
 extern LoadLibraryA_t original_LoadLibraryA;
 extern LoadLibraryW_t original_LoadLibraryW;
 extern GetProcAddress_t original_GetProcAddress;
 
+// Hooked functions for additional SSL libraries
+int hooked_LibreSSL_write(void* ssl, const void* buf, int num);
+int hooked_LibreSSL_read(void* ssl, void* buf, int num);
+int hooked_NSS_SSL_Write(void* ssl, const void* buf, int num);
+int hooked_NSS_SSL_Read(void* ssl, void* buf, int num);
+int hooked_NSS_SSL_ForceHandshake(void* ssl);
+int hooked_GnuTLS_record_send(void* session, const void* data, size_t data_size);
+int hooked_GnuTLS_record_recv(void* session, void* data, size_t data_size);
+int hooked_mbedTLS_ssl_write(void* ssl, const unsigned char* buf, size_t len);
+int hooked_mbedTLS_ssl_read(void* ssl, unsigned char* buf, size_t len);
+int hooked_wolfSSL_write(void* ssl, const void* data, int sz);
+int hooked_wolfSSL_read(void* ssl, void* data, int sz);
+int hooked_Botan_TLS_write(void* channel, const void* buf, size_t length);
+int hooked_Botan_TLS_read(void* channel, void* buf, size_t length);
+
 // Hooked functions for syscall monitoring
 HMODULE hooked_LoadLibraryA(LPCSTR lpLibFileName);
 HMODULE hooked_LoadLibraryW(LPCWSTR lpLibFileName);