httpssniffer-muffin

[intro] [download] [install] [documentation] [participate]

Documentation

You will find all necessary instructions to run httpssniffer-muffin on this website or inside the INSTALL file (provided in the zip archive).

New 0.10.x configuration is detailed in the sample default.conf, logging.properties and muffin.props. If you want to go back to the old muffin behaviour only, you will want to remove the Log filter and remove HTTPS decryption (just comment corresponding lines in the properties files).

Otherwise, source code is your last chance for documentation.

How is HTTPS sniffing done?

When an HTTPS request is received by the proxy (Server running on port 51966), it is forwarded to a simple HTTPS server (in fact just an SSLServerSocket). This HTTPS server (ForwardSecureServer) will log the decrypted request and forward it through an SSL socket to the real destination. Then it will log and forward the response to the proxy, which will in turn forward it to the client. Alert in the browser should popup to tell you the server certificate does not correspond to the website you are trying to access (the server certificate will be the custom muffin one).

To summarize, BROWSER <==> PROXY <==> fake HTTPS server <==> real HTTPS server.

New features

Changes with Muffin 0.10.5:

* bug fix incorrect multibyte characters thanks to Christian Mallwitz

* better CookieMonster filter thanks to Christian Mallwitz

* URL obscuration turned off by default. 


Changes with Muffin 0.10.4:

* now resolving obscure ip addresses.

* an anonymizer filter that is obscuring a url (ip and path),
 see default.conf for configuration details.

* dnsjava 1.2.4 integration

* log4j 1.2 integration (without net or jmx)


Changes with Muffin-0.10.3 (3rd HTTPS patch for Muffin-0.9.3a)

* HTTPS client authent option to connect the decrypting/reencrypting server.

* Text only muffin is now independent from awt.

* Socket closed exception better "ignored" during https proxying.

* protocol specific filtering option for filters extending ProtocolSpecificFilter
in order to filter one particular protocol and not another at the same time.

* log4j usage everywhere (instead of System.out or e.printStackTrace)


Changes with second HTTPS patch:

* HTTPS forwarding done within Muffin (no need for the external server).

* decrypted HTTPS filtering.


Changes with first HTTPS patch:

* HTTPS forwarding to an external server decrypting and forwarding reencrypted data for HTTPS debugging.

* patch web site: http://httpssniffer.sourceforge.net