All geek questions in one place

How to write a simple HTTPS proxy in Ruby?

I saw several examples of writing an HTTP proxy in Ruby, for example. this is a Torsten Becker fact , but how can I extend it to handle HTTPS, since itโ€™s a man in the middle proxy?

I am looking for a simple source code structure that I can extend for my own logging and testing tasks.

Update

I already use Charles, an excellent HTTPS proxy application similar to Fiddler, and this is essentially what I want, except that it is packaged in the application. I want to write on my own because I have special needs for filtering and presentation.

update II

Having climbed out, I understand the terminology a little better. I AM NOT AFTER A FULL USER OF SSL. Instead, it will run locally on my machine, and I can honor any SSL certificate that it offers. However, I need to see the decrypted contents of the packets of my requests and the decrypted contents of the responses.

+6
source share
4 answers

For reference only, a regular HTTP proxy handles HTTPS requests using the CONNECT method: it reads the host name and port, establishes a TCP connection to this destination server on this port, returns 200 OK , and then simply tunnels that TCP connection to the original client (the fact that SSL / TLS is exchanging over this TCP connection is hardly appropriate).

This is the do_CONNECT method if WEBrick::HTTPProxyServer .

If you need a MITM proxy, i.e. if you want to view SSL / TLS traffic, you can use WEBrick::HTTPProxyServer , but you will need to change do_CONNECT completely :

  • First, your proxy server needs to implement a mini-CA that can generate certificates on the fly (otherwise, you can use self-signed certificates if you want to bypass warnings in the browser). Then you import this CA certificate into the browser.
  • When you receive a CONNECT request, you need to create a certificate valid for this host name (preferably with the name Suject Alt. For this host name or common subject name), and also update the socket in the SSL / TLS server socket (using this certificate). If the browser agrees to trust this certificate, then what you get from it in this SSL / TLS socket is plain text traffic.
  • Then you have to process the requests (get the query string, headers and entity) and use it for use through the regular HTTPS client library. You may be able to send this traffic to the second instance of WEBrick::HTTPProxyServer , but you will need to configure it to perform outgoing HTTPS requests instead of simple HTTP requests.
+6
source

This blog is not a way to write proxies. It is very simple: you just accept the connection, read one line that tells you what to connect with, try an upstream connection if it fails to send the corresponding response and close the socket, otherwise just start copying bytes in both directions at the same time EOS occurred in both directions . The only difference that HTTPS makes is: you have to say SSL instead of plain text.

0
source

in my experience, HTTPS is nowhere near "simple." Do you need a proxy server to catch traffic from your own machine? There are several applications, such as Fiddler . Or google for alternatives. Comes with everything you need to debug web traffic.

0
source

Webrick can ssl proxy:

 require 'webrick' require 'webrick/httpproxy' WEBrick::HTTPProxyServer.new(:Port => 8080).start
0
source

Source: https://habr.com/ru/post/924131/

More articles:


All Articles