Comments (8)
Here is trivial external wrapper for goproxy: http://ix.io/9he
from goproxy.
Hi,
Thanks for the interesting idea. Sorry it took me some time to get back to you.
I'm hesitate whether or not to include that in core goproxy library, since it's not directly related to the proxy module. It's a good idea to include that in a different module.
What you're asking is unsolvable in the general case, since, plain SSL/TLS communicatiom does not tell you which host is it directed to without SNI extension. For example Windows XP clients will simply not work.
That said, it could be useful in some situations, and I see no reason not to include it.
If that's OK with you, I'll take your wrapper and try to integrate it into the [goproxy] framework.
from goproxy.
That will be very good to have that functionality in the upstream as an option. But if so, wrapper could be probably integrated in better way. For example, that CONNECT emulation should go away, i think
from goproxy.
Thanks for the input.
I disagree.
CONNECT must remain, since CONNECT is the standard way to achieve HTTPS
connection via a proxy.
You're interested with a different nonstandard functionality, you want to
capture an https connection on it's way out, intercept it, and decipher it
using the so called "man in the middle attack".
To do that in the general case, you must save the original destination IP
of the HTTPS stream, it will not always be sent by the client.
I can see why it could be useful, so I think I should add that, but you
should note those are two different *and *orthogonal features.
Am I clear? Are we on the same page?
Do we have a shared understanding what does the CONNECT method do?
On Sun, Dec 8, 2013 at 1:30 PM, alxchk [email protected] wrote:
That will be very good to have that functionality in the upstream as an
option. But if so, wrapper could be probably integrated in better way. For
example, that CONNECT emulation should go away, i think—
Reply to this email directly or view it on GitHubhttps://github.com//issues/27#issuecomment-30079745
.
from goproxy.
Am I clear? Are we on the same page?
Probably yes. I just thought about adding additional API to pass/inject stream to proxy. But if there is no simple way to integrate something like that, then it's ok to have wrapper as-is
from goproxy.
I've got a working prototype of this but as @elazarl eluded to, it's not part of the core proxy functionality but it still needs to re-use much of the code. I'll work on refactoring it so it's not so ugly; I've got a lot of copy/paste code from the core goproxy.
One key that helped make it much easier is @inconshreveable 's (go-vhost) [https://github.com/inconshreveable/go-vhost] It has an SNI parsing function.
from goproxy.
The example that enables this was submitted in pull request #69
from goproxy.
I've further flushed this out in https://github.com/mzimmerman/whitelistproxy -- it's fully functioning at this point (at least for my requirements). It's not pretty; could use some better documentation and prettier HTML but it's got a nice core of features so far.
from goproxy.
Related Issues (20)
- How best to modify HTTP data and header order
- https blocking does not take effect HOT 3
- goproxy v1.1 was discovered to contain an issue which can lead to Denial of Service (DoS) via unspecified vectors HOT 2
- Cannot connect to HTTP websocket when performing TLS MitM
- 请求头参数大小写格式在哪转换的?
- Semicolon in URL query HOT 1
- Potential Typo in Request Handling - "r.Close" misset to False?
- Question about modifying requests
- Can we do URL A -> proxy A, URL B -> proxy B?
- Limit the number of goroutines HOT 1
- Contant HOT 1
- team.works, with community support
- updating expired certificate
- NET::ERR_CERT_AUTHORITY_INVALID HOT 6
- Handle connect hijack & MITM at the same time not working HOT 2
- Core Functionality Broken HOT 6
- https only over ssh reverse proxy does not work HOT 1
- Http 3?
- MITM proxy option always uses HTTP/1.1 connection to client, can it use HTTP/2? HOT 1
- Is it possible to dump all incoming packets? I want to do packet analysis. I didn't see any code related to this. HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from goproxy.