• Stars
    star
    787
  • Rank 57,828 (Top 2 %)
  • Language
    Rust
  • License
    MIT License
  • Created about 3 years ago
  • Updated about 1 year ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Rule-based MITM engine. Rewriting, redirecting and rejecting on HTTP(S) requests and responses, supports JavaScript.

Good Man in the Middle

GitHub stars GitHub forks Release GitHub issues Build GitHub license Docs

中文版

Rule-based MITM engine. Rewriting, redirecting and rejecting on HTTP(S) requests and responses, supports JavaScript.

Features

  • Signing certificate automatically based on TLS ClientHello SNI extension
  • Support selective MITM for specific domains
  • Rule description language based on YAML format: rewrite, reject, redirect
    • Flexible rule matching capabilities
      • Domain name prefix/suffix/exact match
      • Regular expression matching
      • Multiple filter rules
    • Flexible text content rewriting
      • Erase/replace
      • Regular expression substitution
    • Flexible dictionary-based content rewriting
      • HTTP header rewriting
      • Cookie rewriting
    • Support for multiple actions per rule
  • JavaScript script rules support (programmatic intervention)
  • Transparent proxy support
  • Support HTTPS and HTTP multiplexing on a single port
  • Install CA certificate to the system trust zone

Usage

Certificate Preparation

Due to the requirement of the MITM technique, you need to generate and trust your own root certificate.

Generate Root Certificate

For security reasons, please do not blindly trust any root certificate provided by strangers. You need to generate your own root certificate and private key.

Experienced users can use OpenSSL to perform the necessary operations. However, for users without experience in this area, you can use the following command to generate the required content. The generated certificate and private key will be stored in the ca directory.

good-mitm.exe genca

After using the proxy provided by Good-MITM in your browser, you can directly download the certificate by visiting http://cert.mitm.plus. This is particularly useful when providing services to other devices.

Trusting the Certificate

You can add the root certificate to the trust zone of your operating system or browser, depending on your needs.

Proxy

Start Good-MITM and specify the rule file or directory to use.

good-mitm.exe run -r rules

Use the HTTP proxy provided by Good-MITM in your browser or operating system: http://127.0.0.1:34567.

Transparent Proxy

See https://docs.mitmproxy.org/stable/howto-transparent/ for docs.

sudo sysctl -w net.ipv4.ip_forward=1
sudo sysctl -w net.ipv6.conf.all.forwarding=1
sudo sysctl -w net.ipv4.conf.all.send_redirects=0

sudo useradd --create-home mitm
sudo -u mitm -H bash -c 'good-mitm run -r rules/log.yaml -b 0.0.0.0:34567'

sudo iptables -t nat -A OUTPUT -p tcp -m owner ! --uid-owner mitm --dport 80 -j REDIRECT --to-port 34567
sudo iptables -t nat -A OUTPUT -p tcp -m owner ! --uid-owner mitm --dport 443 -j REDIRECT --to-port 34567
sudo ip6tables -t nat -A OUTPUT -p tcp -m owner ! --uid-owner mitm --dport 80 -j REDIRECT --to-port 34567
sudo ip6tables -t nat -A OUTPUT -p tcp -m owner ! --uid-owner mitm --dport 443 -j REDIRECT --to-port 34567

Rule

Rule is used to manipulate Good-MITM.

A valid rule should include the following components:

  • Name:Used to differentiate different rules for easier maintenance.
  • Filter:Used to select the content to be processed from a set of requests and responses.
  • Action:Used to perform desired actions, including redirect, reject, modification, etc.
  • Optionally, specify the domain name that requires MITM.
- name: "Block YouTube tracking"
  mitm: "*.youtube.com"
  filter:
    url-regex: '^https?:\/\/(www|s)\.youtube\.com\/(pagead|ptracking)'
  action: reject

Additionally, a valid rule should meet the following requirements:

  • Focus: Each rule should be designed to perform a single task.
  • Simplicity: Use straightforward methods for processing to ensure easy maintenance.
  • Efficiency: Use efficient methods whenever possible, such as using domain suffixes and prefixes instead of complex regular expressions for domain matching.

Filter

Filteris used to select the requests and responses that need to be processed.

Available Options

Currently, Filter includes the following types:

  • All
  • Domain(String)
  • DomainKeyword(String)
  • DomainPrefix(String)
  • DomainSuffix(String)
  • UrlRegex(fancy_regex::Regex)

Note
In the current version, the domain related types match the host field, which usually does not affect the results. If a website is using a non-standard port, the rule needs to specify the port. This behavior will be optimized in future versions.

All

When specifying the filter as all, it will match all requests and responses. This is typically used for performing logging actions.

- name: "log"
  filter: all
  action:
    - log-req
    - log-res
Domain

domain performs a full match against the domain name.

- name: "redirect"
  filter:
    domain: 'none.zu1k.com'
  action:
    redirect: "https://zu1k.com/"
DomainKeyword

domain-keyword performs a keyword match against the domain name.

- name: "reject CSDN"
  filter:
    domain-keyword: 'csdn'
  action: reject
DomainPrefix

domain-prefix performs a prefix match against the domain name.

- name: "ad prefix"
  filter:
    domain-prefix: 'ads' // example: "ads.xxxxx.com"
  action: reject
DomainSuffix

domain-suffix performs a suffix match against the domain name.

- name: "redirect"
  filter:
    domain-suffix: 'google.com.cn'
  action:
    redirect: "https://google.com"
UrlRegex Url

url-regex performs a regular expression match against the entire URL.

- name: "youtube tracking"
  mitm: "*.youtube.com"
  filter:
    url-regex: '^https?:\/\/(www|s)\.youtube\.com\/(pagead|ptracking)'
  action: reject

Multiple Filter

The filters field supports both single filters and multiple filters, with the relationship between multiple filters being OR.

- name: "youtube-2"
  mitm:
    - "*.youtube.com"
    - "*.googlevideo.com"
  filters:
    - url-regex: '^https?:\/\/[\w-]+\.googlevideo\.com\/(?!(dclk_video_ads|videoplayback\?)).+(&oad|ctier)'
    - url-regex: '^https?:\/\/(www|s)\.youtube\.com\/api\/stats\/ads'
    - url-regex: '^https?:\/\/(www|s)\.youtube\.com\/(pagead|ptracking)'
    - url-regex: '^https?:\/\/\s.youtube.com/api/stats/qoe?.*adformat='
  action: reject

Multiple rules with the same action can be aggregated into a single rule for easier maintenance.

Action

Action is used to perform operations on requests or responses.

Available Options

Currently, Action includes the following options:

  • Reject
  • Redirect(String)
  • ModifyRequest(Modify)
  • ModifyResponse(Modify)
  • LogRes
  • LogReq
Reject

The reject type directly returns 502 status code, which is used to reject certain requests. It can be used to block tracking and ads.

- name: "reject CSDN"
  filter:
    domain-keyword: 'csdn'
  action: reject
Redirect

The redirect type directly returns 302 status code for redirection.

- name: "youtube-1"
  filter:
    url-regex: '(^https?:\/\/(?!redirector)[\w-]+\.googlevideo\.com\/(?!dclk_video_ads).+)(ctier=L)(&.+)'
  action:
    redirect: "$1$4"
ModifyRequest

modify-request is used to modify the request. For specific modification rules, refer to the Modify section.

ModifyResponse

modify-response is used to modify the response. For specific modification rules, refer to the Modify section.

Log

log-req is used to log the request, and log-res is used to log the response.

Multiple Action

The actions field supports both single actions and multiple actions. When multiple actions need to be performed, an array should be used.

- name: "youtube-1"
  filter:
    url-regex: '(^https?:\/\/(?!redirector)[\w-]+\.googlevideo\.com\/(?!dclk_video_ads).+)(ctier=L)(&.+)'
  actions:
    - log-req:
    - redirect: "$1$4"

Modify

Modify are used to perform modification operations, including modifying requests and modifying responses.

Available Options

Based on the location of the content to be modified, the modifiers can be categorized as follows:

  • Header(MapModify)
  • Cookie(MapModify)
  • Body(TextModify)
TextModify

TextModify is mainly used for modifying text. Currently, it supports two methods:

  • Setting the text content directly.
  • Simple replacement or regular expression replacement.
Setting Text Directly

For the plain type, the content will be directly set to the specified text.

- name: "modify response body plain"
  filter:
    domain: '126.com'
  action:
    modify-response:
      body: "Hello 126.com, from Good-MITM"
Replacement

Replacement supports both simple replacement and regular expression replacement.

Simple Replacement

- name: "modify response body replace"
  filter:
    domain-suffix: '163.com'
  action:
    modify-response:
      body:
        origin: "NetEase homepage"
        new: "Good-MITM homepage"

Regular expression replacement.

- name: "modify response body regex replace"
  filter:
    domain-suffix: 'zu1k.com'
  action:
    - modify-response:
        body:
          re: '(\d{4})'
          new: 'maybe $1'
MapModify

MapModify is a modifier used to modify dictionary-type locations, such as header and cookies.

The key represents the key in the dictionary and must be specified.

The value is of type TextModify and follows the methods mentioned above.

If remove is set to true, the key-value pair will be removed.

- name: "modify response header"
  filter:
    domain: '126.com'
  action:
    - modify-response:
        header:
          key: date
          value:
            origin: "2022"
            new: "1999"
    - modify-response:
        header:
          key: new-header-item
          value: Good-MITM
    - modify-response:
        header:
          key: server
          remove: true
Header Modification

Refer to the methods in the MapModify section.

Cookie Modification

Same as the Header modification method.

If remove is set to true, the corresponding set-cookie item will also be removed.

Body Modification

Refer to the methods in the TextModify section.

License

Good-MITM © zu1k, Released under the MIT License.

More Repositories

1

bs-core

Easy and blazing-fast book searcher, create and search your private library.
TypeScript
6,325
star
2

proxypool

Automatically crawls proxy nodes on the public internet, de-duplicates and tests for usability and then provides a list of nodes
Go
3,818
star
3

nali

An offline tool for querying IP geographic information and CDN provider. 一个查询IP地理信息和CDN服务提供商的离线终端工具.
Go
3,754
star
4

translator

简单、轻量、好用的划词翻译软件
Rust
1,246
star
5

tg-keyword-reply-bot

Telegram关键词自动回复机器人: 根据群组管理员设定的关键词或者正则规则,自动回复文字、图片、文件或者进行永久禁言、临时禁言、踢出等群管操作
Go
528
star
6

http-proxy-ipv6-pool

Make every request from a separate IPv6 address.
Rust
507
star
7

xray-crack

xray社区高级版证书生成,仅供学习研究,正常使用请支持正版。removed due to Chaitin requirements & support to version 1.4.4 & learning purpose
445
star
8

srun

srun 深澜认证登录,超轻量、多平台,支持多拨、自动探测IP、指定网卡
Rust
217
star
9

deepl-translate-api

Reverse engineered DeepL translate api
98
star
10

some-mitm-proxy

开始封号了,停止公开服务观察一段时期
71
star
11

hosts-rs

hosts file parsing, modification library, and some derivatives.
Rust
35
star
12

ldap-log

一个LDAP请求监听器,摆脱dnslog平台和java
Rust
34
star
13

globalssh4github

利用UCloud的免费GlobalSSH服务加速github的ssh协议
Go
33
star
14

github-hosts

Modify hosts to speed up GitHub access.
Rust
30
star
15

beacon_hook_bypass_memscan

works but not work, cao!
Rust
24
star
16

blog

个人博客,记录和分享我的一些经验、想法和作品
HTML
24
star
17

zu1k

My GitHub profile page
22
star
18

b_search

Rust
20
star
19

my_followers

Automatically generate an avatar wall of followers for your GitHub account
Python
20
star
20

uniclip

Unified Clipboard, just a demo, DO NOT USE!
Rust
18
star
21

LibAFL-Book-zh

LibAFL 文档书 简体中文版
16
star
22

she

课程作业,半成品,数据根据法律不公开
Go
16
star
23

pl0compiler

编译原理实验 PL0简化版程序的词法、语法分析和解释执行
Go
15
star
24

coolq-rsspushbot

RSS订阅的QQ机器人
Go
8
star
25

install-cert

Rust
6
star
26

hexoblog

新仓库: https://github.com/zu1k/blog
HTML
4
star
27

evernote_noad

For Chinese version only
Go
3
star
28

pdf_add_toc

Python
3
star
29

rand_derive-rs

Rust
2
star
30

shorturl

最简单的短链接口,没有过期功能,没有管理功能,不记录任何信息,一句话,就是low,不会有人用作生产环境的
Go
1
star
31

opencv-rs-learn

Rust
1
star