Go 實現HTTP中間人代理的操作

goproxy

Go HTTP(S)代理庫, 支持中間人代理解密HTTPS

項目地址

安裝

go get github.com/ouqiang/goproxy

使用

package main
import (
    "net/http"
    "time"
    "github.com/ouqiang/goproxy"
)
func main() {
    proxy := goproxy.New()
    server := &http.Server{
        Addr:         ":8080",
        Handler:      proxy,
        ReadTimeout:  1 * time.Minute,
        WriteTimeout: 1 * time.Minute,
    }
    err := server.ListenAndServe()
    if err != nil {
        panic(err)
    }
}

代理測試

curl -x localhost:8080 https://www.baidu.com

中間人代理, 解密HTTPS

系統需導入根證書 mitm-proxy.crt

package main
import (
    "crypto/tls"
    "net/http"
    "sync"
    "time"
    "github.com/ouqiang/goproxy"
)
// 實現證書緩存接口
type Cache struct {
    m sync.Map
}
func (c *Cache) Set(host string, cert *tls.Certificate) {
    c.m.Store(host, cert)
}
func (c *Cache) Get(host string) *tls.Certificate {
    v, ok := c.m.Load(host)
    if !ok {
        return nil
    }
    return v.(*tls.Certificate)
}
func main() {
    proxy := goproxy.New(goproxy.WithDecryptHTTPS(&Cache{}))
    server := &http.Server{
        Addr:         ":8080",
        Handler:      proxy,
        ReadTimeout:  1 * time.Minute,
        WriteTimeout: 1 * time.Minute,
    }
    err := server.ListenAndServe()
    if err != nil {
        panic(err)
    }
}

事件處理

實現Delegate接口

type Delegate interface {
    // Connect 收到客戶端連接
    Connect(ctx *Context, rw http.ResponseWriter)
    // Auth 代理身份認證
    Auth(ctx *Context, rw http.ResponseWriter)
    // BeforeRequest HTTP請求前 設置X-Forwarded-For, 修改Header、Body
    BeforeRequest(ctx *Context)
    // BeforeResponse 響應發送到客戶端前, 修改Header、Body、Status Code
    BeforeResponse(ctx *Context, resp *http.Response, err error)
    // ParentProxy 上級代理
    ParentProxy(*http.Request) (*url.URL, error)
    // Finish 本次請求結束
    Finish(ctx *Context)
    // 記錄錯誤信息
    ErrorLog(err error)
}
type EventHandler struct{}
func (e *EventHandler) Connect(ctx *goproxy.Context, rw http.ResponseWriter) {
    // 保存的數據可以在後面的回調方法中獲取
    ctx.Data["req_id"] = "uuid"
    // 禁止訪問某個域名
    if strings.Contains(ctx.Req.URL.Host, "example.com") {
        rw.WriteHeader(http.StatusForbidden)
        ctx.Abort()
        return
    }
}
func (e *EventHandler) Auth(ctx *goproxy.Context, rw http.ResponseWriter)  {
    // 身份驗證
}
func (e *EventHandler) BeforeRequest(ctx *goproxy.Context) {
    // 修改header
    ctx.Req.Header.Add("X-Request-Id", ctx.Data["req_id"].(string))
    // 設置X-Forwarded-For
    if clientIP, _, err := net.SplitHostPort(ctx.Req.RemoteAddr); err == nil {
        if prior, ok := ctx.Req.Header["X-Forwarded-For"]; ok {
            clientIP = strings.Join(prior, ", ") + ", " + clientIP
        }
        ctx.Req.Header.Set("X-Forwarded-For", clientIP)
    }
    // 讀取Body
    body, err := ioutil.ReadAll(ctx.Req.Body)
    if err != nil {
        // 錯誤處理
        return
    }
    // Request.Body隻能讀取一次, 讀取後必須再放回去
    // Response.Body同理
    ctx.Req.Body = ioutil.NopCloser(bytes.NewReader(body))
}
func (e *EventHandler) BeforeResponse(ctx *goproxy.Context, resp *http.Response, err error) {
    if err != nil {
        return
    }
    // 修改response
}
// 設置上級代理
func (e *EventHandler) ParentProxy(req *http.Request) (*url.URL, error) {
    return url.Parse("http://localhost:1087")
}
func (e *EventHandler) Finish(ctx *goproxy.Context) {
    fmt.Printf("請求結束 URL:%s\n", ctx.Req.URL)
}
// 記錄錯誤日志
func (e *EventHandler) ErrorLog(err error) {
    log.Println(err)
}
func main() {
    proxy := goproxy.New(goproxy.WithDelegate(&EventHandler{}))
    server := &http.Server{
        Addr:         ":8080",
        Handler:      proxy,
        ReadTimeout:  1 * time.Minute,
        WriteTimeout: 1 * time.Minute,
    }
    err := server.ListenAndServe()
    if err != nil {
        panic(err)
    }
}

以上為個人經驗,希望能給大傢一個參考,也希望大傢多多支持WalkonNet。如有錯誤或未考慮完全的地方,望不吝賜教。