(client net.Conn, host string)
| 92 | var mitmSessionCounter int64 |
| 93 | |
| 94 | func (proxy *ProxyClient) manInTheMiddle(client net.Conn, host string) { |
| 95 | _host, _ := splitHostPort(host) |
| 96 | // try self signing a cert of this host |
| 97 | cert := proxy.sign(_host) |
| 98 | if cert == nil { |
| 99 | return |
| 100 | } |
| 101 | |
| 102 | client.Write(okHTTP) |
| 103 | |
| 104 | go func() { |
| 105 | |
| 106 | counter := atomic.AddInt64(&mitmSessionCounter, 1) |
| 107 | |
| 108 | tlsClient := tls.Server(client, &tls.Config{ |
| 109 | InsecureSkipVerify: true, |
| 110 | Certificates: []tls.Certificate{*cert}, |
| 111 | }) |
| 112 | |
| 113 | if err := tlsClient.Handshake(); err != nil { |
| 114 | proxy.Logger.E("MITM", "Handshake", host, err) |
| 115 | return |
| 116 | } |
| 117 | |
| 118 | bufTLSClient := bufio.NewReader(tlsClient) |
| 119 | |
| 120 | for { |
| 121 | proxy.Cipher.IO.markActive(tlsClient, 0) |
| 122 | |
| 123 | var err error |
| 124 | var rURL string |
| 125 | var buf []byte |
| 126 | if buf, err = bufTLSClient.Peek(3); err == io.EOF || len(buf) != 3 { |
| 127 | break |
| 128 | } |
| 129 | |
| 130 | req, err := http.ReadRequest(bufTLSClient) |
| 131 | if err != nil { |
| 132 | if !isClosedConnErr(err) && buf[0] != ')' { |
| 133 | proxy.Logger.E("MITM", "Can't read request", err) |
| 134 | } |
| 135 | break |
| 136 | } |
| 137 | |
| 138 | if proxy.MITMDump != nil { |
| 139 | buf, _ := httputil.DumpRequest(req, false) |
| 140 | |
| 141 | var b buffer |
| 142 | b.WriteString(fmt.Sprintf("# %s <<<<<< request %d >>>>>>\n", timeStampMilli(), counter)) |
| 143 | b.Write(buf) |
| 144 | |
| 145 | proxy.MITMDump.Write(b.Bytes()) |
| 146 | } |
| 147 | |
| 148 | rURL = req.URL.Host |
| 149 | req.Header.Del("Proxy-Authorization") |
| 150 | req.Header.Del("Proxy-Connection") |
| 151 |
no test coverage detected