MITMEngine Logo

MITMEngine

0
Free
Visit Website

DEPRECATION NOTICE: This software is no longer maintained. The goal of this project is to allow for accurate detection of HTTPS interception and robust TLS fingerprinting. This project is based off of The Security Impact of HTTPS Interception, and started as a port to Go of their processing scripts and fingerprints. More context about MITMEngine is available in this Cloudflare blog post. Quick Links: - Signatures and Fingerprints: Core Definitions - MITM Detection Methodology - API Example Usage - Building and Testing - How to Contribute - mergeDB utility Requirements - Go - Wireshark 3.0.0 (wireshark -v to check) Documentation: Detailed documentation lives with the code (copy package to $(GOPATH)/src/github.com/cloudflare/mitmengine first). Command to access documentation: godoc -http=:6060 http://localhost:6060/pkg/github.com/cloudflare/mitmengine Signature and Fingerprints: In this project, fingerprints map to concrete instantiations of an object, while signatures can represent multiple objects. We use this convention because a fingerprint is usually an inherent property of an object, while a signature can be chosen. In the same way, an actual client request seen by a server would have a fingerprint, while the software

FEATURES

ALTERNATIVES

A Yara scanner for IMAP feeds and saved streams, extracting attachments and scanning them with chosen Yara rule files.

Automated SSRF finder with options for XSS and open redirects

A package for capturing and analyzing network flow data and intraflow data.

Tcpreplay is a suite of Open Source utilities for editing and replaying captured network traffic.

DenyHosts is a script to block SSH server attacks by automatically preventing attackers after failed login attempts.

A multi-threading tool for sniffing HTTP header records with support for offline and live sniffing, TCP flow statistics, and JSON output.

A tool for creating custom policies for IEE policies

Arkime is an open-source network capture and analysis tool that provides comprehensive network visibility, facilitating swift identification and resolution of security and network issues.