root
/
proxyPool
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

修正http请求和http post请求的抓包

Browse Source
main
listomebao 8 years ago
parent 2f6ac024f3
commit ddbecae506
2 changed files with 63 additions and 297 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 14
      dump.go
  2. 346
      mitm.go

14
dump.go
Unescape View File

@ -36,7 +36,21 @@ func httpDump(req *http.Request, resp *http.Response) {
for headerName, headerContext := range resp.Header { for headerName, headerContext := range resp.Header {
fmt.Printf("%s: %s\n", Blue(headerName), headerContext) fmt.Printf("%s: %s\n", Blue(headerName), headerContext)
} }
if req.Method == "POST" {
fmt.Println(Green("URLEncoded form"))
err := req.ParseForm()
fmt.Printf("%#v\n", req.Form)
fmt.Printf("%#v\n", req.PostForm)
if err != nil {
logger.Println("parseForm error:", err)
} else {
for k, v := range req.Form {
fmt.Printf("%s: %s\n", Blue(k), v)
}
}
}
respBody, err := ioutil.ReadAll(resp.Body) respBody, err := ioutil.ReadAll(resp.Body)
if err != nil { if err != nil {
logger.Println("func httpDump read resp body err:", err) logger.Println("func httpDump read resp body err:", err)

346
mitm.go
Unescape View File

@ -1,332 +1,84 @@
// This example shows a proxy server that uses go-mitm to man-in-the-middle
// HTTPS connections opened with CONNECT requests
package main package main
import ( import (
"bufio" "flag"
"crypto/tls"
"errors"
"fmt"
"io"
"log" "log"
"net"
"net/http" "net/http"
"net/http/httputil" "os"
"net/url"
"regexp"
"strings"
"sync" "sync"
"time" "time"
) )
type HandlerWrapper struct { const (
MyConfig *Cfg Version = "1.1"
tlsConfig *TlsConfig )
wrapped http.Handler
pk *PrivateKey
pkPem []byte
issuingCert *Certificate
issuingCertPem []byte
serverTLSConfig *tls.Config
dynamicCerts *Cache
certMutex sync.Mutex
https bool
}
func (hw *HandlerWrapper) GenerateCertForClient() (err error) {
if hw.tlsConfig.Organization == "" {
hw.tlsConfig.Organization = "gomitmproxy" + Version
}
if hw.tlsConfig.CommonName == "" {
hw.tlsConfig.CommonName = "gomitmproxy"
}
if hw.pk, err = LoadPKFromFile(hw.tlsConfig.PrivateKeyFile); err != nil {
hw.pk, err = GeneratePK(2048)
if err != nil {
return fmt.Errorf("Unable to generate private key: %s", err)
}
hw.pk.WriteToFile(hw.tlsConfig.PrivateKeyFile)
}
hw.pkPem = hw.pk.PEMEncoded()
hw.issuingCert, err = LoadCertificateFromFile(hw.tlsConfig.CertFile)
if err != nil || hw.issuingCert.ExpiresBefore(time.Now().AddDate(0, ONE_MONTH, 0)) {
hw.issuingCert, err = hw.pk.TLSCertificateFor(
hw.tlsConfig.Organization,
hw.tlsConfig.CommonName,
time.Now().AddDate(ONE_YEAR, 0, 0),
true,
nil)
if err != nil {
return fmt.Errorf("Unable to generate self-signed issuing certificate: %s", err)
}
hw.issuingCert.WriteToFile(hw.tlsConfig.CertFile)
}
hw.issuingCertPem = hw.issuingCert.PEMEncoded()
return
}
func (hw *HandlerWrapper) FakeCertForName(name string) (cert *tls.Certificate, err error) {
kpCandidateIf, found := hw.dynamicCerts.Get(name)
if found {
return kpCandidateIf.(*tls.Certificate), nil
}
hw.certMutex.Lock()
defer hw.certMutex.Unlock()
kpCandidateIf, found = hw.dynamicCerts.Get(name)
if found {
return kpCandidateIf.(*tls.Certificate), nil
}
//create certificate
certTTL := TWO_WEEKS
generatedCert, err := hw.pk.TLSCertificateFor(
hw.tlsConfig.Organization,
name,
time.Now().Add(certTTL),
false,
hw.issuingCert)
if err != nil {
return nil, fmt.Errorf("Unable to issue certificate: %s", err)
}
keyPair, err := tls.X509KeyPair(generatedCert.PEMEncoded(), hw.pkPem)
if err != nil {
return nil, fmt.Errorf("Unable to parse keypair for tls: %s", err)
}
cacheTTL := certTTL - ONE_DAY
hw.dynamicCerts.Set(name, &keyPair, cacheTTL)
return &keyPair, nil
}
func (hw *HandlerWrapper) DumpHTTPAndHTTPs(resp http.ResponseWriter, req *http.Request) {
req.Header.Del("Proxy-Connection")
req.Header.Set("Connection", "Keep-Alive")
// handle connection
connIn, _, err := resp.(http.Hijacker).Hijack()
if err != nil {
logger.Println("hijack error:", err)
}
defer connIn.Close()
var respOut *http.Response
host := req.Host
matched, _ := regexp.MatchString(":[0-9]+$", host)
if !hw.https {
if !matched {
host += ":80"
}
connOut, err := net.DialTimeout("tcp", host, time.Second*30)
if err != nil {
logger.Println("dial to", host, "error:", err)
}
respOut, err = http.ReadResponse(bufio.NewReader(connOut), req)
if err != nil && err != io.EOF {
logger.Println("read response error:", err)
}
} else {
if !matched {
host += ":443"
}
connOut, err := tls.Dial("tcp", host, hw.tlsConfig.ServerTLSConfig)
if err != nil {
logger.Panicln("tls dial to", host, "error:", err)
}
if err = req.Write(connOut); err != nil {
logger.Println("send to server error", err)
}
respOut, err = http.ReadResponse(bufio.NewReader(connOut), req) var (
if err != nil && err != io.EOF { wg sync.WaitGroup
logger.Println("read response error:", err) )
}
} var logFile *os.File
var logger *log.Logger
if respOut == nil { func main() {
log.Println("respOut is nil") var conf Cfg
return
}
respDump, err := httputil.DumpResponse(respOut, true) conf.Port = flag.String("port", "8080", "Listen port")
if err != nil { conf.Raddr = flag.String("raddr", "", "Remote addr")
logger.Println("respDump error:", err) conf.Log = flag.String("log", "./error.log", "log file path")
} conf.Monitor = flag.Bool("m", false, "monitor mode")
conf.Tls = flag.Bool("tls", false, "tls connect")
flag.Parse()
_, err = connIn.Write(respDump) var err error
logFile, err = os.Create(*conf.Log)
if err != nil { if err != nil {
logger.Println("connIn write error:", err) log.Fatalln("fail to create log file!")
} }
if *hw.MyConfig.Monitor { logger = log.New(logFile, "[gomitmproxy]", log.LstdFlags|log.Llongfile)
go httpDump(req, respOut)
}
wg.Add(1)
gomitmproxy(&conf)
wg.Wait()
} }
func (hw *HandlerWrapper) ServeHTTP(resp http.ResponseWriter, req *http.Request) { func gomitmproxy(conf *Cfg) {
tlsConfig := NewTlsConfig("gomitmproxy-ca-pk.pem", "gomitmproxy-ca-cert.pem", "", "")
raddr := *hw.MyConfig.Raddr handler, err := InitConfig(conf, tlsConfig)
if len(raddr) != 0 {
hw.Forward(resp, req, raddr)
} else {
if req.Method == "CONNECT" {
hw.https = true
hw.InterceptHTTPs(resp, req)
} else {
hw.DumpHTTPAndHTTPs(resp, req)
}
}
}
func (hw *HandlerWrapper) InterceptHTTPs(resp http.ResponseWriter, req *http.Request) {
addr := req.Host
host := strings.Split(addr, ":")[0]
cert, err := hw.FakeCertForName(host)
if err != nil { if err != nil {
msg := fmt.Sprintf("Could not get mitm cert for name: %s\nerror: %s", host, err) logger.Fatalf("InitConfig error: %s", err)
respBadGateway(resp, msg)
return
} }
// handle connection server := &http.Server{
connIn, _, err := resp.(http.Hijacker).Hijack() Addr: ":" + *conf.Port,
if err != nil { Handler: handler,
msg := fmt.Sprintf("Unable to access underlying connection from client: %s", err) ReadTimeout: 1 * time.Hour,
respBadGateway(resp, msg) WriteTimeout: 1 * time.Hour,
return
} }
tlsConfig := copyTlsConfig(hw.tlsConfig.ServerTLSConfig)
tlsConfig.Certificates = []tls.Certificate{*cert}
tlsConnIn := tls.Server(connIn, tlsConfig)
listener := &mitmListener{tlsConnIn}
handler := http.HandlerFunc(func(resp2 http.ResponseWriter, req2 *http.Request) {
req2.URL.Scheme = "https"
req2.URL.Host = req2.Host
hw.DumpHTTPAndHTTPs(resp2, req2)
})
go func() { go func() {
err = http.Serve(listener, handler) log.Printf("proxy listening port:%s", *conf.Port)
if err != nil && err != io.EOF {
logger.Printf("Error serving mitm'ed connection: %s", err)
}
}()
connIn.Write([]byte("HTTP/1.1 200 OK\r\n\r\n")) if *conf.Tls {
} log.Println("ListenAndServeTLS")
err = server.ListenAndServeTLS("gomitmproxy-ca-cert.pem", "gomitmproxy-ca-pk.pem")
func (hw *HandlerWrapper) Forward(resp http.ResponseWriter, req *http.Request, raddr string) { } else {
connIn, _, err := resp.(http.Hijacker).Hijack() log.Println("ListenAndServe")
connOut, err := net.Dial("tcp", raddr) err = server.ListenAndServe()
if err != nil {
logger.Println("dial tcp error", err)
}
err = connectProxyServer(connOut, raddr)
if err != nil {
logger.Println("connectProxyServer error:", err)
}
if req.Method == "CONNECT" {
b := []byte("HTTP/1.1 200 Connection Established\r\n" +
"Proxy-Agent: gomitmproxy/" + Version + "\r\n\r\n")
_, err := connIn.Write(b)
if err != nil {
logger.Println("Write Connect err:", err)
return
} }
} else { if err != nil {
req.Header.Del("Proxy-Connection") logger.Fatalf("Unable to start HTTP proxy: %s", err)
req.Header.Set("Connection", "Keep-Alive")
if err = req.Write(connOut); err != nil {
logger.Println("send to server err", err)
return
} }
}
err = Transport(connIn, connOut)
if err != nil {
log.Println("trans error ", err)
}
}
func InitConfig(conf *Cfg, tlsConfig *TlsConfig) (*HandlerWrapper, error) { wg.Done()
hw := &HandlerWrapper{
MyConfig: conf,
tlsConfig: tlsConfig,
dynamicCerts: NewCache(),
}
err := hw.GenerateCertForClient()
if err != nil {
return nil, err
}
return hw, nil
}
func copyTlsConfig(template *tls.Config) *tls.Config {
tlsConfig := &tls.Config{}
if template != nil {
*tlsConfig = *template
}
return tlsConfig
}
func respBadGateway(resp http.ResponseWriter, msg string) { log.Printf("gomitmproxy stop!!!!")
log.Println(msg) }()
resp.WriteHeader(502)
resp.Write([]byte(msg))
}
//两个io口的连接
func Transport(conn1, conn2 net.Conn) (err error) {
rChan := make(chan error, 1)
wChan := make(chan error, 1)
go MyCopy(conn1, conn2, wChan)
go MyCopy(conn2, conn1, rChan)
select {
case err = <-wChan:
case err = <-rChan:
}
return return
} }
func MyCopy(src io.Reader, dst io.Writer, ch chan<- error) {
_, err := io.Copy(dst, src)
ch <- err
}
func connectProxyServer(conn net.Conn, addr string) error {
req := &http.Request{
Method: "CONNECT",
URL: &url.URL{Host: addr},
Host: addr,
ProtoMajor: 1,
ProtoMinor: 1,
Header: make(http.Header),
}
req.Header.Set("Proxy-Connection", "keep-alive")
if err := req.Write(conn); err != nil {
return err
}
resp, err := http.ReadResponse(bufio.NewReader(conn), req)
if err != nil {
return err
}
if resp.StatusCode != http.StatusOK {
return errors.New(resp.Status)
}
return nil
}

Write Preview
Loading…
Cancel
Save