HttpCertificateGuard

A Flutter/Dart package that safeguards your application against Man-in-the-Middle (MITM) attacks by detecting and blocking common HTTP interceptors (like HTTP Toolkit, Burp Suite, Charles Proxy, etc.) before any request data is sent.

Features

  • Pre-Request Security Check: Validates the SSL/TLS certificate of the target server before initiating the actual API request.
  • Interceptor Blocking: Automatically detects if the connection is being intercepted by known proxy tools.
  • Instant Abort: If an interceptor is found, the connection is instantly destroyed, ensuring no sensitive data (headers, body, tokens) is ever transmitted to the attacker.
  • Easy Integration: Simple static method call to secure any URI.

Supported Interceptor Detection

This package checks for certificate issuers related to:

  • HTTP Toolkit
  • PortSwigger (Burp Suite)
  • Fiddler
  • Charles Proxy
  • Mitmproxy
  • OWASP ZAP
  • Proxyman
  • Caido, Requestly, Whistle, Bettercap
  • WireShark, AdGuard, Netskope, Zscaler, etc.

Getting started

Add the package to your pubspec.yaml:

dependencies:
  http_certificate_guard:
    path: ./packages/http_certificate_guard # If local
    # OR if published:
    # http_certificate_guard: ^1.0.0

Usage

Call HttpCertificateGuard.check(uri) before making your HTTP request.

import 'dart:io';
import 'package:http/http.dart' as http;
import 'package:http_certificate_guard/http_certificate_guard.dart';

Future<void> fetchData() async {
  final uri = Uri.parse('https://api.example.com/data');

  try {
    // 1. SECURITY CHECK: Verify certificate before sending data
    await HttpCertificateGuard.check(uri);

    // 2. Proceed with request if check passes
    final response = await http.get(uri);
    print('Response: ${response.body}');
    
  } catch (e) {
    if (e.toString().contains('Interceptor detected')) {
      print('Security Warning: Connection blocked due to interception!');
    } else {
      print('Error: $e');
    }
  }
}

Why use this?

Standard SSL pinning is great but can be complex to maintain. This package offers a lightweight alternative or additional layer of security specifically designed to frustrate reverse engineering and tampering attempts during development or in production environments where users might try to inspect your traffic.

Libraries

http_certificate_guard