proxy

package
v0.0.1-alpha Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 2, 2024 License: MIT Imports: 13 Imported by: 0

README

HTTP(S) Connect Tunneling

sequenceDiagram
    participant Client
    participant MITM_Proxy
    participant Server

    Note over Client,MITM_Proxy: Initial TLS Handshake Phase

    Client->>MITM_Proxy: ClientHello (Initial)
    MITM_Proxy-->>Client: ServerHello, Fake Certificate, ServerHelloDone (Initial)
    Client->>MITM_Proxy: ClientKeyExchange, ChangeCipherSpec, EncryptedHandshakeMessage (Initial)
    MITM_Proxy-->>Client: ChangeCipherSpec, EncryptedHandshakeMessage (Initial)

    loop Internal Connection
        Client->>MITM_Proxy: Encrypted CONNECT to MITM_Proxy
        MITM_Proxy-->>MITM_Proxy: Establish connection to its own TLS port
        MITM_Proxy->>Client: Encrypted 200 Connection Established
    end

    Note over Client,MITM_Proxy: First TLS Handshake Phase
    
    Client->>MITM_Proxy: ClientHello (Phase 1)
    MITM_Proxy-->>Client: ServerHello, Fake Certificate, ServerHelloDone (Phase 1)
    Client->>MITM_Proxy: ClientKeyExchange, ChangeCipherSpec, EncryptedHandshakeMessage (Phase 1)
    MITM_Proxy-->>Client: ChangeCipherSpec, EncryptedHandshakeMessage (Phase 1)

    Note over Client,MITM_Proxy: Second TLS Handshake Phase

    Client->>MITM_Proxy: ClientHello (Phase 2)
    MITM_Proxy-->>Client: ServerHello, Fake Certificate, ServerHelloDone (Phase 2)
    Client->>MITM_Proxy: ClientKeyExchange, ChangeCipherSpec, EncryptedHandshakeMessage (Phase 2)
    MITM_Proxy-->>Client: ChangeCipherSpec, EncryptedHandshakeMessage (Phase 2)

    Note over MITM_Proxy,Server: TLS Handshake with Server

    MITM_Proxy->>Server: ClientHello
    Server-->>MITM_Proxy: ServerHello, Certificate, ServerHelloDone
    MITM_Proxy->>Server: ClientKeyExchange, ChangeCipherSpec, EncryptedHandshakeMessage
    Server-->>MITM_Proxy: ChangeCipherSpec, EncryptedHandshakeMessage

    Note over MITM_Proxy,Server: TLS Handshake with Server Complete

    MITM_Proxy->>Server: Forward Buffered Decrypted HTTP Request
    Server-->>MITM_Proxy: Encrypted HTTP Response
    MITM_Proxy-->>Client: Encrypted HTTP Response

    Note over Client,Server: MITM_Proxy can inspect/modify data

Documentation

Index

Constants

This section is empty.

Variables

View Source
var (
	ErrNoRouteMatch = errors.New("no match found")
	ErrRouteMatch   = errors.New("router error")
	ErrStoreRead    = errors.New("store read error")
)

Functions

func New

func New(tripper http.RoundTripper) *httputil.ReverseProxy

func NewCaptureProxy

func NewCaptureProxy(topic spec.SnapshotMessageTopic) http.Handler

func NewClient

func NewClient(proxyURL *url.URL, config *tls.Config) *http.Client

func NewReplayClient

func NewReplayClient(transport *ReplayTransport) *http.Client

func NewReplayProxy

func NewReplayProxy(topic spec.SnapshotMessageTopic, replay *ReplayTransport) http.Handler

func NewTransport

func NewTransport(proxyURL *url.URL, config *tls.Config) *http.Transport

Types

type ReplayTransport

type ReplayTransport struct {
	Router spec.SnapshotRouter
	Store  spec.SnapshotStore
}

func NewReplayTransport

func NewReplayTransport(router spec.SnapshotRouter, store spec.SnapshotStore) *ReplayTransport

func (*ReplayTransport) RoundTrip

func (t *ReplayTransport) RoundTrip(request *http.Request) (res *http.Response, err error)

type TunnelMiddleware

type TunnelMiddleware struct {
	// contains filtered or unexported fields
}

func NewTunnelMiddleware

func NewTunnelMiddleware(mitmAddress string) *TunnelMiddleware

NewTunnelMiddleware creates a new tunnel middleware that will forward CONNECT requests to the MITM address. This is intended for use with testing and debugging.

func (*TunnelMiddleware) Handler

func (t *TunnelMiddleware) Handler(next http.Handler) http.Handler

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL