A starttls-capable transparent man-in-the-middle proxy
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.
README drop markdown from readme Jun 22, 2013


starttls-mitm is a mitm proxy that will transparently proxy and dump
both plaintext and TLS traffic. It uses a user-provided keyfile and
certificate file to impersonate remote servers. The user must
explicitly instruct the device being man-in-the-middled to trust this
certificate authority -- so this is not a security compromise.

It starts out relaying in plaintext, peeking at each packet for a
ClientHello header, at which point it converts the sockets to TLS.
This makes it suitable for proxying protocols that use STARTTLS
(plaintext handshake + SSL upgrade). It's only been tested on XMPP so
far, but it should theoretically work for IMAP and others as well.