Note: This repository is available in tangled and GitHub.
LiquidProxy is a fork of WowFunHappy's Aqua Proxy. which is based on kr's mitm
getcertpage.html uses CSS from cydia.saurik.com, and few parts of it is taken from Victor Lobe's personal website. (gh/victorlobe/victorlobe.me)
- A fix for "could not start a secure connection" and other TLS/SSL issues
- A way to connect to modern mail servers without TLS version/cipher limit
- Complete fix for web browsing
- Secure way to do anything at all (as you're still seeing the stuff in older ciphers/SSL version)
- Fix for (insert app name) that has completely different API by now
- Fix for (insert tweak name)
- A way to browse (very few) laggy websites without lag
- A normal HTTP proxy, as clients with TLSv1.3 and HTTP/2 will have the data just sent without MitM (assuming that the force-mitm flag is off)
- Get mails on ancient devices that your mail provider rejects
- Use some HTTP services with same or compatible API (such as CalDAV on strict servers like Disroot)
- Static web UI to quickly obtain the certificate
- Ability to block modern clients (if detected, don't rely on it)
- Ability to block ancient clients (TLSv1.1 or lower)
- Authentication (mess, but works)
- Better documentation and generally less headache of manually hosting it outside of legacy OSX
- Mail and HTTP proxy combined into one project
- Source code is split into multiple files, making maintenance easier
- Makefile for building
Do NOT use any third party instanced of LiquidProxy, unless you trust them. Due to nature of TLS MitM proxies, the server owner is able to see everything that goes through the proxy. HTTPS WEBSITES WILL STILL BE INTERCEPTED! THERE IS NO WAY TO DEFEND AGAINST THIS RISK, OTHER THAN TO HOST YOUR OWN PROXY.
The guides have been migrated here
Run make, and you'll see liquidproxy(.exe) in the project directory. Just run it!
If you can't have GNU Make for some reason (there is a port of it for Windows), just run go build -o ../ in src directory.
Top part is required for certain functions to work. Bottom is something that doesn't exist anymore, so the log spam is less annoying.
AI was barely used in making of this software. It was used for some parts, but the work was mostly from reading the docs.
There are some AI? traces on the code - and .claude on .gitignore. They likely come from the original project, not me. (likely AquaProxy, not mitm)