Closed xxxsen closed 1 year ago
It's been quite some time since I made any changes to this project.
Please give me a few hours, I'll do some refactoring and then we can discuss your PR.
Generally, it'd be better to start with an issue. I'd like to understand what goal you're trying to achieve. It seems that you want not just to decide whether a host should be mitmed or not, but also you want to have an option to completely take over the connection and avoid tunnelling it in some cases.
My usage scenario is to hijack web traffic and remove their TLS, then forward them to a proxy server for processing, which currently works fine for normal http(s) traffic, but if it's non-http traffic, such as ssh, If I don't take over the underlying connection, then according to the original code logic, a connection to the ssh server will be established, but we need to go through the proxy server to access the network normally, connect directly to the ssh server will be blocked.
You may want to ask why I don't directly implement a proxy server.
Haha, in our country, the network is censored, and currently they can identify TLS over TLS traffic, so I am trying to write a program to remove the underlying TLS(https), and then try to use the normal proxy server to handle the traffic that cannot be removed(like ssh).
It sounds as if you actually need to MITM the traffic and then pass the plain HTTP requests/responses through a regular HTTP proxy. Did I get it right?
Also, if I am right, why don't just use OnConnect
for that purpose?
https://github.com/AdguardTeam/gomitmproxy/blob/master/examples/mitm/main.go#L165
It sounds as if you actually need to MITM the traffic and then pass the plain HTTP requests/responses through a regular HTTP proxy. Did I get it right?
Also, if I am right, why don't just use
OnConnect
for that purpose? https://github.com/AdguardTeam/gomitmproxy/blob/master/examples/mitm/main.go#L165
yes, MITM the traffic and get the plain HTTP then pass them via a proxy server with my own TLS connection
Also, if I am right, why don't just use OnConnect for that purpose?
If the traffic can be MITM, the connection established through OnConnect will be closed, and the connection established at this time is meaningless and wasteful.
Here's what I am not getting. If the original request has been sent for an HTTPS resource, the proxy you're trying to re-route the traffic to will also require an HTTP CONNECT method in order to process that request.
If the traffic can be MITM, the connection established through OnConnect will be closed, and the connection established at this time is meaningless and wasteful.
You can return &proxyutil.NoopConn{}
there in this case.
The pseudo-code will be something like that:
OnConnect: func() {
return &proxyutil.NoopConn{}
}
OnRequest: onRequest(session *gomitmproxy.Session) (*http.Request, *http.Response) {
req := session.Request()
proxyUrl, err := url.Parse("http://proxyIp:proxyPort")
client := &http.Client{Transport: &http.Transport{Proxy: http.ProxyURL(proxyUrl)}}
resp, err := client.Do(req)
return req, resp
}
Here's what I am not getting. If the original request has been sent for an HTTPS resource, the proxy you're trying to re-route the traffic to will also require an HTTP CONNECT method in order to process that request.
If the traffic can be MITM, the connection established through OnConnect will be closed, and the connection established at this time is meaningless and wasteful.
You can return
&proxyutil.NoopConn{}
there in this case.The pseudo-code will be something like that:
OnConnect: func() { return &proxyutil.NoopConn{} } OnRequest: onRequest(session *gomitmproxy.Session) (*http.Request, *http.Response) { req := session.Request() proxyUrl, err := url.Parse("http://proxyIp:proxyPort") client := &http.Client{Transport: &http.Transport{Proxy: http.ProxyURL(proxyUrl)}} resp, err := client.Do(req) return req, resp }
Here's what I am not getting. If the original request has been sent for an HTTPS resource, the proxy you're trying to re-route the traffic to will also require an HTTP CONNECT method in order to process that request.
no, proxy server what i metioned is not a regular http/socks proxy, we dont need using connect
to proxy request.
like v2ray
, they have their own proxy protocol
You can return &proxyutil.NoopConn{} there in this case.
in this case, how can i proxy ssh traffic?