We seem to be going round in circles a bit at the moment. We are looking for simple light weight, preferably ruby based proxy that enables us to do the following.

• Proxy HTTPS requests between a browser and a Web app. e.g. GMail
• Intercept and modify the request/responses - Man in the Middle modification
• Generate on the fly SSL certs (or maybe us pre-configured) for use between the proxy and the browser

Using Ruby, we've experimented with em-proxy and Goliath but I don't think these are quite the right fit.

Any suggestions would be very much appreciated.

Best Regards,

Carlskii.

There is also mitmproxy written in Python.

Fiddler can do this, although it's not Ruby-based.

There is also nice looking multiplatform http://www.charlesproxy.com/ with SSL support. It's in java/native code. It's closed-source paid app with free trail.

You can try https://github.com/odcinek/mallory it is more recent though not as fully mature as the previously mentioned other language proxies, this one however IS written in ruby.

Another alternative.

Burp Proxy, freemium, closed source written in java.

Burp Proxy is an interactive HTTP/S proxy server for attacking and testing web applications. It operates as a man-in-the-middle between the end browser and the target web server, and allows the user to intercept, inspect and modify the raw traffic passing in both directions.

Burp Proxy allows you to find and exploit application vulnerabilities by monitoring and manipulating critical parameters and other data transmitted by the application. By modifying browser requests in various malicious ways, Burp Proxy can be used to perform attacks such as SQL injection, cookie subversion, privilege escalation, session hijacking, directory traversal and buffer overflows.

https://github.com/lightbody/browsermob-proxy open-source, well-known solution written in java, can be configured on-the-fly using REST API or Java API