# MITM Proxy Server

This is a Man-in-the-Middle (MITM) proxy server written in Go, similar to the functionality of Charles proxy tool.

## Features

1. **Transparent MITM Proxy**: Completely transparent HTTP/HTTPS proxy that doesn't interfere with any traffic
2. **Hardcoded Certificates**: P12 certificate and CA certificate directly embedded in the program, no external files needed
3. **HTTPS Decryption**: Attempts to decrypt HTTPS traffic for inspection, falls back to transparent mode if decryption fails
4. **Dual Traffic Dump**: Save both encrypted and decrypted data to different files for analysis
5. **Complete Data Output**: Console displays complete request/response data without truncation
6. **Domain Filtering**: Print specific traffic to stdout based on the list of domains of interest in TOML configuration file
7. **System Proxy**: Automatically set Windows system proxy, restore when program ends
8. **CA Certificate Installation**: Automatically import hardcoded CA certificate to Windows trusted root certificate authorities
9. **Redirect Transparency**: All HTTP redirects (301/302/etc.) are passed through exactly as-is without modification
10. **Built-in Testing**: Use `-test` flag to verify proxy functionality and connectivity

## Prerequisites

1. **Go 1.21+**: Ensure Go language environment is installed
2. **OpenSSL**: For processing P12 certificate files (optional, will use basic configuration if not available)
3. **Administrator Privileges**: Setting system proxy and installing certificates requires administrator privileges

## Installation and Usage

### 1. Clone or Download Project

```bash
git clone <repository-url>
cd mitm
```

### 2. Install Dependencies

```bash
go mod tidy
```

### 3. Prepare Certificate Files

Ensure you have the following files:
- `cert.p12`: P12 certificate file containing CA and private key
- `CA.crt`: CA certificate file

### 4. Configuration File

Edit the `config.toml` file:

```toml
# Domains of interest configuration
domains_of_interest = [
    "example.com",
    "httpbin.org", 
    "api.github.com",
    "www.google.com"
]

[proxy]
port = 8080
cert_file = "cert.p12"
cert_password = "your_password_here"  # Change to your certificate password
ca_cert_file = "CA.crt"

[dump]
output_dir = "traffic_dumps"
```

### 5. Run Program

**Important**: Need to run as administrator:

```bash
# Open PowerShell or Command Prompt as administrator
go run .
```

Or compile and run:

```bash
$env:GOEXPERIMENT="nodwarf5";$env:Path='C:\TDM-GCC-64\bin;'+$env:Path;$env:CGO_ENABLED="1";$env:GOOS="windows";$env:GOARCH="amd64";go build -v -o mitm.exe .
# Run as administrator
./mitm.exe
```

## Usage Instructions

1. **Start Program**: The program will automatically:
   - Install CA certificate to system trusted root certificate store
   - Set system proxy to `127.0.0.1:8080`
   - Start proxy server

2. **Traffic Interception**: 
   - All HTTP/HTTPS traffic will be intercepted **transparently**
   - No modification of requests, responses, or redirects
   - Each request will be saved to `traffic_dumps` directory
   - Traffic from domains of interest will be printed to console
   - HTTPS traffic is decrypted when possible, falls back to encrypted passthrough

3. **Testing Connectivity**:
   ```bash
   # Test proxy functionality
   go run . -test
   ```

4. **Stop Program**: 
   - Press `Ctrl+C` to stop program
   - Program will automatically restore original system proxy settings

## File Structure

```
mitm/
├── main.go           # Main program file
├── cert_utils.go     # Certificate processing tools
├── config.toml       # Configuration file
├── go.mod           # Go module file
├── cert.p12         # P12 certificate file (you need to provide)
├── CA.crt           # CA certificate file (you need to provide)
└── traffic_dumps/   # Traffic dump directory (auto-created)
```

## Output File Format

### HTTP Traffic Files
Filename format: `YYYYMMDD_HHMMSS_domain.txt`

Content includes:
- Request information (method, URL, headers, body)
- Response information (status code, headers, body)

### HTTPS Traffic Files
Filename format: `YYYYMMDD_HHMMSS_domain_direction.bin`

Contains encrypted binary data.

## Important Notes

1. **Administrator Privileges**: Program needs administrator privileges to modify system proxy settings and install certificates
2. **Certificate Security**: Please ensure the security of P12 certificate files, do not hardcode passwords in production environments
3. **Network Security**: This tool is only for legal network debugging and testing purposes
4. **System Compatibility**: Currently only supports Windows systems

## Troubleshooting

1. **Certificate Loading Failed**: 
   - Check P12 file path and password
   - Ensure OpenSSL is installed (optional)

2. **Proxy Setting Failed**: 
   - Ensure running with administrator privileges
   - Check if port 8080 is occupied

3. **CA Certificate Installation Failed**: 
   - Ensure CA.crt file exists and format is correct
   - Check administrator privileges

## Development and Customization

You can modify the following parts as needed:
- Add more domains of interest in `config.toml`
- Modify proxy port
- Customize traffic dump format
- Add more traffic analysis features

## License

Please see the LICENSE file for license information.