Challenge Overview
Overview
Create a man-in-the-middle proxy server to capture web traffic between systems. While not required, we recommend the system be based upon MITMProxy, an open source application that handles the core proxy server and certificate generation functions.
Interface
The application should be command line based. Once started, it should listen on a configured port for incoming TCP connections. It should log all HTTP and HTTPS traffic that flows through the server and output the log information as CSV. The CSV file should have a header row and contain the following fields. The output file should be UTF-8 and use Windows line endings. The system should create one row for each request-response connection.
CSV fields:
- Client IP
- Server IP
- Authorization
- Request Content-Type
- Request Content-Length
- Request Host
- Request Date
- User-Agent
- Content-Encoding
- Response Content-Type
- Response Content-Length
- Response Date
- Server
- Status
- Server Port
- HTTP Method
- HTTP Path
- Request Body (truncated - up to 24 characters)
- Response Body (truncated - up to 24 characters)
- Encrypted (true if the TCP connection was encrypted, false if otherwise)
- Certificate common name (for encrypted connections)
- Certificate organization (for encrypted connections)
- Certificate issuer (for encrypted connections)
- Certificate Expiration Date (for encrypted connections)
Proxy Requirements
The application should require a root certificate from a Certificate Authority (CA cert) be installed in the client’s trusted certificate store. This CA cert will create and sign certificates as needed to ensure the proxy server is transparent to the client browser. Once installed, the client browser should not display any errors of security dialogs while configured to route traffic through the proxy server.
Note that errors are permitted and expected for clients and services that are protected by public key pinning.
System Requirements
The application must run on Windows. Mac OS X support is optional.
Programming Language
Python is preferred but we are open to other options as well.
Documentation
Include a README file with installation and configuration instructions
Final Submission Guidelines
Deliverables
- All source code to implement the requirements.
- A sample CSV output file. Please ensure no sensitive information is in this file.
- README file containing installation and configuration documentation.
- Verification document containing steps to verify your solution.