Pages

Wednesday, 1 April 2020

Man in the Middle SOCKS Proxy for JAVA, mitmsocks4j


An interceptor for SOCKS Proxy protocol to allow user to dump any connections' content even if it is secured with SSL.
Please note that this is not a general purpose proxy server (performance issues and lack of capabilities). I actually developed it for my needs about examining connections of mobile applications.
I only tested it over connections of applications on my Android phone. So it is a very restricted cluster for a test. If you encounter an misfunction, you are always welcome to open an issue explaining it.

Usage

java -jar mitmsocks4j.jar -h
usage: mitmsocks4j [-h] [-l [{ALL,TRACE,DEBUG,INFO,WARN,ERROR,OFF}]]
               [-x [PROXYPORT]] [-d [DELEGATORPORT]]
               [-s [SECUREDPORTS [SECUREDPORTS ...]]] [-k KEYSTORE]
               [-p PASSWORD]

Strips SSL/TLS layer from SOCKS proxy connection to dump plain data!

optional arguments:
 -h, --help          show this help message and exit
 -l [{ALL,TRACE,DEBUG,INFO,WARN,ERROR,OFF}], --loglevel [{ALL,TRACE,DEBUG,INFO,WARN,ERROR,OFF}]
      Sets logging level!
-x [PROXYPORT], --proxyport [PROXYPORT]
      Proxy port that proxy listens.(default:1080)
-d [DELEGATORPORT], --delegatorport [DELEGATORPORT]
      Delegator port that mitm takes place.(default:1081)
-s [SECUREDPORTS [SECUREDPORTS ...]], --securedports [SECUREDPORTS [SECUREDPORTS ...]]
      Secured ports that will be ssl-stripped
-k KEYSTORE, --keystore KEYSTORE
      Keystore that will be used to imitate actual
      server certificates for clients(default:mitmsocks4j.jks)
-p PASSWORD, --password PASSWORD
      Keystore password.(default:123456)
Sample usage:
java -jar mitmsocks4j.jar -l ERROR -s 5228 443 8883

About CA Certificate

mitmsocks4j needs a CA certificate to forge remote server's certificate and signs it. So user should add this CA certificate to its trust store. Otherwise most of applications will drop the connection.(Browser may have an option to ask user to accept that certificate.)

About SOCKS Protocol

To be able to use this tool, user should be able to redirect his program's traffic to a SOCKS proxy. Most of the browsers have an option to configure SOCKS proxy settings. In my case; Android does not have such an option(only supports HTTP proxy). So I rooted my phone and use ProxyDroid.