root
/
proxyPool
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

更改错误的mitm文件

Browse Source
main
listomebao 8 years ago
parent 6a999726d2
commit 3d4555e1df
2 changed files with 312 additions and 50 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 9
      dump.go
  2. 349
      mitm.go

9
dump.go
Unescape View File

@ -32,10 +32,6 @@ func httpDump(req *http.Request, resp *http.Response) {
for headerName, headerContext := range req.Header { for headerName, headerContext := range req.Header {
fmt.Printf("%s: %s\n", Blue(headerName), headerContext) fmt.Printf("%s: %s\n", Blue(headerName), headerContext)
} }
fmt.Println(Green("Response:"))
for headerName, headerContext := range resp.Header {
fmt.Printf("%s: %s\n", Blue(headerName), headerContext)
}
if req.Method == "POST" { if req.Method == "POST" {
fmt.Println(Green("URLEncoded form")) fmt.Println(Green("URLEncoded form"))
err := req.ParseForm() err := req.ParseForm()
@ -51,6 +47,11 @@ func httpDump(req *http.Request, resp *http.Response) {
} }
} }
fmt.Println(Green("Response:"))
for headerName, headerContext := range resp.Header {
fmt.Printf("%s: %s\n", Blue(headerName), headerContext)
}
respBody, err := ioutil.ReadAll(resp.Body) respBody, err := ioutil.ReadAll(resp.Body)
if err != nil { if err != nil {
logger.Println("func httpDump read resp body err:", err) logger.Println("func httpDump read resp body err:", err)

349
mitm.go
Unescape View File

@ -1,81 +1,342 @@
package main package main
import ( import (
"flag" "bufio"
"crypto/tls"
"errors"
"fmt"
"io"
"log" "log"
"net"
"net/http" "net/http"
"os" "net/http/httputil"
"net/url"
"regexp"
"strings"
"sync" "sync"
"time" "time"
) )
const ( type HandlerWrapper struct {
Version = "1.1" MyConfig *Cfg
) tlsConfig *TlsConfig
wrapped http.Handler
pk *PrivateKey
pkPem []byte
issuingCert *Certificate
issuingCertPem []byte
serverTLSConfig *tls.Config
dynamicCerts *Cache
certMutex sync.Mutex
https bool
}
var ( func (hw *HandlerWrapper) GenerateCertForClient() (err error) {
wg sync.WaitGroup if hw.tlsConfig.Organization == "" {
) hw.tlsConfig.Organization = "gomitmproxy" + Version
}
if hw.tlsConfig.CommonName == "" {
hw.tlsConfig.CommonName = "gomitmproxy"
}
if hw.pk, err = LoadPKFromFile(hw.tlsConfig.PrivateKeyFile); err != nil {
hw.pk, err = GeneratePK(2048)
if err != nil {
return fmt.Errorf("Unable to generate private key: %s", err)
}
hw.pk.WriteToFile(hw.tlsConfig.PrivateKeyFile)
}
hw.pkPem = hw.pk.PEMEncoded()
hw.issuingCert, err = LoadCertificateFromFile(hw.tlsConfig.CertFile)
if err != nil || hw.issuingCert.ExpiresBefore(time.Now().AddDate(0, ONE_MONTH, 0)) {
hw.issuingCert, err = hw.pk.TLSCertificateFor(
hw.tlsConfig.Organization,
hw.tlsConfig.CommonName,
time.Now().AddDate(ONE_YEAR, 0, 0),
true,
nil)
if err != nil {
return fmt.Errorf("Unable to generate self-signed issuing certificate: %s", err)
}
hw.issuingCert.WriteToFile(hw.tlsConfig.CertFile)
}
hw.issuingCertPem = hw.issuingCert.PEMEncoded()
return
}
func (hw *HandlerWrapper) FakeCertForName(name string) (cert *tls.Certificate, err error) {
kpCandidateIf, found := hw.dynamicCerts.Get(name)
if found {
return kpCandidateIf.(*tls.Certificate), nil
}
hw.certMutex.Lock()
defer hw.certMutex.Unlock()
kpCandidateIf, found = hw.dynamicCerts.Get(name)
if found {
return kpCandidateIf.(*tls.Certificate), nil
}
//create certificate
certTTL := TWO_WEEKS
generatedCert, err := hw.pk.TLSCertificateFor(
hw.tlsConfig.Organization,
name,
time.Now().Add(certTTL),
false,
hw.issuingCert)
if err != nil {
return nil, fmt.Errorf("Unable to issue certificate: %s", err)
}
keyPair, err := tls.X509KeyPair(generatedCert.PEMEncoded(), hw.pkPem)
if err != nil {
return nil, fmt.Errorf("Unable to parse keypair for tls: %s", err)
}
cacheTTL := certTTL - ONE_DAY
hw.dynamicCerts.Set(name, &keyPair, cacheTTL)
return &keyPair, nil
}
func (hw *HandlerWrapper) DumpHTTPAndHTTPs(resp http.ResponseWriter, req *http.Request) {
req.Header.Del("Proxy-Connection")
req.Header.Set("Connection", "Keep-Alive")
// handle connection
connIn, _, err := resp.(http.Hijacker).Hijack()
if err != nil {
logger.Println("hijack error:", err)
}
defer connIn.Close()
var logFile *os.File var respOut *http.Response
var logger *log.Logger host := req.Host
func main() { matched, _ := regexp.MatchString(":[0-9]+$", host)
var conf Cfg
conf.Port = flag.String("port", "8080", "Listen port") if !hw.https {
conf.Raddr = flag.String("raddr", "", "Remote addr") if !matched {
conf.Log = flag.String("log", "./error.log", "log file path") host += ":80"
conf.Monitor = flag.Bool("m", false, "monitor mode") }
conf.Tls = flag.Bool("tls", false, "tls connect")
flag.Parse() connOut, err := net.DialTimeout("tcp", host, time.Second*30)
if err != nil {
logger.Println("dial to", host, "error:", err)
return
}
if err = req.Write(connOut); err != nil {
logger.Println("send to server error", err)
return
}
respOut, err = http.ReadResponse(bufio.NewReader(connOut), req)
if err != nil && err != io.EOF {
logger.Println("read response error:", err)
}
} else {
if !matched {
host += ":443"
}
connOut, err := tls.Dial("tcp", host, hw.tlsConfig.ServerTLSConfig)
var err error
logFile, err = os.Create(*conf.Log)
if err != nil { if err != nil {
log.Fatalln("fail to create log file!") logger.Panicln("tls dial to", host, "error:", err)
return
}
if err = req.Write(connOut); err != nil {
logger.Println("send to server error", err)
return
}
respOut, err = http.ReadResponse(bufio.NewReader(connOut), req)
if err != nil && err != io.EOF {
logger.Println("read response error:", err)
}
} }
logger = log.New(logFile, "[gomitmproxy]", log.LstdFlags|log.Llongfile) if respOut == nil {
log.Println("respOut is nil")
return
}
wg.Add(1) respDump, err := httputil.DumpResponse(respOut, true)
gomitmproxy(&conf) if err != nil {
wg.Wait() logger.Println("respDump error:", err)
}
_, err = connIn.Write(respDump)
if err != nil {
logger.Println("connIn write error:", err)
}
if *hw.MyConfig.Monitor {
go httpDump(req, respOut)
}
}
func (hw *HandlerWrapper) ServeHTTP(resp http.ResponseWriter, req *http.Request) {
raddr := *hw.MyConfig.Raddr
if len(raddr) != 0 {
hw.Forward(resp, req, raddr)
} else {
if req.Method == "CONNECT" {
hw.https = true
hw.InterceptHTTPs(resp, req)
} else {
hw.https = false
hw.DumpHTTPAndHTTPs(resp, req)
}
}
} }
func gomitmproxy(conf *Cfg) { func (hw *HandlerWrapper) InterceptHTTPs(resp http.ResponseWriter, req *http.Request) {
tlsConfig := NewTlsConfig("gomitmproxy-ca-pk.pem", "gomitmproxy-ca-cert.pem", "", "") addr := req.Host
host := strings.Split(addr, ":")[0]
handler, err := InitConfig(conf, tlsConfig) cert, err := hw.FakeCertForName(host)
if err != nil { if err != nil {
logger.Fatalf("InitConfig error: %s", err) msg := fmt.Sprintf("Could not get mitm cert for name: %s\nerror: %s", host, err)
respBadGateway(resp, msg)
return
} }
server := &http.Server{ // handle connection
Addr: ":" + *conf.Port, connIn, _, err := resp.(http.Hijacker).Hijack()
Handler: handler, if err != nil {
ReadTimeout: 1 * time.Hour, msg := fmt.Sprintf("Unable to access underlying connection from client: %s", err)
WriteTimeout: 1 * time.Hour, respBadGateway(resp, msg)
return
} }
tlsConfig := copyTlsConfig(hw.tlsConfig.ServerTLSConfig)
tlsConfig.Certificates = []tls.Certificate{*cert}
tlsConnIn := tls.Server(connIn, tlsConfig)
listener := &mitmListener{tlsConnIn}
handler := http.HandlerFunc(func(resp2 http.ResponseWriter, req2 *http.Request) {
req2.URL.Scheme = "https"
req2.URL.Host = req2.Host
hw.DumpHTTPAndHTTPs(resp2, req2)
})
go func() { go func() {
log.Printf("proxy listening port:%s", *conf.Port) err = http.Serve(listener, handler)
if err != nil && err != io.EOF {
logger.Printf("Error serving mitm'ed connection: %s", err)
}
}()
connIn.Write([]byte("HTTP/1.1 200 OK\r\n\r\n"))
}
func (hw *HandlerWrapper) Forward(resp http.ResponseWriter, req *http.Request, raddr string) {
connIn, _, err := resp.(http.Hijacker).Hijack()
connOut, err := net.Dial("tcp", raddr)
if err != nil {
logger.Println("dial tcp error", err)
}
if *conf.Tls { err = connectProxyServer(connOut, raddr)
log.Println("ListenAndServeTLS") if err != nil {
err = server.ListenAndServeTLS("gomitmproxy-ca-cert.pem", "gomitmproxy-ca-pk.pem") logger.Println("connectProxyServer error:", err)
}
if req.Method == "CONNECT" {
b := []byte("HTTP/1.1 200 Connection Established\r\n" +
"Proxy-Agent: gomitmproxy/" + Version + "\r\n\r\n")
_, err := connIn.Write(b)
if err != nil {
logger.Println("Write Connect err:", err)
return
}
} else { } else {
log.Println("ListenAndServe") req.Header.Del("Proxy-Connection")
err = server.ListenAndServe() req.Header.Set("Connection", "Keep-Alive")
if err = req.Write(connOut); err != nil {
logger.Println("send to server err", err)
return
} }
}
err = Transport(connIn, connOut)
if err != nil { if err != nil {
logger.Fatalf("Unable to start HTTP proxy: %s", err) log.Println("trans error ", err)
} }
}
wg.Done() func InitConfig(conf *Cfg, tlsConfig *TlsConfig) (*HandlerWrapper, error) {
hw := &HandlerWrapper{
MyConfig: conf,
tlsConfig: tlsConfig,
dynamicCerts: NewCache(),
}
err := hw.GenerateCertForClient()
if err != nil {
return nil, err
}
return hw, nil
}
log.Printf("gomitmproxy stop!!!!") func copyTlsConfig(template *tls.Config) *tls.Config {
}() tlsConfig := &tls.Config{}
if template != nil {
*tlsConfig = *template
}
return tlsConfig
}
func respBadGateway(resp http.ResponseWriter, msg string) {
log.Println(msg)
resp.WriteHeader(502)
resp.Write([]byte(msg))
}
//两个io口的连接
func Transport(conn1, conn2 net.Conn) (err error) {
rChan := make(chan error, 1)
wChan := make(chan error, 1)
go MyCopy(conn1, conn2, wChan)
go MyCopy(conn2, conn1, rChan)
select {
case err = <-wChan:
case err = <-rChan:
}
return return
} }
func MyCopy(src io.Reader, dst io.Writer, ch chan<- error) {
_, err := io.Copy(dst, src)
ch <- err
}
func connectProxyServer(conn net.Conn, addr string) error {
req := &http.Request{
Method: "CONNECT",
URL: &url.URL{Host: addr},
Host: addr,
ProtoMajor: 1,
ProtoMinor: 1,
Header: make(http.Header),
}
req.Header.Set("Proxy-Connection", "keep-alive")
if err := req.Write(conn); err != nil {
return err
}
resp, err := http.ReadResponse(bufio.NewReader(conn), req)
if err != nil {
return err
}
if resp.StatusCode != http.StatusOK {
return errors.New(resp.Status)
}
return nil
}

Write Preview
Loading…
Cancel
Save