Skip to content

Instantly share code, notes, and snippets.

@iolalla

iolalla/certs.sh

Last active June 17, 2020 09:58
Show Gist options
  • Save iolalla/785ed4c940741bfde656549f4c3a4d35 to your computer and use it in GitHub Desktop.
Save iolalla/785ed4c940741bfde656549f4c3a4d35 to your computer and use it in GitHub Desktop.
Download ZIP
Simple use case : You need if a transparent https proxy, but you neeed to see the URLS and headers, Why? To configure proxies or firewalls. Based in this article: https://medium.com/@mlowicki/http-s-proxy-in-golang-in-less-than-100-lines-of-code-6a51c2f2c38c This code only adds logging controls.
Raw
certs.sh
#!/usr/bin/env bash
case `uname -s` in
Linux*) sslConfig=/etc/ssl/openssl.cnf;;
Darwin*) sslConfig=/System/Library/OpenSSL/openssl.cnf;;
esac
openssl req \
-newkey rsa:2048 \
-x509 \
-nodes \
-keyout server.key \
-new \
-out server.pem \
-subj /CN=localhost \
-reqexts SAN \
-extensions SAN \
-config <(cat $sslConfig \
<(printf '[SAN]\nsubjectAltName=DNS:localhost')) \
-sha256 \
-days 3650
Raw
tp.go
package main
/*
https://medium.com/@mlowicki/http-s-proxy-in-golang-in-less-than-100-lines-of-code-6a51c2f2c38c
Simple use case : You need if a transparent https proxy, but you neeed to see the URLS and
headers, Why? To configure proxies or firewalls.
Generate the certs with certs.sh
compile tp.go
$go buuild tp.go
$./ttp
$ curl -Lv --proxy https://localhost:8888 --proxy-cacert server.pem https://google.com/?l=es
OUTPUT:
2020/06/17 11:29:01 URL:google.com:443
2020/06/17 11:29:01 HEADER Name:User-Agent Value: curl/7.64.0
2020/06/17 11:29:01 HEADER Name:Proxy-Connection Value: Keep-Alive
*/
import (
"crypto/tls"
"flag"
"io"
"log"
"net"
"net/http"
"time"
)
func handleTunneling(w http.ResponseWriter, r *http.Request) {
destConn, err := net.DialTimeout("tcp", r.Host, 10*time.Second)
if err != nil {
http.Error(w, err.Error(), http.StatusServiceUnavailable)
return
}
w.WriteHeader(http.StatusOK)
hijacker, ok := w.(http.Hijacker)
if !ok {
http.Error(w, "Hijacking not supported", http.StatusInternalServerError)
return
}
clientConn, _, err := hijacker.Hijack()
if err != nil {
http.Error(w, err.Error(), http.StatusServiceUnavailable)
}
log.Println("URL:" + r.RequestURI)
copyHeader(w.Header(), r.Header)
go transfer(destConn, clientConn)
go transfer(clientConn, destConn)
}
func transfer(destination io.WriteCloser, source io.ReadCloser) {
defer destination.Close()
defer source.Close()
io.Copy(destination, source)
}
func handleHTTP(w http.ResponseWriter, req *http.Request) {
resp, err := http.DefaultTransport.RoundTrip(req)
if err != nil {
http.Error(w, err.Error(), http.StatusServiceUnavailable)
return
}
defer resp.Body.Close()
log.Println("URL:" + req.RequestURI)
copyHeader(w.Header(), resp.Header)
w.WriteHeader(resp.StatusCode)
io.Copy(w, resp.Body)
}
func copyHeader(dst, src http.Header) {
for k, vv := range src {
for _, v := range vv {
dst.Add(k, v)
log.Println("HEADER Name:" + k + " Value:" + v)
}
}
}
func main() {
var pemPath string
flag.StringVar(&pemPath, "pem", "server.pem", "path to pem file")
var keyPath string
flag.StringVar(&keyPath, "key", "server.key", "path to key file")
var proto string
flag.StringVar(&proto, "proto", "https", "Proxy protocol (http or https)")
flag.Parse()
if proto != "http" && proto != "https" {
log.Fatal("Protocol must be either http or https")
}
server := &http.Server{
Addr: ":8888",
Handler: http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
if r.Method == http.MethodConnect {
handleTunneling(w, r)
} else {
handleHTTP(w, r)
}
}),
// Disable HTTP/2.
TLSNextProto: make(map[string]func(*http.Server, *tls.Conn, http.Handler)),
}
if proto == "http" {
log.Fatal(server.ListenAndServe())
} else {
log.Fatal(server.ListenAndServeTLS(pemPath, keyPath))
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment