58 lines
1.6 KiB
Markdown
58 lines
1.6 KiB
Markdown
tlsproxy
|
|
=================
|
|
|
|
A most basic TLS man-in-the-middle forward proxy using [rustls](https://github.com/ctz/rustls) and [Tokio](tokio.rs).
|
|
|
|
This proxy allows you, given you have the certificate chain of the server, to replace byte sequences of length N with another byte sequence of length N in outbound requests.
|
|
For example, you could replace `https://testserver.com/?name=foo` with `?name=bar`
|
|
This is a toy, proof of concept project. It is not thoroughly tested and will have issues with a very high probability.
|
|
|
|
Sample usage:
|
|
```
|
|
$ cargo build && cargo run -- \
|
|
--chaincert test-ca/end.fullchain \
|
|
--key test-ca/end.key \
|
|
--cacert test-ca/ca.cert \
|
|
--replace 's/foo/bar' \
|
|
--verbose
|
|
|
|
Listening on 127.0.0.1:8080
|
|
```
|
|
|
|
Send requests to your destination through this proxy:
|
|
```
|
|
curl https://testserver.com:5000 \
|
|
--cacert test-ca/ca.cert \
|
|
-x http://127.0.0.1:8080 --proxytunnel \
|
|
--verbose
|
|
```
|
|
|
|
Please note this means you need to have a server running at `testserver.com:5000`, to do so, you can use the sample python server provided:
|
|
|
|
```
|
|
cd sample-server
|
|
pyenv local # 3.6.4 version
|
|
pip install flask
|
|
|
|
python main.py
|
|
```
|
|
|
|
You will then have a server running on `127.0.0.1:5000`. You can then point `testserver.com` to this server by editing your `/etc/hosts`:
|
|
|
|
```
|
|
127.0.0.1 testserver.com
|
|
```
|
|
|
|
Then you can try sending a request with a replacement:
|
|
```
|
|
curl 'https://testserver.com:5000?foo=foo' \
|
|
--cacert test-ca/ca.cert \
|
|
-x http://127.0.0.1:8080 --proxytunnel \
|
|
--verbose
|
|
```
|
|
|
|
The python server will log:
|
|
```
|
|
GET https://testserver.com:5000/?bar=bar
|
|
```
|