MCPcopy
hub / github.com/coyove/goflyway / manInTheMiddle

Method manInTheMiddle

proxy/mitm.go:94–238  ·  view source on GitHub ↗
(client net.Conn, host string)

Source from the content-addressed store, hash-verified

92var mitmSessionCounter int64
93
94func (proxy *ProxyClient) manInTheMiddle(client net.Conn, host string) {
95 _host, _ := splitHostPort(host)
96 // try self signing a cert of this host
97 cert := proxy.sign(_host)
98 if cert == nil {
99 return
100 }
101
102 client.Write(okHTTP)
103
104 go func() {
105
106 counter := atomic.AddInt64(&mitmSessionCounter, 1)
107
108 tlsClient := tls.Server(client, &tls.Config{
109 InsecureSkipVerify: true,
110 Certificates: []tls.Certificate{*cert},
111 })
112
113 if err := tlsClient.Handshake(); err != nil {
114 proxy.Logger.E("MITM", "Handshake", host, err)
115 return
116 }
117
118 bufTLSClient := bufio.NewReader(tlsClient)
119
120 for {
121 proxy.Cipher.IO.markActive(tlsClient, 0)
122
123 var err error
124 var rURL string
125 var buf []byte
126 if buf, err = bufTLSClient.Peek(3); err == io.EOF || len(buf) != 3 {
127 break
128 }
129
130 req, err := http.ReadRequest(bufTLSClient)
131 if err != nil {
132 if !isClosedConnErr(err) && buf[0] != ')' {
133 proxy.Logger.E("MITM", "Can't read request", err)
134 }
135 break
136 }
137
138 if proxy.MITMDump != nil {
139 buf, _ := httputil.DumpRequest(req, false)
140
141 var b buffer
142 b.WriteString(fmt.Sprintf("# %s <<<<<< request %d >>>>>>\n", timeStampMilli(), counter))
143 b.Write(buf)
144
145 proxy.MITMDump.Write(b.Bytes())
146 }
147
148 rURL = req.URL.Host
149 req.Header.Del("Proxy-Authorization")
150 req.Header.Del("Proxy-Connection")
151

Callers 1

ServeHTTPMethod · 0.95

Calls 15

signMethod · 0.95
encryptRequestMethod · 0.95
WritesMethod · 0.95
RMethod · 0.95
splitHostPortFunction · 0.85
isClosedConnErrFunction · 0.85
timeStampMilliFunction · 0.85
copyHeadersFunction · 0.85
tryCloseFunction · 0.85
markActiveMethod · 0.80
StringMethod · 0.80
newRequestMethod · 0.80

Tested by

no test coverage detected