README ¶
Introduction
Package goproxy provides a customizable HTTP proxy library for Go (golang),
It supports regular HTTP proxy, HTTPS through CONNECT, and "hijacking" HTTPS connection using "Man in the Middle" style attack.
The intent of the proxy is to be usable with reasonable amount of traffic, yet customizable and programmable.
The proxy itself is simply a net/http
handler.
In order to use goproxy, one should set their browser to use goproxy as an HTTP proxy. Here is how you do that in Chrome and in Firefox.
For example, the URL you should use as proxy when running ./bin/basic
is
localhost:8080
, as this is the default binding for the basic proxy.
Mailing List
New features will be discussed on the mailing list before their development.
Latest Stable Release
Get the latest goproxy from gopkg.in/elazarl/goproxy.v1
.
Why not Fiddler2?
Fiddler is an excellent software with similar intent. However, Fiddler is not as customizable as goproxy intends to be. The main difference is, Fiddler is not intended to be used as a real proxy.
A possible use case that suits goproxy but not Fiddler, is gathering statistics on page load times for a certain website over a week. With goproxy you could ask all your users to set their proxy to a dedicated machine running a goproxy server. Fiddler is a GUI app not designed to be run like a server for multiple users.
A taste of goproxy
To get a taste of goproxy
, a basic HTTP/HTTPS transparent proxy
package main
import (
"github.com/elazarl/goproxy"
"log"
"net/http"
)
func main() {
proxy := goproxy.NewProxyHttpServer()
proxy.Verbose = true
log.Fatal(http.ListenAndServe(":8080", proxy))
}
This line will add X-GoProxy: yxorPoG-X
header to all requests sent through the proxy
proxy.OnRequest().DoFunc(
func(r *http.Request,ctx *goproxy.ProxyCtx)(*http.Request,*http.Response) {
r.Header.Set("X-GoProxy","yxorPoG-X")
return r,nil
})
DoFunc
will process all incoming requests to the proxy. It will add a header to the request
and return it. The proxy will send the modified request.
Note that we returned nil value as the response. Had we returned a response, goproxy would have discarded the request and sent the new response to the client.
In order to refuse connections to reddit at work time
proxy.OnRequest(goproxy.DstHostIs("www.reddit.com")).DoFunc(
func(r *http.Request,ctx *goproxy.ProxyCtx)(*http.Request,*http.Response) {
if h,_,_ := time.Now().Clock(); h >= 8 && h <= 17 {
return r,goproxy.NewResponse(r,
goproxy.ContentTypeText,http.StatusForbidden,
"Don't waste your time!")
}
return r,nil
})
DstHostIs
returns a ReqCondition
, that is a function receiving a Request
and returning a boolean.
We will only process requests that match the condition. DstHostIs("www.reddit.com")
will return
a ReqCondition
accepting only requests directed to "www.reddit.com".
DoFunc
will receive a function that will preprocess the request. We can change the request, or
return a response. If the time is between 8:00am and 17:00pm, we will reject the request, and
return a precanned text response saying "do not waste your time".
See additional examples in the examples directory.
Type of handlers for manipulating connect/req/resp behavior
There are 3 kinds of useful handlers to manipulate the behavior, as follows:
// handler called after receiving HTTP CONNECT from the client, and before proxy establish connection
// with destination host
httpsHandlers []HttpsHandler
// handler called before proxy send HTTP request to destination host
reqHandlers []ReqHandler
// handler called after proxy receives HTTP Response from destination host, and before proxy forward
// the Response to the client.
respHandlers []RespHandler
Depending on what you want to manipulate, the ways to add handlers to each handler list are:
// Add handlers to httpsHandlers
proxy.OnRequest(Some ReqConditions).HandleConnect(YourHandlerFunc())
// Add handlers to reqHandlers
proxy.OnRequest(Some ReqConditions).Do(YourReqHandlerFunc())
// Add handlers to respHandlers
proxy.OnResponse(Some RespConditions).Do(YourRespHandlerFunc())
For example:
// This rejects the HTTPS request to *.reddit.com during HTTP CONNECT phase
proxy.OnRequest(goproxy.ReqHostMatches(regexp.MustCompile("reddit.*:443$"))).HandleConnect(goproxy.RejectConnect)
// This will NOT reject the HTTPS request with URL ending with gif, due to the fact that proxy
// only got the URL.Hostname and URL.Port during the HTTP CONNECT phase if the scheme is HTTPS, which is
// quiet common these days.
proxy.OnRequest(goproxy.UrlMatches(regexp.MustCompile(`.*gif$`))).HandleConnect(goproxy.RejectConnect)
// The correct way to manipulate the HTTP request using URL.Path as condition is:
proxy.OnRequest(goproxy.UrlMatches(regexp.MustCompile(`.*gif$`))).Do(YourReqHandlerFunc())
What's New
- Ability to
Hijack
CONNECT requests. See the eavesdropper example - Transparent proxy support for http/https including MITM certificate generation for TLS. See the transparent example.
License
I put the software temporarily under the Go-compatible BSD license. If this prevents someone from using the software, do let me know and I'll consider changing it.
At any rate, user feedback is very important for me, so I'll be delighted to know if you're using this package.
Beta Software
I've received positive feedback from a few people who use goproxy in production settings. I believe it is good enough for usage.
I'll try to keep reasonable backwards compatibility. In case of a major API change, I'll change the import path.
Documentation ¶
Overview ¶
Taken from $GOROOT/src/pkg/net/http/chunked needed to write https responses to client.
Package goproxy provides a customizable HTTP proxy, supporting hijacking HTTPS connection.
The intent of the proxy, is to be usable with reasonable amount of traffic yet, customizable and programable.
The proxy itself is simply an `net/http` handler.
Typical usage is
proxy := goproxy.NewProxyHttpServer() proxy.OnRequest(..conditions..).Do(..requesthandler..) proxy.OnRequest(..conditions..).DoFunc(..requesthandlerFunction..) proxy.OnResponse(..conditions..).Do(..responesHandler..) proxy.OnResponse(..conditions..).DoFunc(..responesHandlerFunction..) http.ListenAndServe(":8080", proxy)
Adding a header to each request
proxy.OnRequest().DoFunc(func(r *http.Request,ctx *goproxy.ProxyCtx) (*http.Request, *http.Response){ r.Header.Set("X-GoProxy","1") return r, nil })
Note that the function is called before the proxy sends the request to the server ¶
For printing the content type of all incoming responses
proxy.OnResponse().DoFunc(func(r *http.Response, ctx *goproxy.ProxyCtx)*http.Response{ println(ctx.Req.Host,"->",r.Header.Get("Content-Type")) return r })
note that we used the ProxyCtx context variable here. It contains the request and the response (Req and Resp, Resp is nil if unavailable) of this specific client interaction with the proxy.
To print the content type of all responses from a certain url, we'll add a ReqCondition to the OnResponse function:
proxy.OnResponse(goproxy.UrlIs("golang.org/pkg")).DoFunc(func(r *http.Response, ctx *goproxy.ProxyCtx)*http.Response{ println(ctx.Req.Host,"->",r.Header.Get("Content-Type")) return r })
We can write the condition ourselves, conditions can be set on request and on response
var random = ReqConditionFunc(func(r *http.Request) bool { return rand.Intn(1) == 0 }) var hasGoProxyHeader = RespConditionFunc(func(resp *http.Response,req *http.Request)bool { return resp.Header.Get("X-GoProxy") != "" })
Caution! If you give a RespCondition to the OnRequest function, you'll get a run time panic! It doesn't make sense to read the response, if you still haven't got it!
Finally, we have convenience function to throw a quick response
proxy.OnResponse(hasGoProxyHeader).DoFunc(func(r*http.Response,ctx *goproxy.ProxyCtx)*http.Response { r.Body.Close() return goproxy.NewResponse(ctx.Req, goproxy.ContentTypeText, http.StatusForbidden, "Can't see response with X-GoProxy header!") })
we close the body of the original repsonse, and return a new 403 response with a short message.
Example use cases:
1. https://github.com/elazarl/goproxy/tree/master/examples/goproxy-avgsize
To measure the average size of an Html served in your site. One can ask all the QA team to access the website by a proxy, and the proxy will measure the average size of all text/html responses from your host.
2. [not yet implemented]
All requests to your web servers should be directed through the proxy, when the proxy will detect html pieces sent as a response to AJAX request, it'll send a warning email.
3. https://github.com/elazarl/goproxy/blob/master/examples/goproxy-httpdump/
Generate a real traffic to your website by real users using through proxy. Record the traffic, and try it again for more real load testing.
4. https://github.com/elazarl/goproxy/tree/master/examples/goproxy-no-reddit-at-worktime
Will allow browsing to reddit.com between 8:00am and 17:00pm
5. https://github.com/elazarl/goproxy/tree/master/examples/goproxy-jquery-version
Will warn if multiple versions of jquery are used in the same domain.
6. https://github.com/elazarl/goproxy/blob/master/examples/goproxy-upside-down-ternet/
Modifies image files in an HTTP response via goproxy's image extension found in ext/.
Index ¶
- Constants
- Variables
- func NewResponse(r *http.Request, contentType string, status int, body string) *http.Response
- func TLSConfigFromCA(ca *tls.Certificate) func(host string, ctx *ProxyCtx) (*tls.Config, error)
- func TextResponse(r *http.Request, text string) *http.Response
- type CertStorage
- type ConnectAction
- type ConnectActionLiteral
- type CounterEncryptorRand
- type FuncHttpsHandler
- type FuncReqHandler
- type FuncRespHandler
- type HttpsHandler
- type Logger
- type ProxyConds
- type ProxyCtx
- type ProxyHttpServer
- func (proxy *ProxyHttpServer) NewConnectDialToProxy(https_proxy string) func(network, addr string) (net.Conn, error)
- func (proxy *ProxyHttpServer) NewConnectDialToProxyWithHandler(https_proxy string, connectReqHandler func(req *http.Request)) func(network, addr string) (net.Conn, error)
- func (proxy *ProxyHttpServer) OnRequest(conds ...ReqCondition) *ReqProxyConds
- func (proxy *ProxyHttpServer) OnResponse(conds ...RespCondition) *ProxyConds
- func (proxy *ProxyHttpServer) ServeHTTP(w http.ResponseWriter, r *http.Request)
- type ReqCondition
- type ReqConditionFunc
- func DstHostIs(host string) ReqConditionFunc
- func Not(r ReqCondition) ReqConditionFunc
- func ReqHostIs(hosts ...string) ReqConditionFunc
- func ReqHostMatches(regexps ...*regexp.Regexp) ReqConditionFunc
- func UrlHasPrefix(prefix string) ReqConditionFunc
- func UrlIs(urls ...string) ReqConditionFunc
- func UrlMatches(re *regexp.Regexp) ReqConditionFunc
- type ReqHandler
- type ReqProxyConds
- func (pcond *ReqProxyConds) Do(h ReqHandler)
- func (pcond *ReqProxyConds) DoFunc(f func(req *http.Request, ctx *ProxyCtx) (*http.Request, *http.Response))
- func (pcond *ReqProxyConds) HandleConnect(h HttpsHandler)
- func (pcond *ReqProxyConds) HandleConnectFunc(f func(host string, ctx *ProxyCtx) (*ConnectAction, string))
- func (pcond *ReqProxyConds) HijackConnect(f func(req *http.Request, client net.Conn, ctx *ProxyCtx))
- type RespCondition
- type RespConditionFunc
- type RespHandler
- type RoundTripper
- type RoundTripperFunc
Constants ¶
const ( ConnectAccept = iota ConnectReject ConnectMitm ConnectHijack ConnectHTTPMitm ConnectProxyAuthHijack )
const ( ContentTypeText = "text/plain" ContentTypeHtml = "text/html" )
Variables ¶
var ( OkConnect = &ConnectAction{Action: ConnectAccept, TLSConfig: TLSConfigFromCA(&GoproxyCa)} MitmConnect = &ConnectAction{Action: ConnectMitm, TLSConfig: TLSConfigFromCA(&GoproxyCa)} HTTPMitmConnect = &ConnectAction{Action: ConnectHTTPMitm, TLSConfig: TLSConfigFromCA(&GoproxyCa)} RejectConnect = &ConnectAction{Action: ConnectReject, TLSConfig: TLSConfigFromCA(&GoproxyCa)} )
var CA_CERT = []byte(`-----BEGIN CERTIFICATE-----
MIIDfzCCAmegAwIBAgIUe/25lwXSXwENSpHg98xl+aJv1/QwDQYJKoZIhvcNAQEL
BQAwTzELMAkGA1UEBhMCeHgxDDAKBgNVBAgMA0hPRjEMMAoGA1UEBwwDSE9GMREw
DwYDVQQKDAhIT0ZQUk9YWTERMA8GA1UEAwwISE9GUFJPWFkwHhcNMjAwMTIyMTUw
OTU1WhcNMjUwNzE0MTUwOTU1WjBPMQswCQYDVQQGEwJ4eDEMMAoGA1UECAwDSE9G
MQwwCgYDVQQHDANIT0YxETAPBgNVBAoMCEhPRlBST1hZMREwDwYDVQQDDAhIT0ZQ
Uk9YWTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMiieHztzL10qKTf
/9IVm+06tpKhge/FWT0SUKqkBj0TEOLyb2WnbQEh3ToKNZkumcoP55B273lm/0yZ
G8qolWpb1GhkUu+SMI/ZbdVWa8wG8w0ZH0LoSCbGC4J0sw+qrdyC+yYcneVJB0MP
p8syLbGHviVszeLoBzpXpAe2qdWkjenNUYXJVTleJmS4xrM1ey0oGy2NmSFwS8ii
axE23Kvmza7YZaZxqutwSuZsWguV1AX6Nj0eOcOXpPydQ1Kfr8bvamgAqxWnRtNc
Atv2o4NDOe/iS+sxRcfFiZvsxNkjETKwv7VU00YN2y9vYote2YHD/idrhySgHOrh
j1F6DmkCAwEAAaNTMFEwHQYDVR0OBBYEFBZkakM2eRLpoaxmxBFW2IdXTiyOMB8G
A1UdIwQYMBaAFBZkakM2eRLpoaxmxBFW2IdXTiyOMA8GA1UdEwEB/wQFMAMBAf8w
DQYJKoZIhvcNAQELBQADggEBAFbS8nVM0aNPJXFpoGOeSK7AUZbBeUozfQZbyvOI
AwFtVld1Sb1LthBQCWGVBvaPlrJD5i2J83cznJaxtcSZ2VO6xREqlXYk8C3sAM86
MXJKgzKC/fHhWYj07RE72nxJZg/I/Qbt15gj1vktuo2hGIyhg2+oOs8dKP2dALqJ
kSak+w6SMDjpHYolhl7p1B04ty/jigg98xlpbV+HCySqTu1Kj2Zao+4krj/o3MiZ
KFIYheWTb19brYDxmn5gdJO34Znv3SVUiavQG0cPhyS/jNqe8Gt1Wy0YPE8TtebS
lehvIWzKLX7AGxoREEKPdxRz5bt2ktoaRrssDxOyL/JuLus=
-----END CERTIFICATE-----`)
var CA_KEY = []byte(`-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAyKJ4fO3MvXSopN//0hWb7Tq2kqGB78VZPRJQqqQGPRMQ4vJv
ZadtASHdOgo1mS6Zyg/nkHbveWb/TJkbyqiValvUaGRS75Iwj9lt1VZrzAbzDRkf
QuhIJsYLgnSzD6qt3IL7Jhyd5UkHQw+nyzItsYe+JWzN4ugHOlekB7ap1aSN6c1R
hclVOV4mZLjGszV7LSgbLY2ZIXBLyKJrETbcq+bNrthlpnGq63BK5mxaC5XUBfo2
PR45w5ek/J1DUp+vxu9qaACrFadG01wC2/ajg0M57+JL6zFFx8WJm+zE2SMRMrC/
tVTTRg3bL29ii17ZgcP+J2uHJKAc6uGPUXoOaQIDAQABAoIBAA6lTYZRFZD+4xCm
CVacnTVEA+/QOlv2W/1JSPor3wi2S5VFfTw+bIaYoj2KYT89V5yYbJ7vD6wdCKXe
x1iT1dRdv7OfHy69zS2zAYGBPX03RKbAHrgTnLC35D8xpaCPJQHjzdGKZTxHiHAs
xGLg1tUOw6KXvq/BoEVyAFdPzjX6G9jsg1H2CCKWwnrMY274QP6TlNsHvv75oMJa
RixsEZWeUgvL3wxTWF6HJel+IH100SX8YrBg/GFmbibay668G9ERmO5xKfd7PEkz
VqcKlIeCydwQpZ2U6vLMYQCBKyS2VTxUx+hVB/c/mX2MvIJGrG9Qc2LvRokH24X8
TAVGVwECgYEA/MlsqRmQXYTMfjzdlDs9i6IG/90/XphJWNZeH7Vy8QuawkvQ3Ijp
D3D+SfSxm0Z7nSh0TgSkF8DXXaWe9g/6kVPSXJb+rATKd6M2Tv8OCTeTqJL6k7b/
4dcd9Iq8D/cg/HAwRZx64/2cqVIw6otZY7oRrS0PiRU3YLXhyHHDwxUCgYEAyy9X
cNorlaOBHjnlkOXKj0j1QeqZ5I6vGNVsFDRCvihvmB3KKn8CynfnEFJDM3Kf2qza
NJgsZKpp0+Zaol57dRNb4G+36g4D/gp+wQGooC1T4efmxf9m36yfrFnZm70c8l6l
7B/dV+/ZnC8a06o7eAc4l9xAFnH05/ztsIdmAwUCgYAuCv4oushJ0GNy5uExG601
HrkJp6HgN/q8HKeePO2HrCZvF2IemS1iK6GVlOU4tBjV4kV05HGDBhP0MbOHfBeW
mt7pEHOon2LFccv1jY1f7miNvt+3QhDPcOA6534jpk6yzDhupXbYyhvb12Wjgugw
Ovb3RQrcXCnvCpHqcZZHlQKBgDf7dkMwyXt0TloOp7LRrYrnFjQwOHCh45qbCylR
8OXF7GFkK9SjpBg3CyITGFLvjR3KLGD7YJfn4DqzKFu+XpO2XsUq4uiJLg5rw9rX
4ycm9gqzQ4FgSm7seB4br3pak8Qv0dWKPglBm5qN2/1f1PzQOIaW9813Xnwg0zil
RbUlAoGBAJJ+KLlThZ9ra17NPO1LByyrPrHav9gyTb3vllxJU9OSjqWM/6qi051L
wAAJS88ep93qg9fOVYQ4dcuUkwmEeEsbSpmScqJOV69fYX7AaewSbcnG1la9pINj
/0cF7SR3kZ9y5BZi5cDYi1AW3NWfKLGH8teM6HcmqnukpVbuFCfJ
-----END RSA PRIVATE KEY-----`)
var GoproxyCa, _ = tls.X509KeyPair(CA_CERT, CA_KEY)
Functions ¶
func NewResponse ¶
Will generate a valid http response to the given request the response will have the given contentType, and http status. Typical usage, refuse to process requests to local addresses:
proxy.OnRequest(IsLocalHost()).DoFunc(func(r *http.Request, ctx *goproxy.ProxyCtx) (*http.Request,*http.Response) { return nil,NewResponse(r,goproxy.ContentTypeHtml,http.StatusUnauthorized, `<!doctype html><html><head><title>Can't use proxy for local addresses</title></head><body/></html>`) })
func TLSConfigFromCA ¶
Types ¶
type CertStorage ¶
type CertStorage interface {
Fetch(hostname string, gen func() (*tls.Certificate, error)) (*tls.Certificate, error)
}
type ConnectAction ¶
type ConnectAction struct { Action ConnectActionLiteral Hijack func(req *http.Request, client net.Conn, ctx *ProxyCtx) TLSConfig func(host string, ctx *ProxyCtx) (*tls.Config, error) }
ConnectAction enables the caller to override the standard connect flow. When Action is ConnectHijack, it is up to the implementer to send the HTTP 200, or any other valid http response back to the client from within the Hijack func
type CounterEncryptorRand ¶
type CounterEncryptorRand struct {
// contains filtered or unexported fields
}
func NewCounterEncryptorRandFromKey ¶
func NewCounterEncryptorRandFromKey(key interface{}, seed []byte) (r CounterEncryptorRand, err error)
func (*CounterEncryptorRand) Read ¶
func (c *CounterEncryptorRand) Read(b []byte) (n int, err error)
func (*CounterEncryptorRand) Seed ¶
func (c *CounterEncryptorRand) Seed(b []byte)
type FuncHttpsHandler ¶
type FuncHttpsHandler func(host string, ctx *ProxyCtx) (*ConnectAction, string)
A wrapper that would convert a function to a HttpsHandler interface type
var AlwaysMitm FuncHttpsHandler = func(host string, ctx *ProxyCtx) (*ConnectAction, string) { return MitmConnect, host }
AlwaysMitm is a HttpsHandler that always eavesdrop https connections, for example to eavesdrop all https connections to www.google.com, we can use
proxy.OnRequest(goproxy.ReqHostIs("www.google.com")).HandleConnect(goproxy.AlwaysMitm)
var AlwaysReject FuncHttpsHandler = func(host string, ctx *ProxyCtx) (*ConnectAction, string) { return RejectConnect, host }
AlwaysReject is a HttpsHandler that drops any CONNECT request, for example, this code will disallow connections to hosts on any other port than 443
proxy.OnRequest(goproxy.Not(goproxy.ReqHostMatches(regexp.MustCompile(":443$"))). HandleConnect(goproxy.AlwaysReject)
func (FuncHttpsHandler) HandleConnect ¶
func (f FuncHttpsHandler) HandleConnect(host string, ctx *ProxyCtx) (*ConnectAction, string)
FuncHttpsHandler should implement the RespHandler interface
type FuncReqHandler ¶
A wrapper that would convert a function to a ReqHandler interface type
type FuncRespHandler ¶
A wrapper that would convert a function to a RespHandler interface type
type HttpsHandler ¶
type HttpsHandler interface {
HandleConnect(req string, ctx *ProxyCtx) (*ConnectAction, string)
}
When a client send a CONNECT request to a host, the request is filtered through all the HttpsHandlers the proxy has, and if one returns true, the connection is sniffed using Man in the Middle attack. That is, the proxy will create a TLS connection with the client, another TLS connection with the destination the client wished to connect to, and would send back and forth all messages from the server to the client and vice versa. The request and responses sent in this Man In the Middle channel are filtered through the usual flow (request and response filtered through the ReqHandlers and RespHandlers)
type ProxyConds ¶
type ProxyConds struct {
// contains filtered or unexported fields
}
ProxyConds is used to aggregate RespConditions for a ProxyHttpServer. Upon calling ProxyConds.Do, it will register a RespHandler that would handle the HTTP response from remote server if all conditions on the HTTP response are met.
func (*ProxyConds) Do ¶
func (pcond *ProxyConds) Do(h RespHandler)
ProxyConds.Do will register the RespHandler on the proxy, h.Handle(resp,ctx) will be called on every request that matches the conditions aggregated in pcond.
type ProxyCtx ¶
type ProxyCtx struct { // Will contain the client request from the proxy Req *http.Request // Will contain the remote server's response (if available. nil if the request wasn't send yet) Resp *http.Response RoundTripper RoundTripper // will contain the recent error that occurred while trying to send receive or parse traffic Error error // A handle for the user to keep data in the context, from the call of ReqHandler to the // call of RespHandler UserData interface{} // Will connect a request to a response Session int64 Proxy *ProxyHttpServer // contains filtered or unexported fields }
ProxyCtx is the Proxy context, contains useful information about every request. It is passed to every user function. Also used as a logger.
func (*ProxyCtx) Charset ¶
Will try to infer the character set of the request from the headers. Returns the empty string if we don't know which character set it used. Currently it will look for charset=<charset> in the Content-Type header of the request.
func (*ProxyCtx) Logf ¶
Logf prints a message to the proxy's log. Should be used in a ProxyHttpServer's filter This message will be printed only if the Verbose field of the ProxyHttpServer is set to true
proxy.OnRequest().DoFunc(func(r *http.Request,ctx *goproxy.ProxyCtx) (*http.Request, *http.Response){ nr := atomic.AddInt32(&counter,1) ctx.Printf("So far %d requests",nr) return r, nil })
func (*ProxyCtx) RoundTrip ¶
func (*ProxyCtx) Warnf ¶
Warnf prints a message to the proxy's log. Should be used in a ProxyHttpServer's filter This message will always be printed.
proxy.OnRequest().DoFunc(func(r *http.Request,ctx *goproxy.ProxyCtx) (*http.Request, *http.Response){ f,err := os.OpenFile(cachedContent) if err != nil { ctx.Warnf("error open file %v: %v",cachedContent,err) return r, nil } return r, nil })
type ProxyHttpServer ¶
type ProxyHttpServer struct { // KeepDestinationHeaders indicates the proxy should retain any headers present in the http.Response before proxying KeepDestinationHeaders bool // setting Verbose to true will log information on each request sent to the proxy Verbose bool Logger Logger NonproxyHandler http.Handler Tr *http.Transport // ConnectDial will be used to create TCP connections for CONNECT requests // if nil Tr.Dial will be used ConnectDial func(network string, addr string) (net.Conn, error) CertStore CertStorage KeepHeader bool // contains filtered or unexported fields }
The basic proxy type. Implements http.Handler.
func NewProxyHttpServer ¶
func NewProxyHttpServer() *ProxyHttpServer
NewProxyHttpServer creates and returns a proxy server, logging to stderr by default
func (*ProxyHttpServer) NewConnectDialToProxy ¶
func (*ProxyHttpServer) NewConnectDialToProxyWithHandler ¶
func (*ProxyHttpServer) OnRequest ¶
func (proxy *ProxyHttpServer) OnRequest(conds ...ReqCondition) *ReqProxyConds
ProxyHttpServer.OnRequest Will return a temporary ReqProxyConds struct, aggregating the given condtions. You will use the ReqProxyConds struct to register a ReqHandler, that would filter the request, only if all the given ReqCondition matched. Typical usage:
proxy.OnRequest(UrlIs("example.com/foo"),UrlMatches(regexp.MustParse(`.*\.exampl.\com\./.*`)).Do(...)
func (*ProxyHttpServer) OnResponse ¶
func (proxy *ProxyHttpServer) OnResponse(conds ...RespCondition) *ProxyConds
OnResponse is used when adding a response-filter to the HTTP proxy, usual pattern is
proxy.OnResponse(cond1,cond2).Do(handler) // handler.Handle(resp,ctx) will be used // if cond1.HandleResp(resp) && cond2.HandleResp(resp)
func (*ProxyHttpServer) ServeHTTP ¶
func (proxy *ProxyHttpServer) ServeHTTP(w http.ResponseWriter, r *http.Request)
Standard net/http function. Shouldn't be used directly, http.Serve will use it.
type ReqCondition ¶
type ReqCondition interface { RespCondition HandleReq(req *http.Request, ctx *ProxyCtx) bool }
ReqCondition.HandleReq will decide whether or not to use the ReqHandler on an HTTP request before sending it to the remote server
func SrcIpIs ¶
func SrcIpIs(ips ...string) ReqCondition
SrcIpIs returns a ReqCondition testing whether the source IP of the request is one of the given strings
type ReqConditionFunc ¶
ReqConditionFunc.HandleReq(req,ctx) <=> ReqConditionFunc(req,ctx)
var IsLocalHost ReqConditionFunc = func(req *http.Request, ctx *ProxyCtx) bool {
return req.URL.Host == "::1" ||
req.URL.Host == "0:0:0:0:0:0:0:1" ||
localHostIpv4.MatchString(req.URL.Host) ||
req.URL.Host == "localhost"
}
IsLocalHost checks whether the destination host is explicitly local host (buggy, there can be IPv6 addresses it doesn't catch)
func DstHostIs ¶
func DstHostIs(host string) ReqConditionFunc
DstHostIs returns a ReqCondition testing wether the host in the request url is the given string
func Not ¶
func Not(r ReqCondition) ReqConditionFunc
Not returns a ReqCondition negating the given ReqCondition
func ReqHostIs ¶
func ReqHostIs(hosts ...string) ReqConditionFunc
ReqHostIs returns a ReqCondition, testing whether the host to which the request is directed to equal to one of the given strings
func ReqHostMatches ¶
func ReqHostMatches(regexps ...*regexp.Regexp) ReqConditionFunc
ReqHostMatches returns a ReqCondition, testing whether the host to which the request was directed to matches any of the given regular expressions.
func UrlHasPrefix ¶
func UrlHasPrefix(prefix string) ReqConditionFunc
UrlHasPrefix returns a ReqCondition checking wether the destination URL the proxy client has requested has the given prefix, with or without the host. For example UrlHasPrefix("host/x") will match requests of the form 'GET host/x', and will match requests to url 'http://host/x'
func UrlIs ¶
func UrlIs(urls ...string) ReqConditionFunc
UrlIs returns a ReqCondition, testing whether or not the request URL is one of the given strings with or without the host prefix. UrlIs("google.com/","foo") will match requests 'GET /' to 'google.com', requests `'GET google.com/' to any host, and requests of the form 'GET foo'.
func UrlMatches ¶
func UrlMatches(re *regexp.Regexp) ReqConditionFunc
UrlMatches returns a ReqCondition testing whether the destination URL of the request matches the given regexp, with or without prefix
type ReqHandler ¶
type ReqHandler interface {
Handle(req *http.Request, ctx *ProxyCtx) (*http.Request, *http.Response)
}
ReqHandler will "tamper" with the request coming to the proxy server If Handle returns req,nil the proxy will send the returned request to the destination server. If it returns nil,resp the proxy will skip sending any requests, and will simply return the response `resp` to the client.
type ReqProxyConds ¶
type ReqProxyConds struct {
// contains filtered or unexported fields
}
ReqProxyConds aggregate ReqConditions for a ProxyHttpServer. Upon calling Do, it will register a ReqHandler that would handle the request if all conditions on the HTTP request are met.
func (*ReqProxyConds) Do ¶
func (pcond *ReqProxyConds) Do(h ReqHandler)
ReqProxyConds.Do will register the ReqHandler on the proxy, the ReqHandler will handle the HTTP request if all the conditions aggregated in the ReqProxyConds are met. Typical usage:
proxy.OnRequest().Do(handler) // will call handler.Handle(req,ctx) on every request to the proxy proxy.OnRequest(cond1,cond2).Do(handler) // given request to the proxy, will test if cond1.HandleReq(req,ctx) && cond2.HandleReq(req,ctx) are true // if they are, will call handler.Handle(req,ctx)
func (*ReqProxyConds) DoFunc ¶
func (pcond *ReqProxyConds) DoFunc(f func(req *http.Request, ctx *ProxyCtx) (*http.Request, *http.Response))
DoFunc is equivalent to proxy.OnRequest().Do(FuncReqHandler(f))
func (*ReqProxyConds) HandleConnect ¶
func (pcond *ReqProxyConds) HandleConnect(h HttpsHandler)
HandleConnect is used when proxy receives an HTTP CONNECT request, it'll then use the HttpsHandler to determine what should it do with this request. The handler returns a ConnectAction struct, the Action field in the ConnectAction struct returned will determine what to do with this request. ConnectAccept will simply accept the request forwarding all bytes from the client to the remote host, ConnectReject will close the connection with the client, and ConnectMitm, will assume the underlying connection is an HTTPS connection, and will use Man in the Middle attack to eavesdrop the connection. All regular handler will be active on this eavesdropped connection. The ConnectAction struct contains possible tlsConfig that will be used for eavesdropping. If nil, the proxy will use the default tls configuration.
proxy.OnRequest().HandleConnect(goproxy.AlwaysReject) // rejects all CONNECT requests
func (*ReqProxyConds) HandleConnectFunc ¶
func (pcond *ReqProxyConds) HandleConnectFunc(f func(host string, ctx *ProxyCtx) (*ConnectAction, string))
HandleConnectFunc is equivalent to HandleConnect, for example, accepting CONNECT request if they contain a password in header
io.WriteString(h,password) passHash := h.Sum(nil) proxy.OnRequest().HandleConnectFunc(func(host string, ctx *ProxyCtx) (*ConnectAction, string) { c := sha1.New() io.WriteString(c,ctx.Req.Header.Get("X-GoProxy-Auth")) if c.Sum(nil) == passHash { return OkConnect, host } return RejectConnect, host })
type RespCondition ¶
RespCondition.HandleReq will decide whether or not to use the RespHandler on an HTTP response before sending it to the proxy client. Note that resp might be nil, in case there was an error sending the request.
func ContentTypeIs ¶
func ContentTypeIs(typ string, types ...string) RespCondition
ContentTypeIs returns a RespCondition testing whether the HTTP response has Content-Type header equal to one of the given strings.
func StatusCodeIs ¶
func StatusCodeIs(codes ...int) RespCondition
StatusCodeIs returns a RespCondition, testing whether or not the HTTP status code is one of the given ints
type RespConditionFunc ¶
RespConditionFunc.HandleResp(resp,ctx) <=> RespConditionFunc(resp,ctx)
type RespHandler ¶
after the proxy have sent the request to the destination server, it will "filter" the response through the RespHandlers it has. The proxy server will send to the client the response returned by the RespHandler. In case of error, resp will be nil, and ctx.RoundTrip.Error will contain the error
func HandleBytes ¶
func HandleBytes(f func(b []byte, ctx *ProxyCtx) []byte) RespHandler
HandleBytes will return a RespHandler that read the entire body of the request to a byte array in memory, would run the user supplied f function on the byte arra, and will replace the body of the original response with the resulting byte array.