Support forward (browser) proxying to an HTTPS target #401
Comments
|
You might look for some implementation hints in these two projects that claim to do this - both Java and Apache-licensed: https://github.com/jamesdbloom/mockserver |
|
Thanks for the tip. I had a little dig around already in mockserver, but couldn't find anything obviously useful. I hadn't encountered the other one before so I'll definitely take a look. |
|
Yesterday, I found a couple of more projects: Zed Attack Proxy (Java and Apache-licensed) mitmproxy (Python and Apache-licensed) |
|
Again, thanks for the pointers. LittleProxy and MockServer are both Netty based, and it looks like this does the heavy lifting. Unfortunately, I think taking advantage of that would mean a wholesale shift of WireMock onto Netty, which would be a big job. |
|
@tomakehurst I am trying to use standalone wiremock (version 2.1.7) to record requests/responses to a service using HTTPS. I am currently getting a "SunCertPathBuilderException: unable to find valid certification path..." exception. Given what you have said on this issue, are you saying it is currently not possible to proxy a HTTPS request? |
|
No, the issue on this thread is with forward proxying. When you're recording with WireMock (assuming you're following the docs and using I suggest you post your code, setup and full console output to the mailing list for some help. |
|
I struggled a lot before finding that forward proxying does not work with https. It would be great to have this feature, or at least somewhere in the docs pointing that this is not supported yet (proxy section?). For my use case, I'm trying to spin up a chrome window proxying everything to wiremock. It works locally (http://localhost) but not with the deployed version of my app (https). The second would be essential to stub things for exploratory tests. I'm curious if people have experienced a similar problem and could work around this wiremock limitation. Besides that, the proxy feature is fantastic, I'm really excited to see it working with https too. |
|
Yeah, it'd be great to have this. Unfortunately it's tricky to implement. One contributor has already tried it and couldn't get it working, so it's going take some effort. I'll update the docs when I get the chance to indicate it's not supported in the meantime. |
|
@selangley @tomakehurst i dont think mockserver can do it (at least not without installing a cert in your JDK). I have used MITM LittleProxy before in a previous project before (to log outgoing requests) and i believe it can be done with it :) |
|
Is forward proxy allowed now in the latest version of wiremock?? |
|
@vaghelmt not over HTTPS yet unfortunately |
|
@tomakehurst , I not sure if you guys happen to plan something for this? |
Currently, it's not possible to forward proxy onto an HTTPS site with WireMock, since HTTPS proxying is done via the HTTP CONNECT method, which essentially makes the proxy act as a TCP proxy. The reason this is necessary is that the stream can be simply forwarded to the destination IP without being decrypted, meaning it can be done securely (the proxy isn't effectively a man-in-the-middle attack).
I believe it might be possible to work around this, with the caveat that the caller would still have to either trust a self-signed cert, or ignore the cert entirely. If WireMock, on receipt of the CONNECT call, forwarded the stream to its own HTTPS port rather than to the actual destination, it could then handle it as normal, albeit serving a different SSL cert to the one on the destination server.
The text was updated successfully, but these errors were encountered: