/starttls-mitm

A starttls-capable transparent man-in-the-middle proxy

Primary LanguagePythonApache License 2.0Apache-2.0

starttls-mitm is a mitm proxy that will transparently proxy and dump
both plaintext and TLS traffic. It uses a user-provided keyfile and
certificate file to impersonate remote servers. The user must
explicitly instruct the device being man-in-the-middled to trust this
certificate authority -- so this is not a security compromise.

It starts out relaying in plaintext, peeking at each packet for a
ClientHello header, at which point it converts the sockets to TLS.
This makes it suitable for proxying protocols that use STARTTLS
(plaintext handshake + SSL upgrade). It's only been tested on XMPP so
far, but it should theoretically work for IMAP and others as well.