search

monkeyWie / proxyee

HTTP proxy server,support HTTPS&websocket.MITM impl,intercept and tamper HTTPS traffic.
MIT License
1.5k stars 566 forks source link

Hi team, request help for accessing proxyee. #290

Open Gemini-NX opened 7 months ago

Gemini-NX commented 7 months ago

In my mind, there are two VPS A and B in same VPC, then I will add a top route rule for this VPC 0.0.0.0/0 -> B. This means all the traffic from VPS A will be lead to B. And I will start a proxyee service in VPS B. Also, I will config iptables on VPS B by command below:

sudo iptables -t nat -A PREROUTING -s 192.168.0.0/24 -p tcp --dport 443 -j REDIRECT --to-port 80
sudo iptables -t nat -A PREROUTING -s 192.168.0.0/24 -p tcp --dport 80 -j REDIRECT --to-port 80

Then all the traffic from VPS A will go through netty proxyee. I have already installed the certificate on VPS A.

I hope to use this way to hide proxy to client.

I tried two ways by sending request from VPS A. First: curl -x proxyeeIp:port https://www.google.com. In this way, everything works well, with -v option, I can see the certificate is using correctly. But it needs me explicitly config proxy.

Second: curl https://www.google.com. In this way, this traffic will be lead to proxyee based on route table and iptables configuraiton, but I will got error like below:

11:16:26.614 [nioEventLoopGroup-4-1] INFO proxyee.handler.HttpProxyServerHandler -- channelRead: /bad-request
11:16:26.615 [nioEventLoopGroup-4-1] INFO proxyee.util.ProtoUtil -- uri: /bad-request
DefaultFullHttpRequest(decodeResult: failure(java.lang.IllegalArgumentException: invalid version format: ˜HÍÞŸ,Þ¨ÞÉʏÅÃÄKXGAŏ {EQGSSÌ�~<GÞ[2¸’Ü[#Ž¢’ŠÕƒU|>À,À0ŸÌ©Ì¨ÌªÀ+À/žÀ$À(KÀ#À'GÀ), version: HTTP/1.0, content: UnpooledByteBufAllocator$InstrumentedUnpooledUnsafeHeapByteBuf(ridx: 0, widx: 0, cap: 0))

Sometimes the error message is netty exception about invalid version format. I tried to debug and I found the invalid message comes from io.netty.handler.codec.http.HttpObjectDecoder.splitInitialLine(ByteBuf asciiBuffer). I check this method's responsibility by debugging the First way. This method will format bytes to string which will contains uri, http method and etc. I don't understand why this error happens on Second way. If it's related to SSL certificate, the first way shouldn't success.

Could someone help? Thanks a lot!

monkeyWie commented 7 months ago

I know what you mean, but unfortunately proxyee not support transparent mode currently, it only follow standard HTTP proxy.

Gemini-NX commented 7 months ago

Thanks, if I want to add code to support transparent mode? Shall I get some suggestions of how to do?

monkeyWie commented 7 months ago

Transparent mode has no handshake step, so I think the packet should be entry here directly, you can add a transparent flag on HttpProxyServerConfig, if it set true then skip handshake.

Looking forward to the results of your test, and can contribute to the project if it works!

Gemini-NX commented 7 months ago

Thanks a lot! I suddenly found an error in my description. I'm sure I need use VPC route and iptables PREROUTING to redirect traffic to proxyee. Next, I do need forward request to 3rd parties' proxy which is in public net. In this way, is .proxyConfig(proxyConfig) what I need?

monkeyWie commented 7 months ago

Yes, that's right.