WEBMITM(8) System Manager's Manual WEBMITM(8)NAME
webmitm - HTTP / HTTPS monkey-in-the-middle
SYNOPSIS
webmitm [-d] [host]
DESCRIPTION
webmitm transparently proxies and sniffs HTTP / HTTPS traffic redirected by dnsspoof(8), capturing most "secure" SSL-encrypted webmail
logins and form submissions.
OPTIONS -d Enable debugging mode. May be specified multiple times to greater effect.
host Specify a host to proxy to. If none given, only requests containing an HTTP/1.1 Host: header or absolute URI will be relayed trans-
parently.
FILES
webmitm.crt
SSL certificate
SEE ALSO dsniff(8), dnsspoof(8)AUTHOR
Dug Song <dugsong@monkey.org>
WEBMITM(8)
Check Out this Related Man Page
PROXYTUNNEL(1) General Commands Manual PROXYTUNNEL(1)NAME
proxytunnel - program to tunnel a connection throught an standard HTTPS proxy.
SYNOPSIS
proxytunnel [options]
DESCRIPTION
This manual page documents the proxytunnel command.
proxytunnel is a program that open a tunnel through a HTTPS proxy.
OPTIONS
This program follow the usual GNU command line syntax, with long options starting with two dashes (`-').
-h, --help
Print help and exit.
-V, --version
Print the version of the program and exit.
-i, --inetd
Run from inetd. Default is off.
-a PORT, --standalone=PORT
Run as standalone daemon on specified port.
-p host:port, --proxy=host:port
The local HTTPS proxy host:port combo to connect to.
-r host:port, --remproxy=host:port
The second-level (remote) proxy host:port to connect to when using two proxies.
-d host:port, --dest=host:port
The destination host:port to built the tunnel to.
-e, --encrypt
Encrypt the data between the local proxy and the destination using SSL.
-E, --encrypt-proxy
Encrypt the data between the client and the local proxy using SSL.
-B, --buggy-encrypt-proxy
Encrypt the data between the client and the local proxy using SSL, but stop using SSL immediately after the CONNECT exchange to
workaround server bugs. (Might not work on all setups; see /usr/share/doc/proxytunnel/README.Debian.gz for more details.)
-X, --encrypt-remproxy
Encrypt the data between the local proxy and the second-level proxy using SSL.
-F STRING, --passfile=STRING
The file containing Username & Password to send to HTTPS proxy for authentification. This file uses the same format as .wgetrc, and
so can use the credentials in common with wget. This option can be used to at least hide the password from anyone clever enough to
use the `ps' command.
-P user:pass, --proxyauth=user:pass
The credentials to use for local HTTP(S) proxy authentication.
-R user:pass, --remproxyauth=user:pass
The credentials to use for remote HTTP(S) proxy authentication.
-N, --ntlm
Use NTLM-based authentication.
-t DOMAIN, --domain=DOMAIN
The NTLM domain to use, default is to autodetect.
-H STRING, --header=STRING
Additional HTTP headers to send to the proxy.
-x STRING, --proctitle=STRING
Use a different process title.
-v, --verbose
Turn on verbosity. Default is off.
-q, --quiet
Suppress messages. Default is off.
NOTES
To use this program with OpenSSH to connect to a host somewhere, create a $HOME/.ssh/config file with the following content:
Host foobar
ProtocolKeepAlives 30
ProxyCommand /usr/bin/proxytunnel -p proxy.customer.com:8080
-P user:password -d mybox.athome.nl:443
If your proxy doesn't require the username and password for using it, you can skip these options.
If you want to run proxytunnel from inetd add the '--inetd' option.
Most HTTPS proxies do not allow access to ports other than 443 (HTTPS) and 563 (SNEWS), so some hacking is necessary to start the SSH dae-
mon on the required port. (On the server side add an extra Port statement in the sshd_config file)
AUTHOR
This manual page was written by Loic Le Guyader <loic.leguyader@laposte.net> and updated by Julian Gilbey <jdg@debian.org> for the Debian
GNU/Linux system (but may be used by others).
August 30, 2009 PROXYTUNNEL(1)