search

alibaba / anyproxy

A fully configurable http/https proxy in NodeJS
http://anyproxy.io
Apache License 2.0
7.75k stars 1.21k forks source link

Anyproxy 的 requestBody 和 downloadBody 提供了一个错误的数据 #613

Open LittleYang0531 opened 9 months ago

LittleYang0531 commented 9 months ago

如题所示,Anyproxy 的 requestBody 和 downloadBody 提供了一个错误的数据

Which platform are you running AnyProxy

Ubuntu LTS 20.04 arm64 (使用 termux 运行在 Android 12 上)

The version of the AnyProxy

4.1.3

Your expected behavior of AnyProxy

requestBody 应该提供正确的数据,错误原因大致与下面的类似。

downloadBody 接口应该提供正确的二进制数据,如图:

image

The actual behavior of AnyProxy

anyproxy 提供了一个错误的数据,如图:

image

与原数据的差异为 anyproxy 提供的数据里包含了很多的 EF BF BD,猜测应该是接口检测到非 ascii 数据自动将其转换为了 EF BF BD

The log of the error

[AnyProxy Log][2023-09-17 00:59:19]: received https CONNECT request ag-api.wds-stellarium.com
[AnyProxy Log][2023-09-17 00:59:19]: will forward to local https server
[AnyProxy Log][2023-09-17 00:59:19]: [internal https]proxy server for ag-api.wds-stellarium.com established
[AnyProxy Log][2023-09-17 00:59:19]: received request to: GET ag-api.wds-stellarium.com//ag-api.wds-stellarium.com/api/data/user
https://ag-api.wds-stellarium.com/api/data/user
Hacked!
{
  url:'https://ag-api.wds-stellarium.com/api/data/user',
  requestOptions:{
    hostname:'ag-api.wds-stellarium.com',
    port:443,
    path:'/api/data/user',
    method:'GET',
    headers:{
      'Content-Type':'application/vnd.msgpack',
      Accept:'application/vnd.msgpack',
      'X-Platform':'google-play',
      Authorization:'Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1aWQiOiIyMDg4MjgzIiwibGMiOiIyNTYiLCJwZiI6Ikdvb2dsZVBsYXkiLCJndiI6Ikdvb2dsZVBsYXkiLCJsZCI6IjA5LzE2LzIwMjMgMDU6MDA6MDAiLCJuYmYiOjE2OTQ4ODEyNTMsImV4cCI6MTY5NDk2NzY1MywiaWF0IjoxNjk0ODgxMjUzLCJpc3MiOiJzaXJpdXMua21zMy5jb20iLCJhdWQiOiJzaXJpdXMifQ.rtj8J26G2BHCow-YNmAsh4p9Z65RFtnBKer8472f4-Q',
      'X-MasterData-Version':'1694772159_1694772159',
      'X-FM':'0',
      Host:'ag-api.wds-stellarium.com',
      'Accept-Encoding':'gzip,identity',
      Connection:'Keep-Alive,TE',
      'Keep-Alive':'timeout=21',
      TE:'identity',
      'User-Agent':'BestHTTP/2v2.8.5',
      'Content-Length':'13',
      Cookie:'ApplicationGatewayAffinityCORS=c52c784d19fcf9ba400d7df8213486d0;ApplicationGatewayAffinity=c52c784d19fcf9ba400d7df8213486d0'
    }
  },
  protocol:'https'
}
timerlau commented 5 months ago

Is there anyone else maintaining this project now?