Comments (9)
Hi,
Thanks for using goproxy.
Yes. This is the expected behavior.
curl -p
will issue a CONNECT
request to the remote site baidu.com
, would get a direct connection, and then
If you want, you can either disable CONNECT requests, or, apply MITM techniques to capture the CONNECT request.
It is currently not possible to MITM a generic TCP connection, but I'm working and thinking on a solution now. Feel free to write suggestions for how to do that.
MITM connect request is also relevant for websockets.
Did you expect anything else? Is disabling CONNECT requests to port 80 a good enough solution for you?
from goproxy.
What I want is to modify response html content in such case.
Can you show me a demo code how to disable CONNECT request? I could try it.
And my web server is 8080 instead of 80.
from goproxy.
Did that solve your problem?
Thanks,
from goproxy.
No. this will give exception in console, and the response is not modified. (failed to connect.)
INFO: Running 2 CONNECT handlers
2014/04/03 22:46:08 [002] INFO: handler: &{0 } www.baidu.com:80
2014/04/03 22:46:08 [002] INFO: handler: &{2 } www.baidu.com:80
2014/04/03 22:46:08 [002] INFO: Assuming CONNECT is TLS, mitm proxying it
2014/04/03 22:46:08 [002] WARN: Cannot handshake client www.baidu.com:80 local error: unexpected message
It seems disable http CONNECT request will fail all connection. It will try to use ssl to connect target web site, but the website does not support.
Could we apply MITM techniques to capture the CONNECT request and modify response?
from goproxy.
Can you explain what is the expected behavior? I'm not sure I understand it.
What are the curl commands, and what is the expected output?
from goproxy.
I expect that goproxy could proxy the page correctly with my modification (like add alert script at the end of page - shows in demo code) in this case:
curl -v -p --proxy localhost:7000 http://www.baidu.com
from goproxy.
I think I understand. I'll add a way to "Hijack" CONNECT requests in a few minutes.
from goproxy.
Please let me know if it works for you, see the eavesdropper example.
You can test it with curl -p
and it should work.
Did that work for you?
Thanks,
from goproxy.
It works. thanks.
I make some change and send a pull request. please review. thanks.
from goproxy.
Related Issues (20)
- How best to modify HTTP data and header order
- https blocking does not take effect HOT 3
- goproxy v1.1 was discovered to contain an issue which can lead to Denial of Service (DoS) via unspecified vectors HOT 2
- Cannot connect to HTTP websocket when performing TLS MitM
- 请求头参数大小写格式在哪转换的?
- Semicolon in URL query HOT 1
- Potential Typo in Request Handling - "r.Close" misset to False?
- Question about modifying requests
- Can we do URL A -> proxy A, URL B -> proxy B?
- Limit the number of goroutines HOT 1
- Contant HOT 1
- team.works, with community support
- updating expired certificate
- NET::ERR_CERT_AUTHORITY_INVALID HOT 6
- Handle connect hijack & MITM at the same time not working
- Core Functionality Broken HOT 5
- https only over ssh reverse proxy does not work
- Http 3?
- MITM proxy option always uses HTTP/1.1 connection to client, can it use HTTP/2? HOT 1
- Is it possible to dump all incoming packets? I want to do packet analysis. I didn't see any code related to this.
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from goproxy.