Skip to content


Subversion checkout URL

You can clone with
Download ZIP
A python-based proxy that uses Perspectives to detect and thwart SSL MITM attacks.
Python Shell
Pull request Compare This branch is 7 commits ahead, 7 commits behind master.
Fetching latest commit...
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.


PerProxy is a HTTPS proxy that uses Perspectives [1] to monitor
SSL connections, detect and thwart SSL attempts using fradulent
certificates (e.g. [3,4]). It is not in any way intended to replace
the Perspectives Firefox extension [2], but to serve in instances when
the extension cannot be used (e.g. you are using another browser, a
version of Firefox that doesn't support the extension).

Note that PerProxy has only been tested with Firefox 4.x at this
time. It is most defintely a work in progress. Use at your own risk.

PerProxy acts as a SSL MITM, accepting SSL credentials from the
browser and making certificates on the fly to imitate the expected



* M2Crypto:

* argparse:  - comes with Python 2.7+

* pyPerspecties: - python client
code for Perspectives. Version 0.2 or later required.


To install, run:

sudo install

Which will install the perproxy into your local site-packages and the
PerProxy scipts into the appropriate python bin/ directory
(e.g. /Library/Frameworks/Python.framework/Versions/2.7/bin/)

The next step is to create a CA certificate for PerProxy to use:


This will create ~/.PerProxy/ca-cert.crt and ~/.PerProxy/ca-key.pem

Then you need to load the newly create CA certificate into your
browser. With FireFox, you just need to open the certificate, e.g. use
a URL such as:


And you will be prompted and walked through the process.

Then you can fire up PerProxy (use '-d' for debug mode will probably
be most useful):

/Library/Frameworks/Python.framework/Versions/2.7/bin/PerProxy -d

Then configure your web browser to use port localhost:8080 as a HTTPS
proxy. With FireFox this is under Preferences, Advanced, Network,
Connection, Settings. Select "Manual proxy configuration" and for "SSL
Proxy" enter "localhost" and "8080". Click OK to save. (Using an
add-on such as QuickProxy will let you turn this setting on and off

Now connect to an HTTPS website and watch the output from PerProxy.

Please report comments, issues, bugs, etc. at


Here is how PerProxy currently works:

* It acts as an HTTPS proxy, receiving and parsing a CONNECT message
from the client browser to obtain the target hostname.

* It connects to the target server.

** If the target server's certificate is in the cache, it proceeds.

** If the target server's certificate is not in the cache, it queries
Perspectives notaries to validate the target server certificate. On
success it puts the certificate into the cache.

** On failure, an error is returned to the client browser (see Note
below) and the connection is closed.

* A SSL conection is established back to the client and all data is
passed through between the two.

Note: All error handling is very rudimentary right now. PerProxy will
logs errors and a HTML web page is returned to the client. The HTML
will be displayed only for primary pages though, if the request is for
an image or other element of a page, it likely gets swallowed by the


This code is freely distributed under an MIT license [6].



Something went wrong with that request. Please try again.