• Stars
    star
    264
  • Rank 155,103 (Top 4 %)
  • Language
    JavaScript
  • License
    MIT License
  • Created almost 9 years ago
  • Updated about 2 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

node-mitmproxy is an extensible man-in-the-middle(MITM) proxy server for HTTP/HTTPS base on Node.js.

node-mitmproxy 3.x

npm
node-mitmproxy是一个基于nodejs,支持http/https的中间人(MITM)代理,便于渗透测试和开发调试。

1、特性

1、支持https
2、支持配置的方式启动,也支持以模块的方式引入到代码中

2、安装

windows
    npm install node-mitmproxy -g
Mac
    sudo npm install node-mitmproxy -g

3、使用

关于配置文件

简单配置:

simpleConfig.js

module.exports = {
    sslConnectInterceptor: (req, cltSocket, head) => true,
    requestInterceptor: (rOptions, req, res, ssl, next) => {
        console.log(`正在访问:${rOptions.protocol}//${rOptions.hostname}:${rOptions.port}`);
        console.log('cookie:', rOptions.headers.cookie);
        res.end('hello node-mitmproxy!');
        next();
    }
};

效果图:

详细配置说明
更多例子

启动方式

node-mitmproxy -c simpleConfig.js

安装node-mitmproxy CA根证书

生成CA根证书的默认路径:%用户名%/node-mitmproxy

PC下安装根证书方式

Mac
sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain ~/node-mitmproxy/node-mitmproxy.ca.crt
windows

注: 证书需要安装到 ** 受信任的根证书目录 ** 下
参考 issues#3

start %HOMEPATH%/node-mitmproxy/node-mitmproxy.ca.crt

以nodejs模块的方式引用到代码中

var mitmproxy = require('node-mitmproxy');

mitmproxy.createProxy({
    sslConnectInterceptor: (req, cltSocket, head) => true,
    requestInterceptor: (rOptions, req, res, ssl, next) => {
        console.log(`正在访问:${rOptions.protocol}//${rOptions.hostname}:${rOptions.port}`);
        console.log('cookie:', rOptions.headers.cookie);
        res.end('Hello node-mitmproxy!');
        next();
    },
    responseInterceptor: (req, res, proxyReq, proxyRes, ssl, next) => {
        next();
    }
});

4、配置详细说明

port

启动端口(默认:6789)

    port: 6789

sslConnectInterceptor

判断该connnect请求是否需要代理,传入参数参考http connnect

    sslConnectInterceptor: (clientReq, clientSocket, head) => true,

requestInterceptor

拦截客户端请求/响应

参数说明:
1、requestOptions:客户端请求参数
2、clientReq: 客户端请求,参考http.IncomingMessage
3、clientRes: 客户端响应,参考http.ServerResponse
4、ssl: 该请求是否为https
5、next: 回调函数,执行完拦截逻辑后调用该方法

    requestInterceptor: (requestOptions, clientReq, clientRes, ssl, next) => {
        next();
    }

responseInterceptor

拦截服务端请求/响应
参数说明:

1、clientReq: 客户端请求,参考http.IncomingMessage
2、clientRes: 客户端响应,参考http.ServerResponse
3、proxyReq: 服务端请求,参考http.IncomingMessage
4、proxyRes: 服务端响应,参考http.ServerResponse
5、ssl: 该请求是否为https
6、next: 回调函数,执行完拦截逻辑后调用该方法

    responseInterceptor: (clientReq, clientRes, proxyReq, proxyRes, ssl, next) => {
        next();
    }

caCertPath

CA根证书路径(ps: 无特殊情况无需配置)
默认:%HOMEPATH%/node-mitmproxy/node-mitmproxy.ca.crt

caCertPath: 'xxxx/xxxx.crt'

caKeyPath

CA根证书密钥路径(ps: 无特殊情况无需配置)
默认:%HOMEPATH%/node-mitmproxy/node-mitmproxy.ca.key.pem

caKeyPath: 'xxxx/xxxx.pem'

5、更多

关于伪造https证书的逻辑图

More Repositories

1

spy-debugger

微信调试,各种WebView样式调试、手机浏览器的页面真机调试。便捷的远程调试手机页面、抓包工具,支持:HTTP/HTTPS,无需USB连接设备。
JavaScript
7,485
star
2

chatgpt-query-engineer-handbook

🤖️ChatGPT提问工程师 -- 开发指南
691
star
3

web-storage-cache

对localStorage 和sessionStorage 进行了扩展,添加了超时时间,序列化方法
JavaScript
640
star
4

https-mitm-proxy-handbook

基于Node.js的HTTPS MITM(中间人)代理的原理和实现
JavaScript
422
star
5

blog

吴常明's blog
JavaScript
52
star
6

react-interpreter

React 沙盒 📦,可理解为 React 版的 eval() 。该沙盒运行机制可使基于 React 实现的小程序框架「如 Taro3 等」拥有 🚀 热更新能力。
JavaScript
14
star
7

just-mock

Zero configuration, Dynamic local dev mock server
JavaScript
3
star
8

react-native-learning-demo

react native demo
JavaScript
2
star
9

wuchangming.github.io

Tell the Internet,I`m living in her.
CSS
2
star
10

apidispatcher

dispatcher
Java
2
star
11

mitm-provider

build mitm proxy in Node.js
JavaScript
1
star
12

key-move

1
star
13

editable-history

Make the browser history control in SPA more convenient.
TypeScript
1
star
14

o-move

1
star
15

switchable

Fast switcher for DEV environment
1
star
16

htmlstringify

Reverse workflow compare with `htmlparser2`
1
star
17

just-flow

manage business logic
1
star
18

taro-demo-pr-11589

JavaScript
1
star
19

mail-checker

Automatically exported from code.google.com/p/mail-checker
JavaScript
1
star
20

tmall-open-app-on-browser

天猫浏览器页面拉起app demo
JavaScript
1
star
21

github-repos-notification

A Chrome Extension to monitor your github Repositories about star count, fork count, etc.
HTML
1
star
22

git-stars-notification

git stars notification for chrome extentions
JavaScript
1
star
23

taro-mini-hot-update

JavaScript
1
star
24

code-something

1
star
25

babel-plugin-transform-omodule-variable

[deprecated] transform omodule-variable: __omodule_foldername, __omodule_childnames, __omodule_namespace
JavaScript
1
star