This question already has an answer here:
-
How to create Man in the Middle instrumentation
3 answers
We seem to be going round in circles a bit at the moment. We are looking for simple light weight, preferably ruby based proxy that enables us to do the following.
- Proxy HTTPS requests between a browser and a Web app. e.g. GMail
- Intercept and modify the request/responses - Man in the Middle modification
- Generate on the fly SSL certs (or maybe us pre-configured) for use between the proxy and the browser
Using Ruby, we've experimented with em-proxy and Goliath but I don't think these are quite the right fit.
Any suggestions would be very much appreciated.
Best Regards,
Carlskii.
There is also mitmproxy written in Python.
Fiddler can do this, although it's not Ruby-based.
There is also nice looking multiplatform http://www.charlesproxy.com/ with SSL support. It's in java/native code. It's closed-source paid app with free trail.
You can try https://github.com/odcinek/mallory it is more recent though not as fully mature as the previously mentioned other language proxies, this one however IS written in ruby.
Another alternative.
Burp Proxy, freemium, closed source written in java.
Burp Proxy is an interactive HTTP/S proxy server for attacking and
testing web applications. It operates as a man-in-the-middle between
the end browser and the target web server, and allows the user to
intercept, inspect and modify the raw traffic passing in both
directions.
Burp Proxy allows you to find and exploit application vulnerabilities
by monitoring and manipulating critical parameters and other data
transmitted by the application. By modifying browser requests in
various malicious ways, Burp Proxy can be used to perform attacks such
as SQL injection, cookie subversion, privilege escalation, session
hijacking, directory traversal and buffer overflows.
https://github.com/lightbody/browsermob-proxy open-source, well-known solution written in java, can be configured on-the-fly using REST API or Java API