Man in the Middle (MITM) proxy with HTTPS support

2019-02-16 13:12发布

This question already has an answer here:

We seem to be going round in circles a bit at the moment. We are looking for simple light weight, preferably ruby based proxy that enables us to do the following.

  • Proxy HTTPS requests between a browser and a Web app. e.g. GMail
  • Intercept and modify the request/responses - Man in the Middle modification
  • Generate on the fly SSL certs (or maybe us pre-configured) for use between the proxy and the browser

Using Ruby, we've experimented with em-proxy and Goliath but I don't think these are quite the right fit.

Any suggestions would be very much appreciated.

Best Regards,

Carlskii.

6条回答
爷的心禁止访问
2楼-- · 2019-02-16 13:39

You can try https://github.com/odcinek/mallory it is more recent though not as fully mature as the previously mentioned other language proxies, this one however IS written in ruby.

查看更多
▲ chillily
3楼-- · 2019-02-16 13:41

Another alternative.

Burp Proxy, freemium, closed source written in java.

Burp Proxy is an interactive HTTP/S proxy server for attacking and testing web applications. It operates as a man-in-the-middle between the end browser and the target web server, and allows the user to intercept, inspect and modify the raw traffic passing in both directions.

Burp Proxy allows you to find and exploit application vulnerabilities by monitoring and manipulating critical parameters and other data transmitted by the application. By modifying browser requests in various malicious ways, Burp Proxy can be used to perform attacks such as SQL injection, cookie subversion, privilege escalation, session hijacking, directory traversal and buffer overflows.

查看更多
聊天终结者
4楼-- · 2019-02-16 13:43

https://github.com/lightbody/browsermob-proxy open-source, well-known solution written in java, can be configured on-the-fly using REST API or Java API

查看更多
手持菜刀,她持情操
5楼-- · 2019-02-16 13:52

Fiddler can do this, although it's not Ruby-based.

查看更多
疯言疯语
6楼-- · 2019-02-16 13:54

There is also mitmproxy written in Python.

查看更多
beautiful°
7楼-- · 2019-02-16 14:00

There is also nice looking multiplatform http://www.charlesproxy.com/ with SSL support. It's in java/native code. It's closed-source paid app with free trail.

查看更多
登录 后发表回答