Documentation
¶
Overview ¶
Package mitm is the core of this project and is responsible for creating a proxy that intercepts all the HTTP/HTTPS traffic going through it. The SSL bumping is currently made by using a fake CA whose keys are stored in path.Join(os.Getenv("HOME"), ".mitm") This is a fork of github.com/kr/mitm
Index ¶
- func GenerateCA(name string) (certPEM, keyPEM []byte, err error)
- func GenerateCert(ca *tls.Certificate, hosts ...string) (*tls.Certificate, error)
- func HTTPDirector(r *http.Request)
- func HTTPSDirector(req *http.Request)
- func LoadCA() (cert tls.Certificate, err error)
- func NewListener(inner net.Listener, ca *tls.Certificate, conf *tls.Config) net.Listener
- func SkipNone(req *http.Request) bool
- type Proxy
- type ServerConn
- type ServerParam
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func GenerateCA ¶
GenerateCA generates a CA cert and key pair.
func GenerateCert ¶
func GenerateCert(ca *tls.Certificate, hosts ...string) (*tls.Certificate, error)
GenerateCert generates a leaf cert from ca.
func HTTPDirector ¶
HTTPDirector is director designed for use in Proxy for http proxies.
func HTTPSDirector ¶
HTTPSDirector is a director designed for use in Proxy for transparent TLS proxies.
func NewListener ¶
NewListener returns a net.Listener that generates a new cert from ca for each new Accept. It uses SNI to generate the cert, and herefore only works with clients that send SNI headers.
This is useful for building transparent MITM proxies.
Types ¶
type Proxy ¶
type Proxy struct {
// Wrap specifies a function for optionally wrapping upstream for
// inspecting the decrypted HTTP request and response.
Wrap func(upstream http.Handler) http.Handler
// CA specifies the root CA for generating leaf certs for each incoming
// TLS request.
CA *tls.Certificate
// TLSServerConfig specifies the tls.Config to use when generating leaf
// cert using CA.
TLSServerConfig *tls.Config
// TLSClientConfig specifies the tls.Config to use when establishing
// an upstream connection for proxying.
TLSClientConfig *tls.Config
// FlushInterval specifies the flush interval
// to flush to the client while copying the
// response body.
// If zero, no periodic flushing is done.
FlushInterval time.Duration
// Director is function which modifies the request into a new
// request to be sent using Transport. See the documentation for
// httputil.ReverseProxy for more details. For mitm proxies, the
// director defaults to HTTPDirector, but for transparent TLS
// proxies it should be set to HTTPSDirector.
Director func(*http.Request)
// SkipRequest is a function used to skip some requests from being
// proxied. If it returns true, the request passes by without being
// wrapped. If false, it's wrapped and proxied. By default we use
// SkipNone, which doesn't skip any request
SkipRequest func(*http.Request) bool
// Transport is the low-level transport to perform proxy requests.
// If nil, http.DefaultTransport is used.
Transport http.RoundTripper
}
Proxy is a forward proxy that substitutes its own certificate for incoming TLS connections in place of the upstream server's certificate.
type ServerConn ¶
type ServerConn struct {
*tls.Conn
// ServerName is set during Conn's handshake to the client's requested
// server name set in the SNI header. It is not safe to access across
// multiple goroutines while Conn is performing the handshake.
ServerName string
}
A ServerConn is a net.Conn that holds its clients SNI header in ServerName after the handshake.
func Server ¶
func Server(cn net.Conn, p ServerParam) *ServerConn
Server wraps cn with a ServerConn configured with p so that during its Handshake, it will generate a new certificate using p.CA. After a successful Handshake, its ServerName field will be set to the clients requested ServerName in the SNI header.
type ServerParam ¶
type ServerParam struct {
CA *tls.Certificate // the Root CA for generatng on the fly MITM certificates
TLSConfig *tls.Config // a template TLS config for the server.
}
ServerParam struct
Source Files