A TLS man-in-the-middle proxy that can replace byte sequences of same length in outbound requests
Go to file
2021-03-19 17:23:58 +00:00
sample-server feat: cleanup README and add test-ca files for testing 2021-03-19 17:20:43 +00:00
src fix: remove leftover 2021-03-19 17:23:58 +00:00
test-ca feat: cleanup README and add test-ca files for testing 2021-03-19 17:20:43 +00:00
.gitignore feat: boilerplate, Hello World! 2021-03-14 22:12:02 +00:00
Cargo.lock feat: replacement functionality and final cleanups 2021-03-19 17:04:49 +00:00
Cargo.toml feat: replacement functionality and final cleanups 2021-03-19 17:04:49 +00:00
README.md feat: cleanup README and add test-ca files for testing 2021-03-19 17:20:43 +00:00

tlsproxy

A most basic TLS man-in-the-middle forward proxy using rustls .

Sample usage:

$ cargo build && cargo run -- \
  --chaincert test-ca/end.fullchain \
  --key test-ca/end.key \
  --cacert test-ca/ca.cert \
  --replace 's/foo/bar' \
  --verbose
  
Listening on 127.0.0.1:8080

Send requests to your destination through this proxy:

curl https://testserver.com:5000 \
  --cacert test-ca/ca.cert \
  -x http://127.0.0.1:8080 --proxytunnel \
  --verbose

Please note this means you need to have a server running at testserver.com:5000, to do so, you can use the sample python server provided:

cd sample-server
pyenv local # 3.6.4 version
pip install flask

python main.py

You will then have a server running on 127.0.0.1:5000. You can then point testserver.com to this server by editing your /etc/hosts:

127.0.0.1 testserver.com

Then you can try sending a request with a replacement:

curl 'https://testserver.com:5000?foo=foo' \
  --cacert test-ca/ca.cert \
  -x http://127.0.0.1:8080 --proxytunnel \
  --verbose

The python server will log:

GET https://testserver.com:5000/?bar=bar