search

kiegroup / act-js

A node.js wrapper for nektos/act to programmatically run your github actions locally
Apache License 2.0
54 stars 9 forks source link

Mocking HTTPS requests even when a CONNECT request is sent #53

Open shubhbapna opened 1 year ago

shubhbapna commented 1 year ago

Feature request

Currently we are not able to mock HTTPS requests if the client sends a CONNECT request first. I do try to "fool" these clients by setting HTTPS_PROXY to a http location but it doesn't work for all clients, for example it doesn't work for curl but it works for axios

The issue with CONNECT request is that it tells the proxy to set up a TCP tunnel to the destination which is then secured by TLS. Since the tunnel is encrypted the proxy is not able to read the actual requests and is not able to mock it.

So for example:

  1. Client wants to make a request to https://google.com/ via the proxy running at http://localhost:3000/
  2. Client issues a CONNECT request to proxy. This request only contains the host ("google") and port ("443") and nothing else from the request
  3. Proxy sets up a tunnel between client and google
  4. Client initiates TLS handshake after which any data flowing through the tunnel in encrypted

One option to explore would be implementing a MITM proxy but the issue with that is getting the containers spun by act to accept the CA certs without having to manually force it.

shubhbapna commented 1 year ago

A library to explore for this - https://github.com/httptoolkit/mockttp