Class: EvilProxy::MITMProxyServer

Inherits:

HTTPProxyServer

Object
WEBrick::HTTPProxyServer
HTTPProxyServer
EvilProxy::MITMProxyServer

show all

Defined in:: lib/evil-proxy/mitmproxy.rb

Constant Summary

Constants inherited from HTTPProxyServer

HTTPProxyServer::DEFAULT_CALLBACKS, HTTPProxyServer::VALID_CALBACKS

Instance Attribute Summary

Attributes inherited from HTTPProxyServer

#callbacks

Instance Method Summary collapse

#ca ⇒ Object
#create_self_signed_cert(host) ⇒ Object
#do_CONNECT(req, res) ⇒ Object
#do_MITM(req, res) ⇒ Object
#initialize(config) ⇒ MITMProxyServer constructor

A new instance of MITMProxyServer.
#retry_start_agent_server(config) ⇒ Object
#start_mitm_server(unparsed_uri, host, port) ⇒ Object

Methods inherited from HTTPProxyServer

#fire, #service, #start

Constructor Details

#initialize(config) ⇒ `MITMProxyServer`

Returns a new instance of MITMProxyServer.

# File 'lib/evil-proxy/mitmproxy.rb', line 7

def initialize config
  super
  @mitm_servers = {}
  @mitm_port = 4433
end

Instance Method Details

#ca ⇒ `Object`

# File 'lib/evil-proxy/mitmproxy.rb', line 13

def ca
  return @ca if @ca
  logger.info "Create CA"

  ca_config = {}
  ca_config[:hostname] = 'ca'
  ca_config[:domainname] = 'mitm.proxy'
  ca_config[:password] = 'password'
  ca_config[:CA_dir] ||= File.join(Dir.pwd, "certs/CA")

  ca_config[:keypair_file] ||= File.join ca_config[:CA_dir], "private/cakeypair.pem"
  ca_config[:cert_file] ||= File.join ca_config[:CA_dir], "cacert.pem"
  ca_config[:serial_file] ||= File.join ca_config[:CA_dir], "serial"
  ca_config[:new_certs_dir] ||= File.join ca_config[:CA_dir], "newcerts"
  ca_config[:new_keypair_dir] ||= File.join ca_config[:CA_dir], "private/keypair_backup"
  ca_config[:crl_dir] ||= File.join ca_config[:CA_dir], "crl"

  ca_config[:ca_cert_days] ||= 5 * 365 # five years
  ca_config[:ca_rsa_key_length] ||= 2048

  ca_config[:cert_days] ||= 365 # one year
  ca_config[:cert_key_length_min] ||= 1024
  ca_config[:cert_key_length_max] ||= 2048

  ca_config[:crl_file] ||= File.join ca_config[:crl_dir], "#{ca_config[:hostname]}.crl"
  ca_config[:crl_pem_file] ||= File.join ca_config[:crl_dir], "#{ca_config[:hostname]}.pem"
  ca_config[:crl_days] ||= 14

  if ca_config[:name].nil?
    ca_config[:name] = [
      ['C', 'US', OpenSSL::ASN1::PRINTABLESTRING],
      ['O', ca_config[:domainname], OpenSSL::ASN1::UTF8STRING],
      ['OU', ca_config[:hostname], OpenSSL::ASN1::UTF8STRING],
    ]
  end

  @ca = QuickCert.new ca_config
end

#create_self_signed_cert(host) ⇒ `Object`

# File 'lib/evil-proxy/mitmproxy.rb', line 52

def create_self_signed_cert host
  cn = [["C", "US"], ["O", host], ["CN", host]]
  comment = "Generated by Ruby/OpenSSL/MITMProxyServer"
  name = OpenSSL::X509::Name.new(cn)
  hostname = name.to_s.scan(/CN=([\w.]+)/)[0][0]

  logger.info "Create cert for #{hostname}"
  cert_config = { type: 'server', hostname: hostname }
  cert_file, cert, key = ca.create_cert(cert_config)

  return cert, key
end

#do_CONNECT(req, res) ⇒ `Object`

# File 'lib/evil-proxy/mitmproxy.rb', line 111

def do_CONNECT req, res
  do_MITM req, res
  super
end

#do_MITM(req, res) ⇒ `Object`

# File 'lib/evil-proxy/mitmproxy.rb', line 102

def do_MITM req, res
  unparsed_uri = req.unparsed_uri
  host, port = unparsed_uri.split(":")
  port ||= 443

  mitm_port = start_mitm_server unparsed_uri, host, port
  req.unparsed_uri = "127.0.0.1:#{mitm_port}"
end

#retry_start_agent_server(config) ⇒ `Object`

Raises:

(RuntimeError)

# File 'lib/evil-proxy/mitmproxy.rb', line 65

def retry_start_agent_server config
  mitm_server = nil
  10.times do
    begin
      # XXX: ask system for an unused port
      config = config.merge(Port: @mitm_port)
      mitm_server = EvilProxy::AgentProxyServer.new config
    rescue Errno::EADDRINUSE
    ensure
      @mitm_port += 1
      return mitm_server if mitm_server
    end
  end
  raise RuntimeError, "No avaliable port found, stop retrying"
end

#start_mitm_server(unparsed_uri, host, port) ⇒ `Object`

# File 'lib/evil-proxy/mitmproxy.rb', line 81

def start_mitm_server unparsed_uri, host, port
  if @mitm_servers[unparsed_uri]
    return @mitm_servers[unparsed_uri].config[:Port]
  else
    cert, key = create_self_signed_cert host
    agent_config = self.config.merge(
      MITMProxyServer: self,
      SSLEnable: true,
      SSLVerifyClient: OpenSSL::SSL::VERIFY_NONE,
      SSLCertificate: cert,
      SSLPrivateKey: key,
    )
    mitm_server = retry_start_agent_server agent_config

    @mitm_servers[unparsed_uri] = mitm_server

    Thread.new do mitm_server.start end
    return mitm_server.config[:Port]
  end
end

Class: EvilProxy::MITMProxyServer

Constant Summary

Constants inherited from HTTPProxyServer

Instance Attribute Summary

Attributes inherited from HTTPProxyServer

Instance Method Summary collapse

Methods inherited from HTTPProxyServer

Constructor Details

#initialize(config) ⇒ MITMProxyServer

Instance Method Details

#ca ⇒ Object

#create_self_signed_cert(host) ⇒ Object

#do_CONNECT(req, res) ⇒ Object

#do_MITM(req, res) ⇒ Object

#retry_start_agent_server(config) ⇒ Object

#start_mitm_server(unparsed_uri, host, port) ⇒ Object

#initialize(config) ⇒ `MITMProxyServer`

#ca ⇒ `Object`

#create_self_signed_cert(host) ⇒ `Object`

#do_CONNECT(req, res) ⇒ `Object`

#do_MITM(req, res) ⇒ `Object`

#retry_start_agent_server(config) ⇒ `Object`

#start_mitm_server(unparsed_uri, host, port) ⇒ `Object`