saucesteals / utlsproxy

MITM Proxy with TLS mimicry
GNU General Public License v3.0
38 stars 4 forks source link
logo

uTLS Proxy

MITM Proxy with TLS mimicry


Features


Installation

$ go install github.com/saucesteals/utlsproxy

Usage

$ utlsproxy
  -addr string
        Address to bind to (default ":8080")
  -keylog string
        TLS key log file
  -http1
        Force HTTP/1.1 between client and proxy

Why?

All (to my knowledge) MITM proxies replay requests to servers with stdlib transports, essentially letting the server fingerprint it. The goal of utlsproxy is to allow you to inspect TLS application data while mimicking the original client. The proxy will sniff the client's clienthello message and use it as its own when handshaking with the server.

Curious how? Most of the work is at saucesteals/goproxy (credits to elazarl/goproxy for the base proxy implementation)

mTLS

Like every other MITM, this will not work with mTLS. Find the client's certificate and private key, then add it to the tls.Config (Rarely will you need this, so this is only possible by cloning and adding it yourself)

Contributing

Contributions are welcome!

License

Distributed under the GNU GPL v3.0 License. See LICENSE for more information.