Transparent intercepting proxy in Ruby for MITM attacks.
- Author: Ilya Grigorik
- Original Project: https://travis-ci.org/igrigorik/em-proxy
- EngineYard tutorial: Load testing your environment using em-proxy
- Slides from RailsConf 2009
- GoGaRuCo notes & Slides
- Log file support
- SSL support
- Custom digital certificate support
- Search & Replace support for traffic manipulation
- No error handling :)
- Duplex server must be SSL enabled if connection is SSL enabled
- Multithreads create some errors, they will be fixed after Blackhat/Defcon
$ ruby bin/viproxy
Usage: viproxy [options]
-l, --listen [PORT] Port to listen on
-d, --duplex [host:port, ...] List of backends to duplex data to
-r, --relay [hostname:port] Relay endpoint: hostname:port
-s, --socket [filename] Relay endpoint: unix filename
--l-ssl l-leg: run in SSL mode
--l-sslkey [filename] l-leg: SSL certificate key file (PEM)
--l-sslcert [filename] l-leg: SSL certificate file (PEM)
--l-sni [sni hostname] l-leg: SNI hostname
--r-ssl r-leg: run in SSL mode
--r-sslkey [filename] r-leg: SSL certificate key file (PEM)
--r-sslcert [filename] r-leg: SSL certificate file (PEM)
--r-sni [sni hostname] r-leg: SNI hostname
-f, --logfile [filename] Log file
--req-replace [filename] Replacement file for requests
--resp-replace [filename] Replacement file for responses
-v, --verbose Run in debug mode
Usage examples:
$ ruby bin/viproxy -l 8443 -f test1.log -v -r dest.example.com:443 --l-ssl --r-ssl --l-sslkey ssl-key.pem --l-sslcert ssl-cert.pem --req-replace test-replace.rb
This will listen on localhost:8443, write all data to test1.log, print debugging info, send incoming data towards dest.example.com:443, use SSL for incoming and outgoing connections, use specified SSL certificates for listening socket, match/replace incoming requests using specified script.
$ ruby bin/viproxy -l 8443 -r dest.example.com:443 --l-ssl --r-ssl --l-sslkey ssl-key.pem --l-sslcert ssl-cert.pem --r-sslkey client-ssl-key.pem --r-sslcert client-ssl-cert.pem
This will listen on localhost:8443, send incoming data towards dest.example.com:443, use SSL for incoming and outgoing connections, use specified SSL certificates for listening socket, provide specified client certificates to remote endpoint.
$ ruby bin/viproxy -l 8443 -r dest.example.com:443 --l-ssl --r-ssl --r-sni dest.example.com --l-sslkey ssl-key.pem --l-sslcert ssl-cert.pem
This will listen on localhost:8443, send incoming data towards dest.example.com:443, use SSL for incoming and outgoing connections, use specified SSL certificates for listening socket, send specified hostname to the remote endpoint using SNI extension.
See replace_zip.rb
.
The MIT License - Copyright (c) 2010 Ilya Grigorik