Skip to content
A starttls-capable transparent man-in-the-middle proxy
Branch: master
Clone or download
Latest commit b257756 Mar 18, 2014
Type Name Latest commit message Commit time
Failed to load latest commit information.
LICENSE Add a LICENSE Mar 18, 2014
README drop markdown from readme Jun 22, 2013 Initial checkin of MITM listener. Jun 22, 2013


starttls-mitm is a mitm proxy that will transparently proxy and dump
both plaintext and TLS traffic. It uses a user-provided keyfile and
certificate file to impersonate remote servers. The user must
explicitly instruct the device being man-in-the-middled to trust this
certificate authority -- so this is not a security compromise.

It starts out relaying in plaintext, peeking at each packet for a
ClientHello header, at which point it converts the sockets to TLS.
This makes it suitable for proxying protocols that use STARTTLS
(plaintext handshake + SSL upgrade). It's only been tested on XMPP so
far, but it should theoretically work for IMAP and others as well.
You can’t perform that action at this time.