tlsproxy/README.md

tlsproxy
=================

A most basic TLS man-in-the-middle forward proxy using [rustls](https://github.com/ctz/rustls) and [Tokio](tokio.rs).

This proxy allows you, given you have the certificate chain of the server, to replace byte sequences of length N with another byte sequence of length N in outbound requests.
For example, you could replace `https://testserver.com/?name=foo` with `?name=bar`
This is a toy, proof of concept project. It is not thoroughly tested and will have issues with a very high probability.

Sample usage:
```
$ cargo build && cargo run -- \
  --chaincert test-ca/end.fullchain \
  --key test-ca/end.key \
  --cacert test-ca/ca.cert \
  --replace 's/foo/bar' \
  --verbose
  
Listening on 127.0.0.1:8080
```

Send requests to your destination through this proxy:
```
curl https://testserver.com:5000 \
  --cacert test-ca/ca.cert \
  -x http://127.0.0.1:8080 --proxytunnel \
  --verbose
```

Please note this means you need to have a server running at `testserver.com:5000`, to do so, you can use the sample python server provided:

```
cd sample-server
pyenv local # 3.6.4 version
pip install flask

python main.py
```

You will then have a server running on `127.0.0.1:5000`. You can then point `testserver.com` to this server by editing your `/etc/hosts`:

```
127.0.0.1 testserver.com
```

Then you can try sending a request with a replacement:
```
curl 'https://testserver.com:5000?foo=foo' \
  --cacert test-ca/ca.cert \
  -x http://127.0.0.1:8080 --proxytunnel \
  --verbose
```

The python server will log:
```
GET https://testserver.com:5000/?bar=bar
```
feat: cleanup README and add test-ca files for testing 2021-03-19 17:13:53 +00:00			`tlsproxy`
feat: add README 2021-03-15 09:10:05 +00:00			`=================`

fix: cleanups 2021-03-19 17:33:47 +00:00			`A most basic TLS man-in-the-middle forward proxy using [rustls](https://github.com/ctz/rustls) and [Tokio](tokio.rs).`

			`This proxy allows you, given you have the certificate chain of the server, to replace byte sequences of length N with another byte sequence of length N in outbound requests.`
			For example, you could replace `https://testserver.com/?name=foo` with `?name=bar`
			`This is a toy, proof of concept project. It is not thoroughly tested and will have issues with a very high probability.`
feat: add README 2021-03-15 09:10:05 +00:00
			`Sample usage:`
			```
feat: cleanup README and add test-ca files for testing 2021-03-19 17:13:53 +00:00			`$ cargo build && cargo run -- \`
			`--chaincert test-ca/end.fullchain \`
			`--key test-ca/end.key \`
			`--cacert test-ca/ca.cert \`
			`--replace 's/foo/bar' \`
			`--verbose`

feat: add README 2021-03-15 09:10:05 +00:00			`Listening on 127.0.0.1:8080`
			```

			`Send requests to your destination through this proxy:`
			```
feat: cleanup README and add test-ca files for testing 2021-03-19 17:13:53 +00:00			`curl https://testserver.com:5000 \`
			`--cacert test-ca/ca.cert \`
			`-x http://127.0.0.1:8080 --proxytunnel \`
			`--verbose`
			```

fix: cleanups 2021-03-19 17:33:47 +00:00			Please note this means you need to have a server running at `testserver.com:5000`, to do so, you can use the sample python server provided:
feat: cleanup README and add test-ca files for testing 2021-03-19 17:13:53 +00:00
			```
			`cd sample-server`
			`pyenv local # 3.6.4 version`
			`pip install flask`

			`python main.py`
			```

fix: cleanups 2021-03-19 17:33:47 +00:00			You will then have a server running on `127.0.0.1:5000`. You can then point `testserver.com` to this server by editing your `/etc/hosts`:
feat: cleanup README and add test-ca files for testing 2021-03-19 17:13:53 +00:00
			```
			`127.0.0.1 testserver.com`
			```

			`Then you can try sending a request with a replacement:`
			```
			`curl 'https://testserver.com:5000?foo=foo' \`
			`--cacert test-ca/ca.cert \`
			`-x http://127.0.0.1:8080 --proxytunnel \`
			`--verbose`
			```

			`The python server will log:`
			```
			`GET https://testserver.com:5000/?bar=bar`
feat: add README 2021-03-15 09:10:05 +00:00			```