XiaoMo/anyproxy
1
0
Fork 0
mirror of https://github.com/alibaba/anyproxy.git synced 2025-05-10 14:58:27 +00:00
Code Issues Packages Projects Releases Wiki Activity

using SNI when intercepting https requests

Browse Source
This commit is contained in:
OttoMao 2015-02-10 12:03:21 +08:00
parent 6d84a95165
commit d51cb0ce4b
6 changed files with 105 additions and 187 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
CHANGELOG
View File

@ -1,3 +1,7 @@
10 Feb 2015: anyproxy 3.2.0:
* using SNI when intercepting https requests
28 Jan 2015: anyproxy 3.1.2: 28 Jan 2015: anyproxy 3.1.2:
* thanks to iconv-lite, almost webpage with any charset can be correctly decoded in web interface. * thanks to iconv-lite, almost webpage with any charset can be correctly decoded in web interface.

9
README.md
View File

@ -23,16 +23,15 @@ A fully configurable proxy in NodeJS, which can handle HTTPS requests perfectly.
------------ ------------
* 支持https明文代理 * 支持https明文代理
* 支持低网速模拟 * 支持低网速模拟
* 全流程开放可以用javascript控制代理流程中的任意步骤。搭建前端个性化调试环境的利器。 * 全流程开放可以用javascript控制代理流程中的任意步骤,搭建前端个性化调试环境
* 提供web版界面观测请求情况 * 提供web版界面观测请求情况
Feature Feature
------------ ------------
* work as http or https proxy * work as http or https proxy
* fully configurable, you can modify a request at any stage by your own javascript code * fully configurable, you could modify a request at any stage with your customized javascript code
* when working as https proxy, it can generate and intercept https requests for any domain without complaint by browser (after you trust its root CA) * when working as https proxy, it could generate and intercept https requests for any domain without complaint by browser (after you trust its root CA)
* a web interface for you to watch realtime request details, where html string with (almost) any charset could be shown correctly * a web interface for you to watch realtime request details, where html string with (almost) any charset could be shown correctly
* (beta)a web UI interface for you to replace some remote response with local data
![screenshot](http://gtms01.alicdn.com/tps/i1/TB1IdgqGXXXXXa9apXXLExM2pXX-854-480.gif) ![screenshot](http://gtms01.alicdn.com/tps/i1/TB1IdgqGXXXXXa9apXXLExM2pXX-854-480.gif)

64
diff.txt
View File

@ -1,64 +0,0 @@
diff --git a/bin.js b/bin.js
index 9b7f39b..86ccdee 100644
--- a/bin.js
+++ b/bin.js
@@ -4,6 +4,7 @@ var program = require('commander'),
proxy = require("./proxy.js"),
color = require('colorful'),
fs = require("fs"),
+ path = require("path"),
packageInfo = require("./package.json");
program
@@ -33,15 +34,16 @@ if(program.clear){
var ruleModule;
if(program.rule){
- if(fs.existsSync(program.rule)){
- try{ //for abs path
+ var ruleFilePath = path.join(process.cwd(),program.rule);
+ try{
+ if(fs.existsSync(ruleFilePath)){
ruleModule = require(program.rule);
- }catch(e){ //for relative path
- ruleModule = require(process.cwd() + '/' + program.rule.replace(/^\.\//,''));
+ console.log("rule file loaded :" + ruleFilePath);
+ }else{
+ console.log(color.red("can not find rule file"));
}
- console.log(color.green("rule file loaded"));
- }else{
- console.log(color.red("can not find rule file"));
+ }catch(e){
+ console.log("failed to load rule file :" + e.toString());
}
}
diff --git a/lib/requestHandler.js b/lib/requestHandler.js
index 37f19d4..620b7f9 100644
--- a/lib/requestHandler.js
+++ b/lib/requestHandler.js
@@ -364,7 +364,7 @@ function setRules(newRule){
}
if('function' == typeof(userRule.summary)){
functions.push(function(cb){
- userRule.summary();
+ console.log(userRule.summary());
cb(null);
});
}
diff --git a/rule_sample/README.md b/rule_sample/README.md
index 7a8eabb..7c29ff5 100644
--- a/rule_sample/README.md
+++ b/rule_sample/README.md
@@ -27,6 +27,9 @@ The following are sample rules.
* rule_replace_response_status_code.js
* replace server's status code
* 改变服务端响应的http状态码
+* rule_reverse_proxy.js
+ * assign a specific ip address for request
+ * 为请求绑定目标ip
* rule_use_local_data.js
* map some requests to local file
* 把图片响应映射到本地
\ No newline at end of file

41
lib/certMgr.js
View File

@ -10,10 +10,10 @@ var exec = require('child_process').exec,
//TODO : unstable in windows //TODO : unstable in windows
var certDir = path.join(util.getUserHome(),"/.anyproxy_certs/"), var certDir = path.join(util.getUserHome(),"/.anyproxy_certs/"),
cmdDir = path.join(__dirname,"..","./cert/"), cmdDir = path.join(__dirname,"..","./cert/"),
cmd_genRoot = path.join(cmdDir,"./gen-rootCA"), cmd_genRoot = path.join(cmdDir,"./gen-rootCA"),
cmd_genCert = path.join(cmdDir,"./gen-cer"), cmd_genCert = path.join(cmdDir,"./gen-cer"),
asyncTaskMgr = new asyncTask(); createCertTaskMgr = new asyncTask();
if(!fs.existsSync(certDir)){ if(!fs.existsSync(certDir)){
try{ try{
@ -26,26 +26,31 @@ if(!fs.existsSync(certDir)){
} }
} }
function getCertificate(hostname,cb){ function getCertificate(hostname,certCallback){
var keyFile = path.join(certDir , "__hostname.key".replace(/__hostname/,hostname) ), var keyFile = path.join(certDir , "__hostname.key".replace(/__hostname/,hostname) ),
crtFile = path.join(certDir , "__hostname.crt".replace(/__hostname/,hostname) ); crtFile = path.join(certDir , "__hostname.crt".replace(/__hostname/,hostname) );
if(!fs.existsSync(keyFile) || !fs.existsSync(crtFile)){ createCertTaskMgr.addTask(hostname,function(callback){
asyncTaskMgr.addTask(hostname,function(cb){ if(!fs.existsSync(keyFile) || !fs.existsSync(crtFile)){
createCert(hostname,function(err){ createCert(hostname,function(err){
cb(err ? err : null); if(err){
callback(err);
}else{
callback(null , fs.readFileSync(keyFile) , fs.readFileSync(crtFile));
}
}); });
},function(err){ }else{
if(!err){ callback(null , fs.readFileSync(keyFile) , fs.readFileSync(crtFile));
cb(null , fs.readFileSync(keyFile) , fs.readFileSync(crtFile) ); }
}else{
cb(err);
}
});
}else{ },function(err,keyContent,crtContent){
cb(null , fs.readFileSync(keyFile) , fs.readFileSync(crtFile) ); if(!err){
} certCallback(null ,keyContent,crtContent);
}else{
certCallback(err);
}
});
} }
function createCert(hostname,callback){ function createCert(hostname,callback){

127
lib/httpsServerMgr.js
View File

@ -5,100 +5,61 @@ var getPort = require('./getPort'),
https = require('https'), https = require('https'),
fs = require('fs'), fs = require('fs'),
net = require('net'), net = require('net'),
url = require('url'), tls = require('tls'),
color = require('colorful'), color = require('colorful'),
certMgr = require("./certMgr"), certMgr = require("./certMgr"),
asyncTask = require("async-task-mgr"); asyncTask = require("async-task-mgr");
var DEFAULT_RELEASE_TIME = 2000;//120*1000; //using sni to avoid multiple ports
function SNIPrepareCert(serverName,SNICallback){
var asyncTaskMgr = new asyncTask(); var keyContent, crtContent,ctx;
module.exports =function(){
var self = this;
self.serverList = {
/* schema sample
"www.example.com":{
port:123,
server : serverInstance,
lastestUse: 99999 //unix time stamp
}
*/
};
//fetch a port for https server with hostname
this.fetchPort = function(hostname,userRequesthandler,userCB){
var serverInfo = self.serverList[hostname],
port;
//server exists
if(serverInfo){
serverInfo.lastestUse = new Date().getTime();
port = serverInfo.port;
userCB && userCB(null,port);
//create server with corresponding CA
}else{
asyncTaskMgr.addTask(hostname, createServer ,userCB);
function createServer(cb){
async.series([
//find a clean port
function(callback){
getPort(function(cleanPort){
port = cleanPort;
callback(null,port);
});
}
//create server
,function(callback){
certMgr.getCertificate(hostname,function(err,keyContent,crtContent){
var server = createHttpsServer(port,keyContent,crtContent,userRequesthandler);
self.serverList[hostname] = {
port : port,
server : server,
lastestUse : new Date().getTime()
};
var tipText = "https server @port __portNum for __HOST established".replace(/__portNum/,port).replace(/__HOST/,hostname);
console.log(color.yellow(color.bold("[internal https]")) + color.yellow(tipText));
callback && callback(null,port);
});
}
],function(err,result){
cb && cb(err,result[result.length - 1]);
async.series([
function(callback){
certMgr.getCertificate(serverName,function(err,key,crt){
if(err){
callback(err);
}else{
keyContent = key;
crtContent = crt;
callback();
}
});
},
function(callback){
try{
ctx = tls.createSecureContext({
key :keyContent,
cert :crtContent
}); });
callback();
}catch(e){
callback(e);
} }
} }
}; ],function(err,result){
if(!err){
//clear servers which have been idle for some time var tipText = "proxy server for __NAME established".replace("__NAME",serverName);
setInterval(function(){ console.log(color.yellow(color.bold("[internal https]")) + color.yellow(tipText));
var timeNow = new Date().getTime(); SNICallback(null,ctx);
for(var serverName in self.serverList){ }else{
var item = self.serverList[serverName]; console.log("err occurred when prepare certs for SNI - " + e);
if( (timeNow - item.lastestUse) > DEFAULT_RELEASE_TIME){
item.server.close();
asyncTaskMgr.removeTask(serverName);
delete self.serverList[serverName];
console.log(color.yellow(color.bold("[internal https]")) + color.yellow("https server released : " + serverName));
}
} }
});
},DEFAULT_RELEASE_TIME);
} }
function createHttpsServer(port,keyContent,crtContent,userRequesthandler){ //config.port - port to start https server
return https.createServer({ //config.handler - request handler
key : keyContent, module.exports =function(config){
cert: crtContent var self = this;
},userRequesthandler).listen(port);
if(!config || !config.port ){
throw(new Error("please assign a port"));
}
https.createServer({
SNICallback : SNIPrepareCert
},config.handler).listen(config.port);
} }

45
lib/requestHandler.js
View File

@ -9,11 +9,11 @@ var http = require("http"),
color = require("colorful"), color = require("colorful"),
Buffer = require('buffer').Buffer, Buffer = require('buffer').Buffer,
util = require("./util"), util = require("./util"),
getPort = require("./getPort"),
Stream = require("stream"), Stream = require("stream"),
httpsServerMgr = require("./httpsServerMgr"); httpsServerMgr = require("./httpsServerMgr");
var httpsServerMgrInstance = new httpsServerMgr(), var defaultRule = require("./rule_default.js"),
defaultRule = require("./rule_default.js"),
userRule = defaultRule; //init userRule = defaultRule; //init
function userRequestHandler(req,userRes){ function userRequestHandler(req,userRes){
@ -270,26 +270,40 @@ function connectReqHandler(req, socket, head){
}; };
resourceInfoId = GLOBAL.recorder.appendRecord(resourceInfo); resourceInfoId = GLOBAL.recorder.appendRecord(resourceInfo);
var proxyPort, proxyHost; var proxyPort,
proxyHost,
internalHttpsPort,
httpsServerMgrInstance;
async.series([ async.series([
//find port //check if internal https server exists
function(callback){
if(internalHttpsPort){
callback();
}else{
getPort(function(port){
internalHttpsPort = port;
httpsServerMgrInstance = new httpsServerMgr({
port :port,
handler :userRequestHandler
});
callback();
});
}
},
//determine the target server
function(callback){ function(callback){
if(shouldIntercept){ if(shouldIntercept){
//TODO : remote port other than 433 proxyPort = internalHttpsPort;
httpsServerMgrInstance.fetchPort(host,userRequestHandler,function(err,port){ proxyHost = "127.0.0.1";
if(!err && port){ callback();
proxyPort = port;
proxyHost = "127.0.0.1";
callback();
}else{
callback(err);
}
});
}else{ }else{
proxyPort = targetPort; proxyPort = 443;
proxyHost = host; proxyHost = host;
callback(); callback();
@ -305,7 +319,6 @@ function connectReqHandler(req, socket, head){
if(GLOBAL._throttle && !shouldIntercept ){ if(GLOBAL._throttle && !shouldIntercept ){
var readable = conn.pipe(GLOBAL._throttle.throttle()); var readable = conn.pipe(GLOBAL._throttle.throttle());
readable.pipe(socket); readable.pipe(socket);
socket.pipe(conn); socket.pipe(conn);
}else{ }else{
conn.pipe(socket); conn.pipe(socket);