A intercepting Proxy in Rust

rust in the middle -> ritm -> "Rhythm"

Why?

Java Proxys eat your RAM and look ugly while doing it.

Also, ZAP messes up base64 decoding and is not able to alter all the filds in a HTTP request (like the Host). Furthermore, Burp and esspecially ZAP could use some proxychains style proxy support.

Features

• TLS Intercept

  • Generate Certs with Common+Alt Name
  • Individual Root CA

• TLS Passthrought

• Upstream Proxys

  • HTTP Connect
  • Socks
  • Chainable (Proxychains Style)
  • with match list (Foxyproxy style)
  • HTTP without Connect in case of HTTP with a single Proxy

• Hosts entries in the Proxy (change name resolution)

• Transparent Mode (Listen with fake cert @ port + forward it)

• Breakpoints (ZAP or HTTPToolkit Style)

• Client Certificates

• Non HTTP

• Store Stuff in a Database

• strip encodings and gzip

• Resend

• Alter Requests

  • Add Cookies from Jar
  • Update Content-Length

• Gateway Timeout

• HTTP/2

• Websockets

• WASM Gui

  • Tool Tips for URL / Base64 / XMLEntities
  • Page Map
  • History
  • Requests / Responses

• Start proxied App (HTTPToolkit Style)

• Start external Application with Parameters from a Request

• Exclude from History

• Plugins via WASI

  • Passive Scanners
  • Active Scanners
  • scan - rustbuster?
    • vHosts
    • dirs
    • HTTP Methods

build

sudo apt install pkg-config libssl-dev
cargo build -p rhythm_prx

wasm-pack build --target web