chhsiao90 / nitmproxy

Proxy server based on netty
MIT License
153 stars 68 forks source link
http http-proxy http2 netty proxy tls

Java CI

Netty in the Middle

An experimental proxy server based on netty. That want to show how fast the netty is, and how the API design of netty is pretty.

Start nitmproxy

> ./nitmproxy.sh --help
usage: nitmproxy [--cert <CERTIFICATE>] [--clientNoHttp2] [-h <HOST>] [-k]
       [--key <KEY>] [-m <MODE>] [-p <PORT>] [--serverNoHttp2]
    --cert <CERTIFICATE>   x509 certificate used by server(*.pem),
                           default: server.pem
 -h,--host <HOST>          listening host, default: 127.0.0.1
 -k,--insecure             not verify on server certificate
    --key <KEY>            key used by server(*.pem), default: key.pem
 -m,--mode <MODE>          proxy mode(HTTP, SOCKS, TRANSPARENT), default: HTTP
 -p,--port <PORT>          listening port, default: 8080

Features

Support Proxy

Support Protocol

Support Functionality

Development

Coding Style

We are using same coding style with netty, please follow the instructions from the netty#Setting up development environment to setup.

FAQ

Android

The built-in Conscrypt in the Android is not compatible with Netty. The easiest way to fix is to add Conscrypt manually.

Add conscrypt-android dependency

https://search.maven.org/artifact/org.conscrypt/conscrypt-android

Configure Conscrypt SSL provider

config.setSslProvider(Conscrypt.newProvider());

For a transparent proxy, how do I port forward HTTP/HTTPS requests?

Linux

sysctl -w net.ipv4.ip_forward=1
sysctl -w net.ipv6.conf.all.forwarding=1
sysctl -w net.ipv4.conf.all.send_redirects=0
iptables -t nat -A OUTPUT -p tcp --dport 80 -j DNAT --to-destination <transparent proxy ip>:<transparent proxy port>
iptables -t nat -A OUTPUT -p tcp --dport 443 -j DNAT --to-destination <transparent proxy ip>:<transparent proxy port>

See Linux documentation on how to persistent these changes across reboots.