# Certificate Configuration Guide ## 📋 Overview This program now uses hardcoded certificate data and does not require external certificate files. You need to embed the certificate data into the source code. ## 🔧 Configuration Steps ### Step 0: Generate all files ```bash # in WSL openssl req -newkey rsa:2048 -nodes -keyout private.key -out request.csr openssl x509 -req -days 3650 -in request.csr -signkey private.key -out certificate.crt openssl pkcs12 -export -out certificate.p12 -inkey private.key -in certificate.crt ``` ### Step 1: Prepare Certificate Files Ensure you have the following files: - `cert.p12` - PKCS#12 format certificate file (contains private key and certificate) - `CA.crt` - CA root certificate file ### Step 2: Convert P12 Certificate to Base64 #### Windows System: ```cmd certutil -encode cert.p12 cert_base64.txt ``` #### Linux/Mac System: ```bash base64 cert.p12 > cert_base64.txt ``` ### Step 3: Edit Source Code Open the `cert_utils.go` file and find the following constants to replace: #### 1. P12 Certificate Data Copy the content of `cert_base64.txt` to the `hardcodedP12Data` constant: ```go const ( hardcodedP12Data = ` MIIKYwIBAzCCCh8GCSqGSIb3DQEHAaCCChAEggmMIIIJiDCCBW8GCSqGSIb3DQEH BqCCBWAwggVcAgEAMIIFVQYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQYwDgQI7n7Q ... (your base64 certificate data) ` ``` #### 2. CA Certificate Data Copy the complete PEM content of the `CA.crt` file to the `hardcodedCACert` constant: ```go hardcodedCACert = `-----BEGIN CERTIFICATE----- MIIDXTCCAkWgAwIBAgIJAKoK/OvD/h8wMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNV BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX ... (your CA certificate data) -----END CERTIFICATE-----` ``` #### 3. Certificate Password Modify the certificate password: ```go hardcodedP12Password = "your_actual_password" ``` ### Step 4: Recompile After configuration is complete, recompile the program: ```bash go build -o mitm.exe . ``` ## ✅ Verify Configuration When starting the program, you should see: - ✅ "CA certificate installed successfully" - indicates CA certificate is configured correctly - ✅ No certificate-related error messages If you see "Warning: No valid P12 certificate data provided, generating self-signed certificate for testing", it means the P12 certificate configuration has issues. ## 🔍 Feature Improvements ### HTTPS Traffic Decryption The program can now: 1. **Transparent Proxy** - When TLS decryption fails, still proxy encrypted traffic 2. **Decryption Proxy** - Use your certificate to decrypt HTTPS traffic 3. **Dual Dump** - Save both encrypted and decrypted data ### Output File Format - `timestamp_domain_request_encrypted.bin` - Encrypted request data - `timestamp_domain_request_decrypted.bin` - Decrypted request data - `timestamp_domain_response_encrypted.bin` - Encrypted response data - `timestamp_domain_response_decrypted.bin` - Decrypted response data ### Complete Data Output Console output now shows: - Complete HTTP request/response data (no longer truncated) - Complete HTTPS decrypted traffic content - Data length information ## ⚠️ Security Considerations 1. **Source Code Security** - Certificate data is now embedded in source code, ensure source code security 2. **Password Protection** - Consider using environment variables or other methods to protect certificate passwords 3. **Certificate Validity** - Regularly check and update embedded certificates 4. **Access Control** - Restrict access to compiled programs ## 🐛 Troubleshooting ### Issue 1: Certificate Parsing Failed **Cause**: Base64 data format error or incomplete **Solution**: Check base64 conversion process, ensure data integrity ### Issue 2: TLS Handshake Failed **Cause**: Certificate doesn't match domain or certificate has expired **Solution**: Check certificate validity and domain configuration ### Issue 3: CA Certificate Installation Failed **Cause**: CA certificate format error or insufficient permissions **Solution**: Ensure running with administrator privileges, check CA certificate format ## 📞 Technical Support If you encounter configuration issues: 1. Check certificate file format and validity 2. Verify base64 conversion results 3. Confirm running with administrator privileges 4. Check console error messages