forked from AdguardTeam/gomitmproxy
/
config.go
99 lines (79 loc) · 3.63 KB
/
config.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
package gomitmproxy
import (
"crypto/tls"
"net"
"net/http"
"github.com/diogenes1oliveira/gomitmproxy/mitm"
)
// OnConnectFunc is a declaration of the Config.OnConnect handler.
type OnConnectFunc func(session *Session, proto string, addr string) (conn net.Conn)
// OnRequestFunc is a declaration of the Config.OnRequest handler.
type OnRequestFunc func(session *Session) (req *http.Request, resp *http.Response)
// OnResponseFunc is a declaration of the Config.OnResponse handler.
type OnResponseFunc func(session *Session) (resp *http.Response)
// OnErrorFunc is a declaration of the Config.OnError handler.
type OnErrorFunc func(session *Session, err error)
// CanMITMFunc is a declaration of the Config.CanMITM handler.
type CanMITMFunc func(req *http.Request) bool
// AuthorizationFunc is a declartion of the Config.Authorize handler.
type AuthorizationFunc func(proxyAuthorization string) (username string, err error)
// Config is the configuration of the Proxy.
type Config struct {
// ListenAddr is the TCP address the proxy should listen to.
ListenAddr *net.TCPAddr
// TLSConfig is a *tls.Config to use for the HTTP over TLS proxy. If not set
// the proxy will work as a simple plain HTTP proxy.
TLSConfig *tls.Config
// MITMConfig defines the MITM configuration of the proxy. If it is not set
// MITM won't be enabled for this proxy instance.
MITMConfig *mitm.Config
// MITMExceptions is a list of hostnames for which MITM will be disabled.
MITMExceptions []string
// APIHost is a name of the gomitmproxy API hostname. If it is not set, the
// API won't be exposed via HTTP.
//
// Here are the methods exposed:
// 1. apihost/cert.crt - serves the authority cert if MITMConfig is
// configured.
APIHost string
// OnConnect is called when the proxy tries to open a new net.Conn. This
// function allows hijacking the remote connection and replacing it with a
// different one.
//
// 1. When the proxy handles the HTTP CONNECT.
// IMPORTANT: In this case we don't actually use the remote connections.
// It is only used to check if the remote endpoint is available.
// 2. When the proxy bypasses data from the client to the remote endpoint.
// For instance, it could happen when there's a WebSocket connection.
OnConnect OnConnectFunc
// OnRequest is called when the request has been just received, but has not
// been sent to the remote server.
//
// At this stage, it is possible to do the following things:
// 1. Modify or even replace the request.
// 2. Supply an HTTP response to be written to the client.
//
// Return nil instead of *http.Request or *http.Response to keep the
// original request / response.
//
// Note that even if you supply your own HTTP response here, the OnResponse
// handler will be called anyway!
OnRequest OnRequestFunc
// OnResponse is called when the response has been just received, but has
// not been sent to the local client. At this stage you can either keep the
// original response, or you can replace it with a new one.
OnResponse OnResponseFunc
// OnError is called if there's an issue with retrieving the response from
// the remote server.
OnError OnErrorFunc
// CanMITMFunc is called to check if the CONNECT request should me MITM'd.
// If this is nil, it will be used the default implementation that checks
// for port 443 and MITMExceptions
CanMITM CanMITMFunc
// Authorize is called to check the Proxy-Authorization header
Authorize AuthorizationFunc
// SendEmptyClientCertificate determines whether an error will be returned
// or if an empty certificate will be sent if a TLS client certificate
// is requested by the server
SendEmptyClientCertificate bool
}