|
|
|
|
package proxy
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"crypto/tls"
|
|
|
|
|
"log"
|
|
|
|
|
"net"
|
|
|
|
|
"net/http"
|
|
|
|
|
"time"
|
|
|
|
|
|
|
|
|
|
"github.com/lqqyt2423/go-mitmproxy/cert"
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
type Mitm interface {
|
|
|
|
|
Start() error
|
|
|
|
|
Dial(host string) (net.Conn, error)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// 直接转发 https 流量
|
|
|
|
|
type MitmForward struct{}
|
|
|
|
|
|
|
|
|
|
func (m *MitmForward) Start() error {
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (m *MitmForward) Dial(host string) (net.Conn, error) {
|
|
|
|
|
return net.Dial("tcp", host)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// 内部解析 https 流量
|
|
|
|
|
// 每个连接都会消耗掉两个文件描述符,可能会达到打开文件上限
|
|
|
|
|
type MitmServer struct {
|
|
|
|
|
Proxy *Proxy
|
|
|
|
|
CA *cert.CA
|
|
|
|
|
Listener net.Listener
|
|
|
|
|
Server *http.Server
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func NewMitmServer(proxy *Proxy) (Mitm, error) {
|
|
|
|
|
ca, err := cert.NewCA("")
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
m := &MitmServer{
|
|
|
|
|
Proxy: proxy,
|
|
|
|
|
CA: ca,
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
server := &http.Server{
|
|
|
|
|
IdleTimeout: time.Millisecond * 100, // 尽快关闭内部的连接,释放文件描述符
|
|
|
|
|
Handler: m,
|
|
|
|
|
TLSNextProto: make(map[string]func(*http.Server, *tls.Conn, http.Handler)), // disable http2
|
|
|
|
|
TLSConfig: &tls.Config{
|
|
|
|
|
GetCertificate: func(chi *tls.ClientHelloInfo) (*tls.Certificate, error) {
|
|
|
|
|
// log.Printf("MitmServer GetCertificate ServerName: %v\n", chi.ServerName)
|
|
|
|
|
return ca.DummyCert(chi.ServerName)
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
m.Server = server
|
|
|
|
|
|
|
|
|
|
return m, nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (m *MitmServer) Start() error {
|
|
|
|
|
ln, err := net.Listen("tcp", "127.0.0.1:") // port number is automatically chosen
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
m.Listener = ln
|
|
|
|
|
m.Server.Addr = ln.Addr().String()
|
|
|
|
|
log.Printf("MitmServer Server Addr is %v\n", m.Server.Addr)
|
|
|
|
|
defer ln.Close()
|
|
|
|
|
|
|
|
|
|
return m.Server.ServeTLS(ln, "", "")
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (m *MitmServer) Dial(host string) (net.Conn, error) {
|
|
|
|
|
return net.Dial("tcp", m.Server.Addr)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (m *MitmServer) ServeHTTP(res http.ResponseWriter, req *http.Request) {
|
|
|
|
|
if req.URL.Scheme == "" {
|
|
|
|
|
req.URL.Scheme = "https"
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if req.URL.Host == "" {
|
|
|
|
|
req.URL.Host = req.Host
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
m.Proxy.ServeHTTP(res, req)
|
|
|
|
|
}
|
