DEPRECATION NOTICE: This software is no longer maintained. The goal of this project is to allow for accurate detection of HTTPS interception and robust TLS fingerprinting. This project is based off of The Security Impact of HTTPS Interception, and started as a port to Go of their processing scripts and fingerprints. More context about MITMEngine is available in this Cloudflare blog post. Quick Links: - Signatures and Fingerprints: Core Definitions - MITM Detection Methodology - API Example Usage - Building and Testing - How to Contribute - mergeDB utility Requirements - Go - Wireshark 3.0.0 (wireshark -v to check) Documentation: Detailed documentation lives with the code (copy package to $(GOPATH)/src/github.com/cloudflare/mitmengine first). Command to access documentation: godoc -http=:6060 http://localhost:6060/pkg/github.com/cloudflare/mitmengine Signature and Fingerprints: In this project, fingerprints map to concrete instantiations of an object, while signatures can represent multiple objects. We use this convention because a fingerprint is usually an inherent property of an object, while a signature can be chosen. In the same way, an actual client request seen by a server would have a fingerprint, while the software
FEATURES
ALTERNATIVES
Sniffglue is a network sniffer tool written in Rust with advanced filter sensitivity options and secure packet processing.
A blog sharing packet capture files and malware samples for training and analysis, with archived posts and traffic analysis exercises.
A method for profiling SSL/TLS Clients with easy-to-produce client fingerprints.
A service for better visibility on networking issues in Kubernetes clusters by detecting traffic denied by iptables.
An OpenFlow honeypot that detects unused IP addresses and simulates network traffic to attract and analyze potential threats
A smart SSRF scanner using different methods like parameter brute forcing in post and get requests.
Akamai Enterprise Application Access is a ZTNA solution that provides secure, identity-based access to private applications without exposing the network.
PINNED

Mandos Brief Newsletter
A weekly newsletter providing cybersecurity leadership insights, industry updates, and strategic guidance for security professionals advancing to management positions.

PTJunior
An AI-powered penetration testing platform that autonomously discovers, exploits, and documents vulnerabilities while generating NIST-compliant reports.

CTIChef.com Detection Feeds
A tiered cyber threat intelligence service providing detection rules from public repositories with varying levels of analysis, processing, and guidance for security teams.

ImmuniWeb® Discovery
ImmuniWeb Discovery is an attack surface management platform that continuously monitors an organization's external digital assets for security vulnerabilities, misconfigurations, and threats across domains, applications, cloud resources, and the dark web.

Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.

Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.

DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.