Enable mitm for HTTP/2 - Githubissues

saucelabs / forwarder

Forwarder is a production-ready, fast MITM proxy with PAC support. It's suitable for debugging, intercepting and manipulating HTTP traffic. It's used as a core component of Sauce Labs Sauce Connect Proxy.

https://forwarder-proxy.io

Mozilla Public License 2.0

221 stars 13 forks source link

Enable mitm for HTTP/2 #333

Open mmatczuk opened 1 year ago

mmatczuk commented 1 year ago

This is a followup to #145.

Enabling http/2 MITM requires changes in Martian h2 to allow insecure mode. At the moment it allows only to specify RootCAs.

It's NOT supported in Squid https://wiki.squid-cache.org/Features/HTTP2.

mmatczuk commented 10 months ago

What we have is a frame relay. It's good to have it, there are some tools to dump h2c frames see this CF article. We could do something more in this domain.

The drawback, however, is that HTTP/2 MITMed request are not part of proxy logging/monitoring/manipulation. I guess that using the handler implementation with http2.Server on this connection could bridge this gap.