-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Mitm'ed HTTPS responses are not automatically deflated #9
Comments
Can you provide a short snippet of code to reproduce? On Tue, Jun 25, 2013 at 4:48 AM, Godfrey Chan notifications@github.comwrote:
|
Here you go: package main
import (
"fmt"
"github.com/elazarl/goproxy"
"github.com/elazarl/goproxy/ext/html"
"net/http"
"strings"
)
func main() {
proxy := goproxy.NewProxyHttpServer()
proxy.OnRequest(goproxy.ReqHostIs("www.ietf.org:443")).HandleConnect(goproxy.AlwaysMitm)
proxy.OnResponse(goproxy.DstHostIs("www.ietf.org")).Do(goproxy_html.HandleString(func(s string, ctx *goproxy.ProxyCtx) string {
fmt.Printf("[HTTP] First line of body: '%s'\n", strings.SplitN(s, "\n", 2)[0])
return s
}))
proxy.OnResponse(goproxy.DstHostIs("www.ietf.org:443")).Do(goproxy_html.HandleString(func(s string, ctx *goproxy.ProxyCtx) string {
fmt.Printf("[HTTPS] First line of body: '%s'\n", strings.SplitN(s, "\n", 2)[0])
return s
}))
panic(http.ListenAndServe(":8080", proxy))
} Result:
But if I turn off GZip: package main
import (
"fmt"
"github.com/elazarl/goproxy"
"github.com/elazarl/goproxy/ext/html"
"net/http"
"regexp"
"strings"
)
func main() {
proxy := goproxy.NewProxyHttpServer()
proxy.OnRequest(goproxy.ReqHostIs("www.ietf.org:443")).HandleConnect(goproxy.AlwaysMitm)
proxy.OnRequest(goproxy.UrlMatches(regexp.MustCompile(".*"))).DoFunc(func(r *http.Request, ctx *goproxy.ProxyCtx) (*http.Request, *http.Response) {
r.Header.Del("Accept-Encoding")
return r, nil
})
proxy.OnResponse(goproxy.DstHostIs("www.ietf.org")).Do(goproxy_html.HandleString(func(s string, ctx *goproxy.ProxyCtx) string {
fmt.Printf("[HTTP] First line of body: '%s'\n", strings.SplitN(s, "\n", 2)[0])
return s
}))
proxy.OnResponse(goproxy.DstHostIs("www.ietf.org:443")).Do(goproxy_html.HandleString(func(s string, ctx *goproxy.ProxyCtx) string {
fmt.Printf("[HTTPS] First line of body: '%s'\n", strings.SplitN(s, "\n", 2)[0])
return s
}))
panic(http.ListenAndServe(":8080", proxy))
}
|
Also, this doesn't work as expected: proxy.OnRequest(goproxy.ReqHostIs("www.ietf.org:443")).HandleConnect(goproxy.AlwaysMitm)
proxy.OnRequest(goproxy.ReqHostIs("www.ietf.org:443")).DoFunc(func(r *http.Request, ctx *goproxy.ProxyCtx) (*http.Request, *http.Response) {
// This never gets called
return r, nil
})
proxy.OnRequest(goproxy.UrlMatches(regexp.MustCompile(".*"))).DoFunc(func(r *http.Request, ctx *goproxy.ProxyCtx) (*http.Request, *http.Response) {
// This is the only thing that I could get to work
return r, nil
}) |
There seems to be some other problems with HTTPS. When I return a different string in I hope this will ring some bells, but if not I can investigate further tomorrow and open a new issue for that. |
There're still problems with Content-Length. I'm not well right now, so it might take a day or two to solve completely. |
Let me know if it works for you. I don't like the current solution, as it costs for every MITM'd requests, even if unmodified, but it should be at least correct. PS, Thanks a lot for reporting this bugs. These bugs are so stupid it's really embarrassing not to notice them. Keep reporting issues. |
goproxy-v1.1: smokescreen compatibility fixes
I'm trying to get the HTTPS MITM to work, and it looks like HTTPS responses are not automatically deflated before they are handed to the handlers.
The text was updated successfully, but these errors were encountered: