{"id":13827189,"url":"https://github.com/mrexodia/haxxmap","last_synced_at":"2025-10-05T09:16:53.606Z","repository":{"id":57711983,"uuid":"152978119","full_name":"mrexodia/haxxmap","owner":"mrexodia","description":"Some simple go tools to perform a Man-in-the-middle (MITM) attack on your IMAP server in case you forgot your password.","archived":false,"fork":false,"pushed_at":"2018-10-14T13:42:51.000Z","size":6,"stargazers_count":64,"open_issues_count":0,"forks_count":14,"subscribers_count":4,"default_branch":"master","last_synced_at":"2025-04-03T21:36:07.099Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/mrexodia.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2018-10-14T13:42:39.000Z","updated_at":"2024-08-12T19:42:24.000Z","dependencies_parsed_at":"2022-09-26T21:31:02.773Z","dependency_job_id":null,"html_url":"https://github.com/mrexodia/haxxmap","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/mrexodia/haxxmap","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mrexodia%2Fhaxxmap","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mrexodia%2Fhaxxmap/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mrexodia%2Fhaxxmap/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mrexodia%2Fhaxxmap/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/mrexodia","download_url":"https://codeload.github.com/mrexodia/haxxmap/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mrexodia%2Fhaxxmap/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":278435883,"owners_count":25986493,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-05T02:00:06.059Z","response_time":54,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-04T09:01:51.840Z","updated_at":"2025-10-05T09:16:53.563Z","avatar_url":"https://github.com/mrexodia.png","language":"Go","funding_links":[],"categories":["\u003ca id=\"42f9e068b6511bcbb47d6b2b273097da\"\u003e\u003c/a\u003e未分类"],"sub_categories":["\u003ca id=\"3bd67ee9f322e2c85854991c85ed6da0\"\u003e\u003c/a\u003e投毒\u0026\u0026Poisoning"],"readme":"# haxxmap\r\n\r\nSome simple go tools to perform a Man-in-the-middle (MITM) attack on your IMAP server in case you forgot your password.\r\n\r\n## Use case\r\n\r\nI forgot the password to my email account, but on my iPhone Mail was still working fine. The idea is to proxy the IMAP server and retrieve the password from there.\r\n\r\n### Project structure\r\n\r\n`client` is an example client for local testing (just displays the subjects of the 4 latest messages).\r\n\r\n`dns` contains the [CoreDNS](https://github.com/coredns/coredns) configuration file to redirect `imap.example.com` to an IP in the local network.\r\n\r\n`proxy` contains the IMAP proxy used to retreive the password.\r\n\r\n`server` contains a test server.\r\n\r\n### Setting up\r\n\r\nThe first step is to create a self-signed certificate for `imap.example.com` and add it as a trusted root on the iPhone. For this purpose a website like http://www.selfsignedcertificate.com will do! To add a certificate you have to send it to your phone (with AirDrop for example), then click `Install`. After that go to Settings -\u003e General -\u003e About -\u003e Certificate Trust Settings and flick the checkbox next to `imap.example.com`.\r\n\r\nNext up is configuring the DNS. You can use `sudo coredns` from the `dns` folder and everything should work (you might have to change the local IP and domain to match your details). Then manually configure DNS on the phone to point to your server (DNS requests to other domains will be resolved/cached normally).\r\n\r\nNow just do `sudo go run proxy.go imap.example.com:993 cert.pem cert.key` from the `proxy` folder to start the IMAP server.\r\n\r\n### Getting the password\r\n\r\nSimply go to the Mail app and refresh. You should see the password in the IMAP proxy console!","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmrexodia%2Fhaxxmap","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmrexodia%2Fhaxxmap","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmrexodia%2Fhaxxmap/lists"}