wjsjwr/mitm
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
a214b58ac6
mitm/README.md

167 lines
5.1 KiB
Markdown
Raw Blame History

# MITM Proxy Server
This is a Man-in-the-Middle (MITM) proxy server written in Go, similar to the functionality of Charles proxy tool.
## Features
1. **Transparent MITM Proxy**: Completely transparent HTTP/HTTPS proxy that doesn't interfere with any traffic
2. **Hardcoded Certificates**: P12 certificate and CA certificate directly embedded in the program, no external files needed
3. **HTTPS Decryption**: Attempts to decrypt HTTPS traffic for inspection, falls back to transparent mode if decryption fails
4. **Dual Traffic Dump**: Save both encrypted and decrypted data to different files for analysis
5. **Complete Data Output**: Console displays complete request/response data without truncation
6. **Domain Filtering**: Print specific traffic to stdout based on the list of domains of interest in TOML configuration file
7. **System Proxy**: Automatically set Windows system proxy, restore when program ends
8. **CA Certificate Installation**: Automatically import hardcoded CA certificate to Windows trusted root certificate authorities
9. **Redirect Transparency**: All HTTP redirects (301/302/etc.) are passed through exactly as-is without modification
10. **Built-in Testing**: Use `-test` flag to verify proxy functionality and connectivity
## Prerequisites
1. **Go 1.21+**: Ensure Go language environment is installed
2. **OpenSSL**: For processing P12 certificate files (optional, will use basic configuration if not available)
3. **Administrator Privileges**: Setting system proxy and installing certificates requires administrator privileges
## Installation and Usage
### 1. Clone or Download Project
```bash
git clone <repository-url>
cd mitm
```
### 2. Install Dependencies
```bash
go mod tidy
```
### 3. Prepare Certificate Files
Ensure you have the following files:
- `cert.p12`: P12 certificate file containing CA and private key
- `CA.crt`: CA certificate file
### 4. Configuration File
Edit the `config.toml` file:
```toml
# Domains of interest configuration
domains_of_interest = [
"example.com",
"httpbin.org",
"api.github.com",
"www.google.com"
]
[proxy]
port = 8080
cert_file = "cert.p12"
cert_password = "your_password_here" # Change to your certificate password
ca_cert_file = "CA.crt"
[dump]
output_dir = "traffic_dumps"
```
### 5. Run Program
**Important**: Need to run as administrator:
```bash
# Open PowerShell or Command Prompt as administrator
go run .
```
Or compile and run:
```bash
go build -o mitm.exe
# Run as administrator
./mitm.exe
```
## Usage Instructions
1. **Start Program**: The program will automatically:
- Install CA certificate to system trusted root certificate store
- Set system proxy to `127.0.0.1:8080`
- Start proxy server
2. **Traffic Interception**:
- All HTTP/HTTPS traffic will be intercepted **transparently**
- No modification of requests, responses, or redirects
- Each request will be saved to `traffic_dumps` directory
- Traffic from domains of interest will be printed to console
- HTTPS traffic is decrypted when possible, falls back to encrypted passthrough
3. **Testing Connectivity**:
```bash
# Test proxy functionality
go run . -test
```
4. **Stop Program**:
- Press `Ctrl+C` to stop program
- Program will automatically restore original system proxy settings
## File Structure
```
mitm/
├── main.go # Main program file
├── cert_utils.go # Certificate processing tools
├── config.toml # Configuration file
├── go.mod # Go module file
├── cert.p12 # P12 certificate file (you need to provide)
├── CA.crt # CA certificate file (you need to provide)
└── traffic_dumps/ # Traffic dump directory (auto-created)
```
## Output File Format
### HTTP Traffic Files
Filename format: `YYYYMMDD_HHMMSS_domain.txt`
Content includes:
- Request information (method, URL, headers, body)
- Response information (status code, headers, body)
### HTTPS Traffic Files
Filename format: `YYYYMMDD_HHMMSS_domain_direction.bin`
Contains encrypted binary data.
## Important Notes
1. **Administrator Privileges**: Program needs administrator privileges to modify system proxy settings and install certificates
2. **Certificate Security**: Please ensure the security of P12 certificate files, do not hardcode passwords in production environments
3. **Network Security**: This tool is only for legal network debugging and testing purposes
4. **System Compatibility**: Currently only supports Windows systems
## Troubleshooting
1. **Certificate Loading Failed**:
- Check P12 file path and password
- Ensure OpenSSL is installed (optional)
2. **Proxy Setting Failed**:
- Ensure running with administrator privileges
- Check if port 8080 is occupied
3. **CA Certificate Installation Failed**:
- Ensure CA.crt file exists and format is correct
- Check administrator privileges
## Development and Customization
You can modify the following parts as needed:
- Add more domains of interest in `config.toml`
- Modify proxy port
- Customize traffic dump format
- Add more traffic analysis features
## License
Please see the LICENSE file for license information.
Reference in New Issue View Git Blame Copy Permalink