Pentest Tools

Published on February 4th, 2016 📆 | 6850 Views ⚑

0

HTTP MITM Proxy


iSpeech

HTTP Man In The Middle (MITM) Proxy written in node.js. Supports capturing and modifying the request and response data.

 

Install

npm install --save http-mitm-proxy

 

Example

This example will modify any search results coming from google and replace all the result titles with “Pwned!”.

var Proxy = require('http-mitm-proxy');
var proxy = Proxy();

proxy.onError(function(ctx, err) {
  console.error('proxy error:', err);
});

proxy.onRequest(function(ctx, callback) {
  if (ctx.clientToProxyRequest.headers.host == 'www.google.com'
    && ctx.clientToProxyRequest.url.indexOf('/search') == 0) {
    ctx.use(Proxy.gunzip);

    ctx.onResponseData(function(ctx, chunk, callback) {
      chunk = new Buffer(chunk.toString().replace(/<h3.*?<\/h3>/g, '<h3>Pwned!</h3>'));
      return callback(null, chunk);
    });
  }
  return callback();
});

proxy.listen({port: 8081});

You can find more examples in the examples directory

[adsense size='1']

SSL

Using node-forge allows the automatic generation of SSL certificates within the proxy. After running your app you will find options.sslCaDir + ‘/certs/ca.pem’ which can be imported to your browser, phone, etc.

 

Proxy

 

  [adsense size='2']

 

Context

Context functions only effect the current request/response. For example you may only want to gunzip requests made to a particular host.

 

WebSocket Context

The context available in websocket handlers is a bit different

 

 

 

 [adsense size='3']

Source && Download

https://github.com/joeferner/node-http-mitm-proxy



Leave a Reply

Your email address will not be published.