gomitm

module
v0.0.0-...-8257b7f Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 10, 2022 License: BSD-3-Clause

README

TLS exposing by Man-In-The-Middle attack in Go

Gomitm acts as a transparent proxy.
It leverages NAT for packets redirection. Originally destined for ports 80, 443 are redirected to 8888 in demo. Linux netfilter(iptables) and Macos pf are supported. Gomitm terminates TLS connections, pretending to be legitimate server. After detecting original IP addr and SNI from TLS Handshake it establishes connection to original server, pretending to be a legitimate client. Then it forges server certificate for legitimate server and presents it to legitimate client. This requires RootCA to be trusted at client side for this trick to succeed.

Verified on GOOS/GOARCH:

  • linux/amd64 (Intel Core i7)
  • linux/arm (Raspberry Pi 3)
  • darwin/amd64 (Intel Core i5)
  • darwin/arm64 (Apple Silicon M1)

Demo

Start (generate certs, configure NAT, run proxy)

[terminal1]
cd examples/demo
sh start_macos.sh # or linux

Simulate Client (initiate HTTP, HTTP(S), DoH)

[terminal2]
cd examples/demo
sh client.sh

Finish (reset NAT to default):

[terminal1]
^C
sh finish_macos.sh # or linux

Note:

  • Still runs at root, since Macos requires privileges to access "/dev/pf"

Directories

Path Synopsis
cmd
gomitm
pkg
backup
clienthello
config
destination
doh
doh/dump
doh/tamper
forgery
http1
http1/dump
logger
mitm
proxy
session
session/copier
session/dump
shuttler
storage
trusted

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.