Comments (6)
elazarl
commented on September 26, 2024
Can you provide a short snippet of code to reproduce?
On Tue, Jun 25, 2013 at 4:48 AM, Godfrey Chan [email protected]:
I'm trying to get the HTTPS MITM to work, and it looks like HTTPS
responses are not automatically deflated before they are handed to the
handlers.—
Reply to this email directly or view it on GitHubhttps://github.com//issues/9
.
from goproxy.
chancancode
commented on September 26, 2024
Here you go:
package main
import (
"fmt"
"github.com/elazarl/goproxy"
"github.com/elazarl/goproxy/ext/html"
"net/http"
"strings"
)
func main() {
proxy := goproxy.NewProxyHttpServer()
proxy.OnRequest(goproxy.ReqHostIs("www.ietf.org:443")).HandleConnect(goproxy.AlwaysMitm)
proxy.OnResponse(goproxy.DstHostIs("www.ietf.org")).Do(goproxy_html.HandleString(func(s string, ctx *goproxy.ProxyCtx) string {
fmt.Printf("[HTTP] First line of body: '%s'\n", strings.SplitN(s, "\n", 2)[0])
return s
}))
proxy.OnResponse(goproxy.DstHostIs("www.ietf.org:443")).Do(goproxy_html.HandleString(func(s string, ctx *goproxy.ProxyCtx) string {
fmt.Printf("[HTTPS] First line of body: '%s'\n", strings.SplitN(s, "\n", 2)[0])
return s
}))
panic(http.ListenAndServe(":8080", proxy))
}Result:
% go run test.go
[HTTP] First line of body: '<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">'
2013/06/24 22:42:34 [002] WARN: Cannot read TLS request from mitm'd client www.ietf.org:443 read tcp [::1]:63600: connection reset by peer
2013/06/24 22:42:34 [003] WARN: Cannot read TLS request from mitm'd client www.ietf.org:443 read tcp [::1]:63601: connection reset by peer
2013/06/24 22:42:34 [004] WARN: Cannot read TLS request from mitm'd client www.ietf.org:443 read tcp [::1]:63602: connection reset by peer
2013/06/24 22:42:34 [005] WARN: Cannot read TLS request from mitm'd client www.ietf.org:443 read tcp [::1]:63603: connection reset by peer
2013/06/24 22:42:34 [007] WARN: Cannot read TLS request from mitm'd client www.ietf.org:443 read tcp [::1]:63605: connection reset by peer
2013/06/24 22:42:34 [006] WARN: Cannot read TLS request from mitm'd client www.ietf.org:443 read tcp [::1]:63604: connection reset by peer
[HTTPS] First line of body: '?ks۸?{~?7?nj%Jr???V???7N??Υ?ԁH?BL
Z?M|w??DҖb:7??|?????????Oǟ???}~B?q?ጜ~{vzD???~]??C??Rɞ??f??l?+d?^]??S?}|?>vT?ͮ?|g?????(???8???Å?3<???!?q?h챷,?1Q,JB?ء?^???å?b&ixN??g?!??٧L??g??iz&?k?:??!???`ԇ?S? ?-?7?Α??U??.J??n??t?oJe????w????B?????4jWa?X?O???"'1LgL?8 W4?&??yyzr??Ձkf???LMr:?|Pʒ???B?Zԩ'y????WzCM?CB(͡?+?^??Tz????.gj?????捇?v?{?
/????Lr?^?y|M8(_:eL?v?T? ?o??u?"S?]??<??COp?/^???a??a?e
?'
2013/06/24 22:42:34 [009] WARN: Cannot read TLS request from mitm'd client www.ietf.org:443 read tcp [::1]:63608: connection reset by peer
[HTTPS] First line of body: '???j?@??y???D?%W?Pj?z??z????٢???PB?;:X?b?Юg曝?5묑???6X????h?d????'
"?Μ???1?'?p?lWline of body: '?V]??6}^$??Th??U??wI?nۭT?o}??N<!?5vd???V
|??<M?|'????_?N???kP?Q??&E8?Qh????????t1??t?tJq?Øv???s4SKh???1???fR?'_?t<r?*I?;G?Ȟ??4K??
?b?G-?5V???HD??б?ǚ??!b???B/ ?a???a??ȱ6??D??)"??~??珟G?qܝb2???
?????w'
But if I turn off GZip:
package main
import (
"fmt"
"github.com/elazarl/goproxy"
"github.com/elazarl/goproxy/ext/html"
"net/http"
"regexp"
"strings"
)
func main() {
proxy := goproxy.NewProxyHttpServer()
proxy.OnRequest(goproxy.ReqHostIs("www.ietf.org:443")).HandleConnect(goproxy.AlwaysMitm)
proxy.OnRequest(goproxy.UrlMatches(regexp.MustCompile(".*"))).DoFunc(func(r *http.Request, ctx *goproxy.ProxyCtx) (*http.Request, *http.Response) {
r.Header.Del("Accept-Encoding")
return r, nil
})
proxy.OnResponse(goproxy.DstHostIs("www.ietf.org")).Do(goproxy_html.HandleString(func(s string, ctx *goproxy.ProxyCtx) string {
fmt.Printf("[HTTP] First line of body: '%s'\n", strings.SplitN(s, "\n", 2)[0])
return s
}))
proxy.OnResponse(goproxy.DstHostIs("www.ietf.org:443")).Do(goproxy_html.HandleString(func(s string, ctx *goproxy.ProxyCtx) string {
fmt.Printf("[HTTPS] First line of body: '%s'\n", strings.SplitN(s, "\n", 2)[0])
return s
}))
panic(http.ListenAndServe(":8080", proxy))
}% go run test.go
[HTTP] First line of body: '<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">'
2013/06/24 22:48:01 [003] WARN: Cannot read TLS request from mitm'd client www.ietf.org:443 read tcp [::1]:63735: connection reset by peer
2013/06/24 22:48:01 [005] WARN: Cannot read TLS request from mitm'd client www.ietf.org:443 read tcp [::1]:63737: connection reset by peer
2013/06/24 22:48:01 [007] WARN: Cannot read TLS request from mitm'd client www.ietf.org:443 read tcp [::1]:63740: connection reset by peer
2013/06/24 22:48:01 [004] WARN: Cannot read TLS request from mitm'd client www.ietf.org:443 read tcp [::1]:63736: connection reset by peer
2013/06/24 22:48:01 [008] WARN: Cannot read TLS request from mitm'd client www.ietf.org:443 read tcp [::1]:63739: connection reset by peer
2013/06/24 22:48:01 [006] WARN: Cannot read TLS request from mitm'd client www.ietf.org:443 read tcp [::1]:63738: connection reset by peer
[HTTPS] First line of body: '<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">'
from goproxy.
chancancode
commented on September 26, 2024
Also, this doesn't work as expected:
proxy.OnRequest(goproxy.ReqHostIs("www.ietf.org:443")).HandleConnect(goproxy.AlwaysMitm)
proxy.OnRequest(goproxy.ReqHostIs("www.ietf.org:443")).DoFunc(func(r *http.Request, ctx *goproxy.ProxyCtx) (*http.Request, *http.Response) {
// This never gets called
return r, nil
})
proxy.OnRequest(goproxy.UrlMatches(regexp.MustCompile(".*"))).DoFunc(func(r *http.Request, ctx *goproxy.ProxyCtx) (*http.Request, *http.Response) {
// This is the only thing that I could get to work
return r, nil
})from goproxy.
chancancode
commented on September 26, 2024
There seems to be some other problems with HTTPS. When I return a different string in HandleString in the above example, I get a warning along the lines of "WARN: Cannot write TLS response from mitm'd client http: Request.ContentLength=4063 with Body length 4067". In my real app, this seems to work okay except that the server won't properly close the connection after sending the modified body which causes the browser to wait indefinitely for the content to arrive (or perhaps it's setting the Content-Length header incorrectly).
I hope this will ring some bells, but if not I can investigate further tomorrow and open a new issue for that.
from goproxy.
elazarl
commented on September 26, 2024
There're still problems with Content-Length. I'm not well right now, so it might take a day or two to solve completely.
from goproxy.
elazarl
commented on September 26, 2024
Let me know if it works for you. I don't like the current solution, as it costs for every MITM'd requests, even if unmodified, but it should be at least correct.
PS, Thanks a lot for reporting this bugs. These bugs are so stupid it's really embarrassing not to notice them. Keep reporting issues.
from goproxy.
Related Issues (20)
- goproxy v1.1 was discovered to contain an issue which can lead to Denial of Service (DoS) via unspecified vectors HOT 2
- Cannot connect to HTTP websocket when performing TLS MitM
- 请求头参数大小写格式在哪转换的?
- Semicolon in URL query HOT 1
- Potential Typo in Request Handling - "r.Close" misset to False?
- Question about modifying requests
- Can we do URL A -> proxy A, URL B -> proxy B?
- Limit the number of goroutines HOT 1
- Contant HOT 1
- team.works, with community support
- updating expired certificate
- NET::ERR_CERT_AUTHORITY_INVALID HOT 6
- Handle connect hijack & MITM at the same time not working HOT 2
- Core Functionality Broken HOT 6
- https only over ssh reverse proxy does not work HOT 1
- Http 3?
- MITM proxy option always uses HTTP/1.1 connection to client, can it use HTTP/2? HOT 1
- Is it possible to dump all incoming packets? I want to do packet analysis. I didn't see any code related to this. HOT 2
- Flagged as Virus HOT 2
- panic: runtime error: invalid memory address or nil pointer dereference
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from goproxy.