Skip to content

mikluko/multiproxy

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

37 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

multiproxy

multiproxy is an extensible and performant HTTP proxy implemented in Go.

Go Reference Go Report Card Go Cover License

Requirements

  • Go v1.15 (not tested, but should work with >1.11)

Installation

go install -u github.com/akabos/multiproxy/cmd 

Usage

multiproxy 

Running pre-built docker image:

docker run -rm -p 8080:8080 akabos/multiproxy

Making a request over the proxy:

curl -x http://127.0.0.1:8080 http://example.com

HTTPS

The proxy has two methods for handling CONNECT request. The default one is tunneling which is cryptographically consistent and used by default for all CONNECT requests. The downside of that handler is that proxy have to operate at TCP level and have no control over requests or responses passing through the proxy.

The other one is Man-in-the-Middle or MITM handler which basically implements Man-in-the-Middle attack. With this handler the proxy have full control over requests and responses. The downside is that client software have to be explicitly instructed to abandon attempts to verify server certificates.

Running the server in MITM mode:

mutiproxy -mitm '*'

Making a request over the proxy in MITM mode:

curl -k -x http://127.0.0.1:8080 https://example.com

It is possible to run proxy in the mixed mode. E.g. handling some domains with MITM and others with tunneling:

mutiproxy -mitm '.example.com,example.net' -tunnel '*'

In the example above example.com, all it's subdomains and example.net would be served by MITM and all the other hostnames with tunneling.

Proxy headers

According to RFC 2616, the Via general-header field MUST be used by gateways and proxies to indicate the intermediate protocols and recipients between the user agent and the server on requests, and between the origin server and the client on responses. By default, multiproxy obeys that requirement and adds an aforementioned header to each request, including those intercepted from CONNECT sessions. It also appends client IP to X-Forwarded-For header which is not defined by any RFC but is well known.

If that is not what you want, you have to explicitly disable that behaviour:

multiproxy -novia -noxforwardedfor

Goals

  • performance
  • extensibility
  • RFC compliance

Non-goals

  • GUI
  • transparent HTTPS proxying capabilities

TODO

  • Examples
  • Better test coverage

About

No description, website, or topics provided.

Resources

License

Stars

Watchers

Forks

Packages

No packages published