Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
A starttls-capable transparent man-in-the-middle proxy
Fetching latest commit…
Cannot retrieve the latest commit at this time.
|Failed to load latest commit information.|
starttls-mitm is a mitm proxy that will transparently proxy and dump both plaintext and TLS traffic. It uses a user-provided keyfile and certificate file to impersonate remote servers. The user must explicitly instruct the device being man-in-the-middled to trust this certificate authority -- so this is not a security compromise. It starts out relaying in plaintext, peeking at each packet for a ClientHello header, at which point it converts the sockets to TLS. This makes it suitable for proxying protocols that use STARTTLS (plaintext handshake + SSL upgrade). It's only been tested on XMPP so far, but it should theoretically work for IMAP and others as well.