Class: EvilProxy::MITMProxyServer

Inherits:
HTTPProxyServer
  • Object
show all
Defined in:
lib/evil-proxy/mitmproxy.rb

Constant Summary

Constants inherited from HTTPProxyServer

HTTPProxyServer::DEFAULT_CALLBACKS

Instance Attribute Summary

Attributes inherited from HTTPProxyServer

#callbacks

Instance Method Summary collapse

Methods inherited from HTTPProxyServer

define_callback_methods, #exit, #fire, #restart, #service, #start, #stop

Constructor Details

#initialize(config) ⇒ MITMProxyServer

Returns a new instance of MITMProxyServer.



7
8
9
10
11
12
 
# File 'lib/evil-proxy/mitmproxy.rb', line 7

def initialize config
  super
  @mitm_pattern = config[:MITMPattern]
  @mitm_servers = {}
  @mitm_port = 4433
end

Instance Method Details

#caObject 



14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
 
# File 'lib/evil-proxy/mitmproxy.rb', line 14

def ca
  return @ca if @ca
  logger.info "Create CA root cert"

  ca_config = {}
  ca_config[:hostname] = 'ca'
  ca_config[:domainname] = 'mitm.proxy'
  ca_config[:password] = 'password'
  ca_config[:CA_dir] ||= File.join(Dir.pwd, "certs/CA")

  ca_config[:keypair_file] ||= File.join ca_config[:CA_dir], "private/cakeypair.pem"
  ca_config[:cert_file] ||= File.join ca_config[:CA_dir], "cacert.pem"
  ca_config[:serial_file] ||= File.join ca_config[:CA_dir], "serial"
  ca_config[:new_certs_dir] ||= File.join ca_config[:CA_dir], "newcerts"
  ca_config[:new_keypair_dir] ||= File.join ca_config[:CA_dir], "private/keypair_backup"
  ca_config[:crl_dir] ||= File.join ca_config[:CA_dir], "crl"

  ca_config[:ca_cert_days] ||= 5 * 365 # five years
  ca_config[:ca_rsa_key_length] ||= 2048

  ca_config[:cert_days] ||= 365 # one year
  ca_config[:cert_key_length_min] ||= 1024
  ca_config[:cert_key_length_max] ||= 2048

  ca_config[:crl_file] ||= File.join ca_config[:crl_dir], "#{ca_config[:hostname]}.crl"
  ca_config[:crl_pem_file] ||= File.join ca_config[:crl_dir], "#{ca_config[:hostname]}.pem"
  ca_config[:crl_days] ||= 14

  if ca_config[:name].nil?
    ca_config[:name] = [
      ['C', 'US', OpenSSL::ASN1::PRINTABLESTRING],
      ['O', ca_config[:domainname], OpenSSL::ASN1::UTF8STRING],
      ['OU', ca_config[:hostname], OpenSSL::ASN1::UTF8STRING],
    ]
  end

  @ca = QuickCert.new ca_config
end

#create_self_signed_cert(host) ⇒ Object 



53
54
55
56
57
58
59
60
61
62
63
64
 
# File 'lib/evil-proxy/mitmproxy.rb', line 53

def create_self_signed_cert host
  cn = [["C", "US"], ["O", host], ["CN", host]]
  comment = "Generated by Ruby/OpenSSL/MITMProxyServer"
  name = OpenSSL::X509::Name.new(cn)
  hostname = name.to_s.scan(/CN=([\w.]+)/)[0][0]

  logger.info "Create cert for #{hostname}"
  cert_config = { type: 'server', hostname: hostname }
  cert_file, cert, key = ca.create_cert(cert_config)

  return cert, key
end

#do_CONNECT(req, res) ⇒ Object 



121
122
123
124
125
126
 
# File 'lib/evil-proxy/mitmproxy.rb', line 121

def do_CONNECT req, res
  if !@mitm_pattern || req.unparsed_uri =~ @mitm_pattern
    do_MITM req, res
  end
  super
end

#do_MITM(req, res) ⇒ Object 



109
110
111
112
113
114
115
116
117
118
119
 
# File 'lib/evil-proxy/mitmproxy.rb', line 109

def do_MITM req, res
  fire :before_mitm, req

  host, port = req.unparsed_uri.split(":")
  port ||= 443

  mitm_port = start_mitm_server host, port
  req.unparsed_uri = "127.0.0.1:#{mitm_port}"

  fire :after_mitm, req, res
end

#retry_start_agent_server(config) ⇒ Object

Raises:



66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
 
# File 'lib/evil-proxy/mitmproxy.rb', line 66

def retry_start_agent_server config
  mitm_server = nil
  10.times do
    begin
      # XXX: ask system for an unused port
      config = config.merge(Port: @mitm_port)
      mitm_server = EvilProxy::AgentProxyServer.new config
    rescue Errno::EADDRINUSE
    rescue Errno::EINVAL => e
      logger.error e.message
      return
    ensure
      @mitm_port += 1
      return mitm_server if mitm_server
    end
  end
  raise RuntimeError, "No avaliable port found, stop retrying"
end

#start_mitm_server(host, port) ⇒ Object 



85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
 
# File 'lib/evil-proxy/mitmproxy.rb', line 85

def start_mitm_server host, port
  if @mitm_servers[host]
    return @mitm_servers[host].config[:Port]
  else
    cert, key = create_self_signed_cert host
    agent_config = self.config.merge(
      MITMProxyServer: self,
      SSLEnable: true,
      SSLVerifyClient: OpenSSL::SSL::VERIFY_NONE,
      SSLCertificate: cert,
      SSLPrivateKey: key,
    )
    mitm_server = retry_start_agent_server agent_config

    @mitm_servers[host] = mitm_server

    Thread.new do mitm_server.start end
    return mitm_server.config[:Port]
  end
end