Code Monkey home page Code Monkey logo

proxyee's Introduction

Proxyee

maven license

English | 中文

Introduction

Proxyee is a JAVA written HTTP proxy server library that supports HTTP, HTTPS, Websocket protocols, and supports MIMT (Man-in-the-middle), which can capture and tamper with HTTP, HTTPS packet.

Usage

<dependency>
    <groupId>com.github.monkeywie</groupId>
    <artifactId>proxyee</artifactId>
    <version>1.2.4</version>
</dependency>

Demo

  • Normal HTTP proxy
new HttpProxyServer().start(9999);
  • MIMT HTTP proxy

The following is a demonstration of a MIMT attack that modifies the response header and response body when visiting the Baidu homepage, as shown in the figure below:

20200724152245

Code:

HttpProxyServerConfig config =  new HttpProxyServerConfig();
//enable HTTPS support
//If not enabled, HTTPS will not be intercepted, but forwarded directly to the raw packet.
config.setHandleSsl(true);
new HttpProxyServer()
    .serverConfig(config)
    .proxyInterceptInitializer(new HttpProxyInterceptInitializer() {
      @Override
      public void init(HttpProxyInterceptPipeline pipeline) {
        pipeline.addLast(new FullResponseIntercept() {

          @Override
          public boolean match(HttpRequest httpRequest, HttpResponse httpResponse, HttpProxyInterceptPipeline pipeline) {
            //Insert js when matching to Baidu homepage
            return HttpUtil.checkUrl(pipeline.getHttpRequest(), "^www.baidu.com$")
                && isHtml(httpRequest, httpResponse);
          }

          @Override
          public void handelResponse(HttpRequest httpRequest, FullHttpResponse httpResponse, HttpProxyInterceptPipeline pipeline) {
            //Print raw packet
            System.out.println(httpResponse.toString());
            System.out.println(httpResponse.content().toString(Charset.defaultCharset()));
            //Edit response header and response body
            httpResponse.headers().set("handel", "edit head");
            httpResponse.content().writeBytes("<script>alert('hello proxyee')</script>".getBytes());
          }
        });
      }
    })
    .start(9999);

Note: When https support is enabled, you need to install the CA certificate (src/resources/ca.crt) to a trusted root certificate authority.

More demo code can be found in the test package.

HTTPS support

The CA certificate (src/resources/ca.crt) from the project needs to be imported to a trusted root certificate authority. You can use the CertDownIntercept interceptor to enable the web certificate download feature, visit http://serverIP:serverPort to access.

Note 1: If the certificate installation on Android phones pops up the password stored in your credentials, just enter the lock screen password.

Note 2: Android 7 and above, the system no longer trusts user-installed certificates, you need to root and use the cat ca.crt > $(openssl x509 -inform PEM -subject_hash_old -in ca.crt | head -1).0 command generates the d1488b25.0 file, and then moves the file to the /system/etc/security/cacerts/ And give 644 access.

Note 3: In Android 7 and above, even if you add the certificate to the system certificate, this certificate does not work in chrome. The reason is that chrome will only trust certificates with validity less than 27 months from 2018 (https://www.entrustdatacard.com/blog/2018/february/chrome-requires-ct-after-april-2018). So you need to generate the certificate file yourself.

Custom CA

Since the root certificate and private key attached to the project are public, they are only suitable for local development and debugging, please generate your own root certificate and private key when using in the official environment, otherwise there will be risks.

  • running the main method of thecom.github.monkeywie.proxyee.crt.CertUtil class

  • use openssl

openssl genrsa -out ca.key 2048
openssl rsa -in ca.key -out ca_private.der -outform der
openssl req -sha256 -new -x509 -days 365 -key ca.key -out ca.crt \
    -subj "/C=CN/ST=GD/L=SZ/O=lee/OU=study/CN=testRoot"

Copy ca.crt and ca_private.der to the project src/resources/ after generation, or implement the HttpProxyCACertFactory interface to custom load the root certificate and private key.

Pre-proxy support

Pre-proxy can be set,support http,socks4,socks5 protocol.

new HttpProxyServer()
    .proxyConfig(new ProxyConfig(ProxyType.SOCKS5, "127.0.0.1", 1085))
    .start(9999);

Flow

SSL handshake SSL握手

HTTP communication

HTTP通讯

How it works

Thanks

intellij-idea

proxyee's People

Contributors

dependabot[bot] avatar lamgc avatar monkeywie avatar zerorooot avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.