1.6 KiB
tlsproxy
A most basic TLS man-in-the-middle forward proxy using rustls and Tokio.
This proxy allows you, given you have the certificate chain of the server, to replace byte sequences of length N with another byte sequence of length N in outbound requests.
For example, you could replace https://testserver.com/?name=foo with ?name=bar
This is a toy, proof of concept project. It is not thoroughly tested and will have issues with a very high probability.
Sample usage:
$ cargo build && cargo run -- \
--chaincert test-ca/end.fullchain \
--key test-ca/end.key \
--cacert test-ca/ca.cert \
--replace 's/foo/bar' \
--verbose
Listening on 127.0.0.1:8080
Send requests to your destination through this proxy:
curl https://testserver.com:5000 \
--cacert test-ca/ca.cert \
-x http://127.0.0.1:8080 --proxytunnel \
--verbose
Please note this means you need to have a server running at testserver.com:5000, to do so, you can use the sample python server provided:
cd sample-server
pyenv local # 3.6.4 version
pip install flask
python main.py
You will then have a server running on 127.0.0.1:5000. You can then point testserver.com to this server by editing your /etc/hosts:
127.0.0.1 testserver.com
Then you can try sending a request with a replacement:
curl 'https://testserver.com:5000?foo=foo' \
--cacert test-ca/ca.cert \
-x http://127.0.0.1:8080 --proxytunnel \
--verbose
The python server will log:
GET https://testserver.com:5000/?bar=bar