wuchangming / Node Mitmproxy
Licence: mit
node-mitmproxy is an extensible man-in-the-middle(MITM) proxy server for HTTP/HTTPS base on Node.js.
Stars: ✭ 203
Programming Languages
javascript
184084 projects - #8 most used programming language
Labels
Projects that are alternatives of or similar to Node Mitmproxy
Go Mitmproxy
mitmproxy implemented with golang. 用 Golang 实现的中间人攻击(Man-in-the-middle),解析、监测、篡改 HTTP/HTTPS 流量。
Stars: ✭ 61 (-69.95%)
Mutual labels: mitm
Mitmap
📡 A python program to create a fake AP and sniff data.
Stars: ✭ 1,526 (+651.72%)
Mutual labels: mitm
Omeglemiddleman
Lets you connect strangers to each other, and intercept messages AKA Man in the Middle Attack
Stars: ✭ 85 (-58.13%)
Mutual labels: mitm
Bettercap
The Swiss Army knife for 802.11, BLE, IPv4 and IPv6 networks reconnaissance and MITM attacks.
Stars: ✭ 10,735 (+5188.18%)
Mutual labels: mitm
Sslproxy
Transparent SSL/TLS proxy for decrypting and diverting network traffic to other programs, such as UTM services, for deep SSL inspection
Stars: ✭ 134 (-33.99%)
Mutual labels: mitm
Seth
Perform a MitM attack and extract clear text credentials from RDP connections
Stars: ✭ 1,084 (+433.99%)
Mutual labels: mitm
Badssl.com
🔒 Memorable site for testing clients against bad SSL configs.
Stars: ✭ 2,234 (+1000.49%)
Mutual labels: mitm
Aimsicdl
AIMSICD Lite (Android IMSI-Catcher Detector) - reloaded!
Stars: ✭ 102 (-49.75%)
Mutual labels: mitm
Proxy.py
⚡⚡⚡Fast, Lightweight, Pluggable, TLS interception capable proxy server focused on Network monitoring, controls & Application development, testing, debugging
Stars: ✭ 1,291 (+535.96%)
Mutual labels: mitm
Hoverfly
Lightweight service virtualization/API simulation tool for developers and testers
Stars: ✭ 1,814 (+793.6%)
Mutual labels: mitm
Proxify
Swiss Army knife Proxy tool for HTTP/HTTPS traffic capture, manipulation, and replay on the go.
Stars: ✭ 1,153 (+467.98%)
Mutual labels: mitm
Striptls
proxy poc implementation of STARTTLS stripping attacks
Stars: ✭ 163 (-19.7%)
Mutual labels: mitm
Evilgrade
Evilgrade is a modular framework that allows the user to take advantage of poor upgrade implementations by injecting fake updates.
Stars: ✭ 1,086 (+434.98%)
Mutual labels: mitm
Awesome Hacking Resources
A collection of hacking / penetration testing resources to make you better!
Stars: ✭ 11,466 (+5548.28%)
Mutual labels: mitm
Rebel Framework
Advanced and easy to use penetration testing framework 💣🔎
Stars: ✭ 183 (-9.85%)
Mutual labels: mitm
node-mitmproxy 3.x
node-mitmproxy是一个基于nodejs,支持http/https的中间人(MITM)代理,便于渗透测试和开发调试。
1、特性
1、支持https
2、支持配置的方式启动,也支持以模块的方式引入到代码中
2、安装
windows
npm install node-mitmproxy -g
Mac
sudo npm install node-mitmproxy -g
3、使用
关于配置文件
简单配置:
simpleConfig.js
module.exports = {
sslConnectInterceptor: (req, cltSocket, head) => true,
requestInterceptor: (rOptions, req, res, ssl, next) => {
console.log(`正在访问:${rOptions.protocol}//${rOptions.hostname}:${rOptions.port}`);
console.log('cookie:', rOptions.headers.cookie);
res.end('hello node-mitmproxy!');
next();
}
};
效果图:
启动方式
node-mitmproxy -c simpleConfig.js
安装node-mitmproxy CA根证书
生成CA根证书的默认路径:%用户名%/node-mitmproxy
PC下安装根证书方式
Mac
sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain ~/node-mitmproxy/node-mitmproxy.ca.crt
windows
注: 证书需要安装到 ** 受信任的根证书目录 ** 下
参考 issues#3
start %HOMEPATH%/node-mitmproxy/node-mitmproxy.ca.crt
以nodejs模块的方式引用到代码中
var mitmproxy = require('node-mitmproxy');
mitmproxy.createProxy({
sslConnectInterceptor: (req, cltSocket, head) => true,
requestInterceptor: (rOptions, req, res, ssl, next) => {
console.log(`正在访问:${rOptions.protocol}//${rOptions.hostname}:${rOptions.port}`);
console.log('cookie:', rOptions.headers.cookie);
res.end('Hello node-mitmproxy!');
next();
},
responseInterceptor: (req, res, proxyReq, proxyRes, ssl, next) => {
next();
}
});
4、配置详细说明
port
启动端口(默认:6789)
port: 6789
sslConnectInterceptor
判断该connnect请求是否需要代理,传入参数参考http connnect 。
sslConnectInterceptor: (clientReq, clientSocket, head) => true,
requestInterceptor
拦截客户端请求/响应
参数说明:
1、requestOptions:客户端请求参数
2、clientReq: 客户端请求,参考http.IncomingMessage
3、clientRes: 客户端响应,参考http.ServerResponse
4、ssl: 该请求是否为https
5、next: 回调函数,执行完拦截逻辑后调用该方法
requestInterceptor: (requestOptions, clientReq, clientRes, ssl, next) => {
next();
}
responseInterceptor
拦截服务端请求/响应
参数说明:
1、clientReq: 客户端请求,参考http.IncomingMessage
2、clientRes: 客户端响应,参考http.ServerResponse
3、proxyRes: 服务端请求,参考http.IncomingMessage
4、proxyRes: 服务端响应,参考http.ServerResponse
5、ssl: 该请求是否为https
6、next: 回调函数,执行完拦截逻辑后调用该方法
responseInterceptor: (clientReq, clientRes, proxyRes, proxyRes, ssl, next) => {
next();
}
caCertPath
CA根证书路径(ps: 无特殊情况无需配置)
默认:%HOMEPATH%/node-mitmproxy/node-mitmproxy.ca.crt
caCertPath: 'xxxx/xxxx.crt'
caKeyPath
CA根证书密钥路径(ps: 无特殊情况无需配置)
默认:%HOMEPATH%/node-mitmproxy/node-mitmproxy.ca.key.pem
caKeyPath: 'xxxx/xxxx.pem'
5、更多
关于伪造https证书的逻辑图
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].