dannvix

Use nginx as Non-Transparent SSL Proxy

Introduction

Many mobile apps have back-end API servers. They usually rely on the API replies to determine whether certain information is supposed to be shown. If the API responses could be manipulated on the fly, we may easily fool an unmodified app to expose some private data.

This manual guides you to set up nginx as non-transparent SSL proxy, which just subsitutes strings in the server responses (i.e. man-in-the-middle attack ourself). For both server-side (their API servers) and client-side (your device), the whole process is almost transparent.

sparanoid

Tencent (腾讯):

• http://isux.tencent.com/ (Internet Social User Experience／社交用户体验设计部)
• http://cdc.tencent.com/ (Customer Research & User Experience Design Center／即用户研究与体验设计中心)
• (已死) http://isd.tencent.com/ (Design Team for Internet Service Division／即用户研究与体验设计中心)
• (已死) http://wsd.tencent.com/
• (已死) http://flashteam.tencent.com/
• http://tgideas.qq.com/
• (已死) http://gdc.qq.com/
• (已死) http://ecd.tencent.com/

rubendob

user              nginx;
worker_processes  2;
worker_rlimit_nofile 32768;
error_log  /var/log/nginx/error.log;
#error_log  /var/log/nginx/error.log  notice;
#error_log  /var/log/nginx/error.log  info;
pid        /var/run/nginx.pid;
events {
    worker_connections  4096;
    multi_accept on;