Skip to content

Instantly share code, notes, and snippets.

@ReaGed
ReaGed / nginx-non-transparent-ssl-proxy.md
Created October 22, 2016 16:15 — forked from dannvix/nginx-non-transparent-ssl-proxy.md
Guide to set up nginx as non-transparent SSL proxy, which subsitutes strings in the server responses

Use nginx as Non-Transparent SSL Proxy

Introduction

Many mobile apps have back-end API servers. They usually rely on the API replies to determine whether certain information is supposed to be shown. If the API responses could be manipulated on the fly, we may easily fool an unmodified app to expose some private data.

This manual guides you to set up nginx as non-transparent SSL proxy, which just subsitutes strings in the server responses (i.e. man-in-the-middle attack ourself). For both server-side (their API servers) and client-side (your device), the whole process is almost transparent.

@ReaGed
ReaGed / onion-gen.js
Created October 7, 2016 13:54 — forked from ttaubert/onion-gen.js
Generating custom .onion names with the WebCrypto API
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this file,
* You can obtain one at http://mozilla.org/MPL/2.0/. */
"use strict";
/*
* thirty-two
* https://github.com/chrisumbel/thirty-two
*