Visit the website Oupscrk for a production-ready release.

• Expose all HTTP/HTTPS traffic in plain-text Deciphered and Decoded
• Tamper with HTTP/HTTPS Requests
• Tamper with HTTP/HTTPS Responses
• Perform Replay Attacks

This program is written in Java 8 and uses Bouncy castle library as the Crypto API.

As you may have noticed there is two profiles in the Pom file, which correspond to two usage modes :

1 - Standalone proxy (Default mode) : In this mode all you get is a proxy intercepting the HTTP/HTTPS traffic and the display of the streamed data between the navigator and the remote server in plain-text.

2 - Proxy UI : In this mode you have the prossibility to interact with the proxy using a TCP socket, and a set of actions. In the following an exhaustive list of actions :

[START_PROXY, STOP_PROXY, CHECK_PROXY, START_EXPOSE, STOP_EXPOSE, START_TAMPER_REQUEST, 
STOP_TAMPER_REQUEST, START_TAMPER_RESPONSE, STOP_TAMPER_RESPONSE, START_REPLAY_ATTACK, 
STOP_REPLAY_ATTACK]

In the Showcase website I provide a desktop application that uses Proxy UI, for a better display and usability.

In order to be able to intercept HTTPS traffic, you will have to load a custom CA (Certificate Authority) in your navigator. To do so, you should first start the proxy and enable your navigator (firefox preferably) to use it :

And then navigate to : http://oupscrk.local

All new ideas/features are welcome.