4.2 KiB
Certificate Configuration Guide
📋 Overview
This program now uses hardcoded certificate data and does not require external certificate files. You need to embed the certificate data into the source code.
🔧 Configuration Steps
Step 0: Generate all files
# in WSL
openssl req -newkey rsa:2048 -nodes -keyout private.key -out request.csr
openssl x509 -req -days 3650 -in request.csr -signkey private.key -out certificate.crt
openssl pkcs12 -export -out certificate.p12 -inkey private.key -in certificate.crt
Step 1: Prepare Certificate Files
Ensure you have the following files:
cert.p12- PKCS#12 format certificate file (contains private key and certificate)CA.crt- CA root certificate file
Step 2: Convert P12 Certificate to Base64
Windows System:
certutil -encode cert.p12 cert_base64.txt
Linux/Mac System:
base64 cert.p12 > cert_base64.txt
Step 3: Edit Source Code
Open the cert_utils.go file and find the following constants to replace:
1. P12 Certificate Data
Copy the content of cert_base64.txt to the hardcodedP12Data constant:
const (
hardcodedP12Data = `
MIIKYwIBAzCCCh8GCSqGSIb3DQEHAaCCChAEggmMIIIJiDCCBW8GCSqGSIb3DQEH
BqCCBWAwggVcAgEAMIIFVQYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQYwDgQI7n7Q
... (your base64 certificate data)
`
2. CA Certificate Data
Copy the complete PEM content of the CA.crt file to the hardcodedCACert constant:
hardcodedCACert = `-----BEGIN CERTIFICATE-----
MIIDXTCCAkWgAwIBAgIJAKoK/OvD/h8wMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNV
BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX
... (your CA certificate data)
-----END CERTIFICATE-----`
3. Certificate Password
Modify the certificate password:
hardcodedP12Password = "your_actual_password"
Step 4: Recompile
After configuration is complete, recompile the program:
go build -o mitm.exe .
✅ Verify Configuration
When starting the program, you should see:
- ✅ "CA certificate installed successfully" - indicates CA certificate is configured correctly
- ✅ No certificate-related error messages
If you see "Warning: No valid P12 certificate data provided, generating self-signed certificate for testing", it means the P12 certificate configuration has issues.
🔍 Feature Improvements
HTTPS Traffic Decryption
The program can now:
- Transparent Proxy - When TLS decryption fails, still proxy encrypted traffic
- Decryption Proxy - Use your certificate to decrypt HTTPS traffic
- Dual Dump - Save both encrypted and decrypted data
Output File Format
timestamp_domain_request_encrypted.bin- Encrypted request datatimestamp_domain_request_decrypted.bin- Decrypted request datatimestamp_domain_response_encrypted.bin- Encrypted response datatimestamp_domain_response_decrypted.bin- Decrypted response data
Complete Data Output
Console output now shows:
- Complete HTTP request/response data (no longer truncated)
- Complete HTTPS decrypted traffic content
- Data length information
⚠️ Security Considerations
- Source Code Security - Certificate data is now embedded in source code, ensure source code security
- Password Protection - Consider using environment variables or other methods to protect certificate passwords
- Certificate Validity - Regularly check and update embedded certificates
- Access Control - Restrict access to compiled programs
🐛 Troubleshooting
Issue 1: Certificate Parsing Failed
Cause: Base64 data format error or incomplete Solution: Check base64 conversion process, ensure data integrity
Issue 2: TLS Handshake Failed
Cause: Certificate doesn't match domain or certificate has expired Solution: Check certificate validity and domain configuration
Issue 3: CA Certificate Installation Failed
Cause: CA certificate format error or insufficient permissions Solution: Ensure running with administrator privileges, check CA certificate format
📞 Technical Support
If you encounter configuration issues:
- Check certificate file format and validity
- Verify base64 conversion results
- Confirm running with administrator privileges
- Check console error messages