Man in the Middle (MITM) proxy with HTTPS support

2019-02-16 13:43发布

问题:

This question already has an answer here:

  • How to create Man in the Middle instrumentation 3 answers

We seem to be going round in circles a bit at the moment. We are looking for simple light weight, preferably ruby based proxy that enables us to do the following.

  • Proxy HTTPS requests between a browser and a Web app. e.g. GMail
  • Intercept and modify the request/responses - Man in the Middle modification
  • Generate on the fly SSL certs (or maybe us pre-configured) for use between the proxy and the browser

Using Ruby, we've experimented with em-proxy and Goliath but I don't think these are quite the right fit.

Any suggestions would be very much appreciated.

Best Regards,

Carlskii.

回答1:

There is also mitmproxy written in Python.



回答2:

Fiddler can do this, although it's not Ruby-based.



回答3:

There is also nice looking multiplatform http://www.charlesproxy.com/ with SSL support. It's in java/native code. It's closed-source paid app with free trail.



回答4:

You can try https://github.com/odcinek/mallory it is more recent though not as fully mature as the previously mentioned other language proxies, this one however IS written in ruby.



回答5:

Another alternative.

Burp Proxy, freemium, closed source written in java.

Burp Proxy is an interactive HTTP/S proxy server for attacking and testing web applications. It operates as a man-in-the-middle between the end browser and the target web server, and allows the user to intercept, inspect and modify the raw traffic passing in both directions.

Burp Proxy allows you to find and exploit application vulnerabilities by monitoring and manipulating critical parameters and other data transmitted by the application. By modifying browser requests in various malicious ways, Burp Proxy can be used to perform attacks such as SQL injection, cookie subversion, privilege escalation, session hijacking, directory traversal and buffer overflows.



回答6:

https://github.com/lightbody/browsermob-proxy open-source, well-known solution written in java, can be configured on-the-fly using REST API or Java API