A TLS man-in-the-middle proxy that can replace byte sequences of same length in outbound requests
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
Mahdi Dibaiee c76cb22211
fix: tokio link in README
2 years ago
sample-server feat: cleanup README and add test-ca files for testing 2 years ago
src fix: cleanups 2 years ago
test-ca feat: cleanup README and add test-ca files for testing 2 years ago
.gitignore feat: boilerplate, Hello World! 2 years ago
Cargo.lock feat: replacement functionality and final cleanups 2 years ago
Cargo.toml feat: replacement functionality and final cleanups 2 years ago
README.md fix: tokio link in README 2 years ago

README.md

tlsproxy

A most basic TLS man-in-the-middle forward proxy using rustls and Tokio.

This proxy allows you, given you have the certificate chain of the server, to replace byte sequences of length N with another byte sequence of length N in outbound requests. For example, you could replace https://testserver.com/?name=foo with ?name=bar This is a toy, proof of concept project. It is not thoroughly tested and will have issues with a very high probability.

Sample usage:

$ cargo build && cargo run -- \
  --chaincert test-ca/end.fullchain \
  --key test-ca/end.key \
  --cacert test-ca/ca.cert \
  --replace 's/foo/bar' \
  --verbose
  
Listening on 127.0.0.1:8080

Send requests to your destination through this proxy:

curl https://testserver.com:5000 \
  --cacert test-ca/ca.cert \
  -x http://127.0.0.1:8080 --proxytunnel \
  --verbose

Please note this means you need to have a server running at testserver.com:5000, to do so, you can use the sample python server provided:

cd sample-server
pyenv local # 3.6.4 version
pip install flask

python main.py

You will then have a server running on 127.0.0.1:5000. You can then point testserver.com to this server by editing your /etc/hosts:

127.0.0.1 testserver.com

Then you can try sending a request with a replacement:

curl 'https://testserver.com:5000?foo=foo' \
  --cacert test-ca/ca.cert \
  -x http://127.0.0.1:8080 --proxytunnel \
  --verbose

The python server will log:

GET https://testserver.com:5000/?bar=bar