mitm

package module
Version: v0.0.0-...-16e7256 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 5, 2017 License: Apache-2.0 Imports: 8 Imported by: 0

README

mitm

Build Status GoDoc

TLS MITM Detection based on the work done in caddy, extracted as an easily importable and seperately testable go library for usage in independent go programs.

This capability is based on research done by Durumeric, Halderman, et. al. in "The Security Impact of HTTPS Interception" (NDSS '17) - https://jhalderm.com/pub/papers/interception-ndss17.pdf

Full credit to caddy and all contributors for the implementation here, I've just tidied it up for use in other projects and given it a clean public API free of caddy/ imports and external dependencies.

Usage

Pass your net.Listener and *tls.Config to mitm, then check to see if your connections are MITM-ed with mitm.Check(r).

package main

import (
	"log"
	"net"
	"net/http"

	"github.com/fortytw2/mitm"
)

func main() {
	l, err := net.Listen("localhost", "8080")
	if err != nil {
		panic(err)
	}

	h := mitm.NewHandler(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
		if mitm.Check(r) {
			panic("oh no, you've been MITM-ed")
		}
		w.Write([]byte("all good!"))
	}), l, nil, false)

	log.Fatal(http.Serve(l, h))
}

Installation

go get -u github.com/fortytw2/mitm/...

License

Apache, see LICENSE

Documentation

Index

Constants

View Source
const (

	// cipher suites missing from the crypto/tls package,
	// in no particular order here
	TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 = 0xc024
	TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384   = 0xc028
	TLS_RSA_WITH_AES_256_CBC_SHA256         = 0x3d
	TLS_DHE_RSA_WITH_AES_128_CBC_SHA        = 0x33
	TLS_DHE_RSA_WITH_AES_256_CBC_SHA        = 0x39
	TLS_RSA_WITH_RC4_128_MD5                = 0x4

	// new PSK ciphers introduced by TLS 1.3, not (yet) in crypto/tls
	// https://tlswg.github.io/tls13-spec/#rfc.appendix.A.4)
	TLS_AES_128_GCM_SHA256       = 0x1301
	TLS_AES_256_GCM_SHA384       = 0x1302
	TLS_CHACHA20_POLY1305_SHA256 = 0x1303
	TLS_AES_128_CCM_SHA256       = 0x1304
	TLS_AES_128_CCM_8_SHA256     = 0x1305
)

Define variables used for TLS communication

Variables

This section is empty.

Functions

func Check

func Check(r *http.Request) bool

Check returns true if the connection has been marked as MITM-ed

Types

type Handler

type Handler struct {
	// contains filtered or unexported fields
}

Handler is a http.Handler that will inject a value into the request context indicating if the TLS connection is likely being intercepted.

func NewHandler

func NewHandler(h http.Handler, ln net.Listener, c *tls.Config, closeOnMITM bool) *Handler

NewHandler returns a new Handler set up to detect tls MITM

func (*Handler) ServeHTTP

func (h *Handler) ServeHTTP(w http.ResponseWriter, r *http.Request)

ServeHTTP checks the User-Agent. For the four main browsers (Chrome, Edge, Firefox, and Safari) indicated by the User-Agent, the properties of the TLS Client Hello will be compared. The context value "mitm" will be set to a value indicating if it is likely that the underlying TLS connection is being intercepted.

Note that due to Microsoft's decision to intentionally make IE/Edge user agents obscure (and look like other browsers), this may offer less accuracy for IE/Edge clients.

This MITM detection capability is based on research done by Durumeric, Halderman, et. al. in "The Security Impact of HTTPS Interception" (NDSS '17): https://jhalderm.com/pub/papers/interception-ndss17.pdf

Source Files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
t or T : Toggle theme light dark auto
y or Y : Canonical URL