MITM_V_6.0 is a robust, open-source cybersecurity tool developed in Python. It functions as a local Man-in-the-Middle (MITM) proxy, allowing security researchers and students to intercept, analyze, manipulate, and replay HTTP/HTTPS traffic between a browser and a web server.
Designed as an educational alternative to industry standards like Burp Suite, this tool implements core penetration testing features including a Repeater, Intruder, and dynamic SSL/TLS Certificate Forging.
- Full Control: Intercept requests in real-time. You can Forward valid requests, Drop suspicious ones, or Edit headers and body data on the fly before they reach the server.
- SSL/TLS Decryption: Automatically handles the SSL handshake, decrypting HTTPS traffic using a custom, dynamically generated Certificate Authority (CA).
- Smart Render: Includes a specialized rendering engine that injects
<base>tags into intercepted HTML, ensuring that static assets (CSS, Images) load correctly when viewing pages locally.
- Send intercepted requests to the Repeater tab for manual testing.
- Modify headers (User-Agent, Cookies) or payloads and resend the request to observe server behavior.
- Includes a Render HTML feature that securely opens the server's response in your default browser (supports
xdg-openon Kali Linux).
A multi-threaded attack module designed for brute-forcing and fuzzing.
- Sniper Mode: Places a single payload set into a specific marker (
§value§). Ideal for simple PIN or parameter fuzzing. - Cluster Bomb Mode: Iterates through multiple payload sets (e.g., Username list vs. Password list). Ideal for credential stuffing.
- Performance: Uses a threaded queue system to handle high-volume attacks without freezing the GUI.
- Results Analysis: Table view showing Status Codes, Response Length, and Response Time to easily identify successful logins.
- Native support for Linux file openers (
xdg-open). - Browser launching support with
--no-sandboxflags for root users. - Cross-platform compatibility (works on Windows 10/11).
| Proxy Interface | Intruder Attack |
|---|---|
 |
 |
- Python 3.x
pip(Python Package Manager)python3-tk(Required for GUI on Linux)
git clone [https://github.com/sreekanthankn/MITM_V_6.0.git](https://github.com/sreekanthankn/MITM_V_6.0.git)
cd MITM_V_6.0pip install -r requirements.txtIf you are on Kali Linux and get a Tkinter error:
sudo apt-get update
sudo apt-get install python3-tk# On Linux / Mac
chmod +x MITM_V_6.0.py
python3 MITM_V_6.0.py
# On Windows
python MITM_V_6.0.pyTo intercept HTTPS traffic without browser errors, you must trust the tool's Certificate Authority.
Run the tool once. It will automatically generate mitm_ca.crt and mitm_ca.key in the project folder.
Import to Browser:
Firefox: Settings -> Privacy & Security -> Certificates -> View Certificates -> Import -> Select mitm_ca.crt -> Check "Trust this CA to identify websites".
Chrome/Edge: Settings -> Privacy -> Security -> Manage Certificates -> Trusted Root Certification Authorities -> Import -> Select mitm_ca.crt.
Open your browser's Proxy Settings.
Set the Manual Proxy configuration to:
IP: 127.0.0.1
Port: 8080
Enable this for HTTP and HTTPS.
Go to the Proxy tab in MITM_V_6.0 and ensure "Intercept Is On" is checked.
Visit a site (e.g., a login page). The browser will load indefinitely.
The request will appear in the tool. You can modify the data and click Forward.
Capture a login request in the Proxy tab.
Click Send to Intruder.
In the Intruder tab, highlight the username and click Add §. Do the same for the password.
Select Cluster Bomb as the attack type.
Load your payload lists (Usernames for Set 1, Passwords for Set 2).
| File / Directory | Description |
|---|---|
MITM_V_6.0.py |
The main application source code containing the Proxy, Intruder, and GUI logic. |
requirements.txt |
List of Python dependencies (requests, cryptography, etc.) required to run the tool. |
mitm_ca.crt |
The Root Certificate Authority (Public Key) generated by the tool. Import this to browser. |
mitm_ca.key |
The Private Key for the Root CA. (Keep Safe/Do not share) |
certs/ |
A folder where dynamic fake certificates for visited websites (e.g., google.com.crt) are stored. |
temp_render.html |
A temporary file created to render intercepted HTML content in the browser. |
README.md |
Documentation explaining how to install and use the tool. |
LICENSE |
The MIT License file permitting open-source use. |
sequenceDiagram participant Browser as User Browser participant Proxy as MITM_V_6.0 (Proxy) participant CA as CertManager (CA) participant Server as Target Website
Note over Browser, Proxy: 1. Initial Connection
Browser->>Proxy: TCP Connect (Port 8080)
rect rgb(240, 240, 240)
Note over Proxy, CA: 2. SSL Interception
Proxy->>CA: Request Certificate for Target
CA->>Proxy: Generate Fake Cert (Signed by MITM CA)
Proxy-->>Browser: SSL Handshake (Fake Cert)
end
rect rgb(255, 245, 245)
Note over Proxy, Server: 3. Upstream Connection
Proxy->>Server: Connect (Real SSL)
Server-->>Proxy: SSL Handshake (Valid Cert)
end
Note over Browser, Server: 4. Traffic Flow
Browser->>Proxy: HTTP Request (Encrypted)
Proxy->>Proxy: Decrypt & Intercept (GUI)
Proxy->>Server: Forward Request
Server-->>Proxy: HTTP Response
Proxy-->>Browser: Forward Response (Encrypted)
This tool is created for educational purposes and authorized security testing only. The author is not responsible for any misuse or damage caused by this program. Do not use this tool on networks or websites you do not own or have explicit permission to test.
MIT License
Copyright (c) 2026 sreekanthankn
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
I would like to express my sincere gratitude to the following individuals and institutions for their support and inspiration during the development of MITM_V_6.0:
- Blitz Academy Pvt. Ltd., Calicut: For providing the platform and high-quality training in Cyber Security that made this project possible.
- My Instructor & Mentor: Mr. Safeer A V For his guidance on network protocols, ethical hacking methodologies, and Python programming.
Sreekanthan K N
Student, Cyber Security Course (Batch II), Blitz Academy Pvt. Ltd., Calicut