Go 實現HTTP中間人代理
阿新 • • 發佈:2019-02-01
goproxy
Go HTTP(S)代理庫, 支援中間人代理解密HTTPS
安裝
go get github.com/ouqiang/goproxy
使用
package main
import (
"net/http"
"time"
"github.com/ouqiang/goproxy"
)
func main() {
proxy := goproxy.New()
server := &http.Server{
Addr: ":8080",
Handler: proxy,
ReadTimeout: 1 * time.Minute,
WriteTimeout: 1 * time.Minute,
}
err := server.ListenAndServe()
if err != nil {
panic(err)
}
}
代理測試
curl -x localhost:8080 https://www.baidu.com
中間人代理, 解密HTTPS
系統需匯入根證書 mitm-proxy.crt
package main
import (
"crypto/tls"
"net/http"
"sync"
"time"
"github.com/ouqiang/goproxy"
)
// 實現證書快取介面
type Cache struct {
m sync.Map
}
func (c *Cache) Set(host string, cert *tls.Certificate) {
c.m.Store(host, cert)
}
func (c *Cache) Get(host string) *tls.Certificate {
v, ok := c.m.Load(host)
if !ok {
return nil
}
return v.(*tls.Certificate)
}
func main() {
proxy := goproxy.New(goproxy.WithDecryptHTTPS(&Cache{}))
server := &http.Server{
Addr: ":8080",
Handler: proxy,
ReadTimeout: 1 * time.Minute,
WriteTimeout: 1 * time.Minute,
}
err := server.ListenAndServe()
if err != nil {
panic(err)
}
}
事件處理
實現Delegate介面
type Delegate interface {
// Connect 收到客戶端連線
Connect(ctx *Context, rw http.ResponseWriter)
// Auth 代理身份認證
Auth(ctx *Context, rw http.ResponseWriter)
// BeforeRequest HTTP請求前 設定X-Forwarded-For, 修改Header、Body
BeforeRequest(ctx *Context)
// BeforeResponse 響應傳送到客戶端前, 修改Header、Body、Status Code
BeforeResponse(ctx *Context, resp *http.Response, err error)
// ParentProxy 上級代理
ParentProxy(*http.Request) (*url.URL, error)
// Finish 本次請求結束
Finish(ctx *Context)
// 記錄錯誤資訊
ErrorLog(err error)
}
type EventHandler struct{}
func (e *EventHandler) Connect(ctx *goproxy.Context, rw http.ResponseWriter) {
// 儲存的資料可以在後面的回撥方法中獲取
ctx.Data["req_id"] = "uuid"
// 禁止訪問某個域名
if strings.Contains(ctx.Req.URL.Host, "example.com") {
rw.WriteHeader(http.StatusForbidden)
ctx.Abort()
return
}
}
func (e *EventHandler) Auth(ctx *goproxy.Context, rw http.ResponseWriter) {
// 身份驗證
}
func (e *EventHandler) BeforeRequest(ctx *goproxy.Context) {
// 修改header
ctx.Req.Header.Add("X-Request-Id", ctx.Data["req_id"].(string))
// 設定X-Forwarded-For
if clientIP, _, err := net.SplitHostPort(ctx.Req.RemoteAddr); err == nil {
if prior, ok := ctx.Req.Header["X-Forwarded-For"]; ok {
clientIP = strings.Join(prior, ", ") + ", " + clientIP
}
ctx.Req.Header.Set("X-Forwarded-For", clientIP)
}
// 讀取Body
body, err := ioutil.ReadAll(ctx.Req.Body)
if err != nil {
// 錯誤處理
return
}
// Request.Body只能讀取一次, 讀取後必須再放回去
// Response.Body同理
ctx.Req.Body = ioutil.NopCloser(bytes.NewReader(body))
}
func (e *EventHandler) BeforeResponse(ctx *goproxy.Context, resp *http.Response, err error) {
if err != nil {
return
}
// 修改response
}
// 設定上級代理
func (e *EventHandler) ParentProxy(req *http.Request) (*url.URL, error) {
return url.Parse("http://localhost:1087")
}
func (e *EventHandler) Finish(ctx *goproxy.Context) {
fmt.Printf("請求結束 URL:%s\n", ctx.Req.URL)
}
// 記錄錯誤日誌
func (e *EventHandler) ErrorLog(err error) {
log.Println(err)
}
func main() {
proxy := goproxy.New(goproxy.WithDelegate(&EventHandler{}))
server := &http.Server{
Addr: ":8080",
Handler: proxy,
ReadTimeout: 1 * time.Minute,
WriteTimeout: 1 * time.Minute,
}
err := server.ListenAndServe()
if err != nil {
panic(err)
}
}