New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
https proxy example please #192
Comments
Suppose tracking https requests is impossible (or too difficult), then my next question is how to output those "Tunnel to" requests from goproxy-httpdump? I.e., each https request is lead by a normal HTTP request of type "Tunnel to", which has the following headers:
I need to dump those requests as well from goproxy-httpdump. Thanks |
[https://github.com/elazarl/goproxy/blob/master/examples/goproxy-transparent/transparent.go] |
What about this example: |
The problem is that I found |
I've built a simple HTTPS logging proxy on top of goproxy, at https://github.com/fredcy/proxy |
I guess if you add this to your main function, it should work. It will do man-in-the-middle attacks against HTTPS. proxy.OnRequest(goproxy.ReqHostMatches(regexp.MustCompile("^.*:443$"))).
HandleConnectFunc(func(host string, ctx *goproxy.ProxyCtx) (*goproxy.ConnectAction, string) {
return goproxy.MitmConnect, host
}) |
That's pretty much what I do in my logging proxy. |
This, in deed, is doing man-in-the-middle attacks against HTTPS, which is not allowed by default. The fiddler circumvents it by installing its own Root Certificate into the system (on Windows), @fredcy, how did you solve the problem? Thx. |
I imported the CA certificate embedded in goproxy into the Keystore on my MacOS client and marked it as trusted. With that done my Mac client uses the proxy without any complaints or warnings about cert problems. The needed certificate is contained in the certs.go file. At the time of writing it's here: Lines 24 to 57 in 4327d5f
I think the ca.pem file is supposed to be exactly that cert but it's out of date. I opened #216 about that. |
You are correct. CA.pem out of date.
Mind sending a PR to fix that?
…On Thu, Apr 13, 2017, 5:15 PM Fred Yankowski ***@***.***> wrote:
I imported the CA certificate embedded in goproxy into the Keystore on my
MacOS client and marked it as trusted. With that done my Mac client uses
the proxy without any complaints or warnings about cert problems.
The needed certificate is contained in the certs.go file. At the time of
writing it's here:
https://github.com/elazarl/goproxy/blob/4327d5f85a6da046b9b4818382a3e51f795a249b/certs.go#L24-L57
I think the ca.pem file is supposed to be exactly that cert but it's out
of date. I opened #216 <#216>
about that.
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#192 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AAP4ogwo-heMiAv0svNPntYOOOb9dAPcks5rvi3mgaJpZM4KUFEf>
.
|
OK. #218 |
I spent time working on something else, but |
I'm trying to learn to use
goproxy
through the example https://github.com/elazarl/goproxy/tree/master/examples/goproxy-httpdump.I found that it can only handle http requests, not https'. Could you provide an example that can handle https requests please? (As almost all web servers are moving away from http to https now, e.g., github, wikipedia, wordpress, etc).
PS, by "handle https requests" I meant that none of the https requests are dumped by the current goproxy-httpdump program.
Thanks
The text was updated successfully, but these errors were encountered: