search

bouncestorage / chaos-http-proxy

Introduce failures into HTTP requests via a proxy server
Apache License 2.0
144 stars 12 forks source link

HTTPS support #1

Open kahing opened 9 years ago

kahing commented 9 years ago

it'd be good to have https support and induce chaos at the HTTPS layer

flandr commented 9 years ago

What about a MITM proxy server that terminates the TLS connection at chaos-http-proxy? It would also be nice to induce HTTP errors in HTTPS sessions.

Happy to contribute, as I have an ahem need for such a thing.

gaul commented 9 years ago

Please submit a pull request. I believe you can scoop all the needed logic out of S3Proxy.

flandr commented 9 years ago

Ok, but in the meanwhile let's disable CONNECT; the URL composition logic is misinterpreting the request-uri portion of that message & it's doomed to failure anyway.

https://github.com/bouncestorage/chaos-http-proxy/pull/9

gaul commented 3 years ago

Researching this some years later, I am not sure that any HTTPS clients will work in the MITM way that I had imagined and that would be useful to Chaos HTTP Proxy. Instead it seems that they use the CONNECT verb then pass encrypted traffic between client and server:

https://stackoverflow.com/a/36171547/2800111

Perhaps it is possible to inject a different SSL certificate as long as the client disables verification?

gaul commented 3 years ago

compy shows how to do this in Go.