MITMEngine – MITM (monster-in-the-middle) Detection Tool

MITMEngine is a Cloudflare project that allow for accurate detection of HTTPS interception and robust TLS fingerprinting. As the use of HTTPS grows, the desire to infiltrate protected traffic is increasing.

A 2017 study by The Security Impact of HTTPS Interception found this to be a common practice. Analysis of traffic on Firefox update servers showed that in some countries the percentage of introducing third party agents in HTTPS reaches 15%.

mitmengine - MITM (monster-in-the-middle) Detection Tool
mitmengine – MITM (monster-in-the-middle) Detection Tool statistics from Malcom

This risk is not just from the third-party system intercepting the traffic to get sensitive information but in many cases this may affect the client security when the third party (proxy server) do not support modern ciphers or do not validate certificates which leads to reduce the overall security of the connection.

HTTPS interception occurs in situations like the following:

  • A device has a root certificate installed that allow an intermediary to decrypt and inspect traffic.
  • An origin server provides its TLS private key to a third party (like a reverse proxy) that does TLS termination.

The tool will verify the following connection fingerprint:

  • Client Request – The aim from this verification is to make each signature specific enough that it can uniquely identify a piece of software.
  • User Agent – A User Agent signature for a browser allows for a range of browser versions, and allows for specifying the OS name, OS platform, OS version range, and device type for creating more fine-grained signatures.
  • Browser- A browser signature contains both a User Agent signature and a client request signature. This allows for a signature to represent all of the possible fingerprints generated by Chrome 31-38 on Windows 10, for example.

The listed fingerprint may allow the program to detect if the connection coming from actual user or a third party that act as a proxy and may collect sensitive information.

You can read more and download or contribute to mitmengine project over here: https://github.com/cloudflare/mitmengine

Share