Documentation
¶
Index ¶
- func NewDefaultClientFactory() types.ClientFactory
- type Args
- type Attacker
- func (a *Attacker) Attack(res http.ResponseWriter, req *http.Request)
- func (a *Attacker) ClientDisconnected(client *conn.ClientConn)
- func (a *Attacker) HTTPSDial(ctx context.Context, req *http.Request) (net.Conn, error)
- func (a *Attacker) HTTPSLazyAttack(ctx context.Context, cconn net.Conn, req *http.Request)
- func (a *Attacker) HTTPSTLSDial(ctx context.Context, cconn, sconn net.Conn)
- func (a *Attacker) InitHTTPDialFn(req *http.Request)
- func (a *Attacker) InitHTTPSDialFn(req *http.Request)
- func (a *Attacker) NotifyClientDisconnected(client *conn.ClientConn)
- func (a *Attacker) NotifyServerDisconnected(connCtx *conn.Context)
- func (a *Attacker) ServeHTTP(res http.ResponseWriter, req *http.Request)
- func (a *Attacker) ServerDisconnected(connCtx *conn.Context)
- func (a *Attacker) Start() error
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func NewDefaultClientFactory ¶
func NewDefaultClientFactory() types.ClientFactory
NewDefaultClientFactory creates a new DefaultClientFactory. This is a convenience wrapper around types.NewDefaultClientFactory.
Types ¶
type Args ¶
type Args struct {
CA cert.CA
UpstreamManager *upstream.Manager
AddonRegistry types.AddonRegistry
// StreamLargeBodies is the threshold in bytes for switching to streaming mode.
// Bodies larger than this will be streamed instead of buffered.
StreamLargeBodies int64
// InsecureSkipVerify controls whether to skip SSL certificate verification
// when connecting to upstream servers.
InsecureSkipVerify bool
WSHandler *websocket.Handler
// ClientFactory is used to create HTTP clients for different scenarios.
// If nil, DefaultClientFactory will be used.
ClientFactory types.ClientFactory
}
Args contains all dependencies required by the Attacker.
type Attacker ¶
type Attacker struct {
// contains filtered or unexported fields
}
Attacker handles the man-in-the-middle attack functionality for intercepting and modifying HTTP/HTTPS traffic. It manages TLS handshakes, certificate generation, and proxying of requests between clients and servers.
func New ¶
New creates a new Attacker instance with the given dependencies. It initializes the HTTP client, HTTP server, and HTTP/2 server. The attacker is configured to handle both HTTP/1.1 and HTTP/2 connections.
func (*Attacker) Attack ¶
func (a *Attacker) Attack(res http.ResponseWriter, req *http.Request)
Attack is the main request handling method that processes HTTP/HTTPS requests. It orchestrates the complete request/response flow: 1. Creates a new Flow and associates it with the connection context 2. Triggers Requestheaders addon event 3. Reads and buffers the request body (or streams if too large) 4. Triggers Request addon event 5. Applies stream request modifiers 6. Executes the proxy request to the upstream server 7. Triggers Responseheaders addon event 8. Reads and buffers the response body (or streams if too large) 9. Triggers Response addon event 10. Applies stream response modifiers 11. Sends the response back to the client
The method includes panic recovery to handle addon errors gracefully.
func (*Attacker) ClientDisconnected ¶
func (a *Attacker) ClientDisconnected(client *conn.ClientConn)
Addon interface methods that forward to the actual addon implementations.
func (*Attacker) HTTPSDial ¶
HttpsDial establishes a plain TCP connection to the upstream HTTPS server. It creates a server connection and notifies addons that the server connection has been established. The TLS handshake is performed separately by serverTLSHandshake.
func (*Attacker) HTTPSLazyAttack ¶
HTTPSLazyAttack performs a lazy MITM TLS handshake for HTTPS connections. Unlike HttpsTLSDial, this method only performs the client TLS handshake without immediately connecting to the upstream server. The server connection is established lazily when the first request is made. This approach only supports HTTP/1.1.
func (*Attacker) HTTPSTLSDial ¶
HTTPSTLSDial performs a full MITM TLS handshake for HTTPS connections. It coordinates the TLS handshakes between the client and proxy, and between the proxy and server. The process involves: 1. Starting a client TLS handshake in a goroutine 2. Receiving the client's ClientHello 3. Performing a server TLS handshake with the upstream server 4. Generating a certificate for the client based on the server's negotiated protocol 5. Completing the client TLS handshake 6. Passing the connection to serveConn for HTTP request handling.
func (*Attacker) InitHTTPDialFn ¶
InitHTTPDialFn initializes the dial function for plain HTTP connections. This function is called lazily when the first HTTP request is made on a connection. It establishes a connection to the upstream server and configures an HTTP/1.1 client.
func (*Attacker) InitHTTPSDialFn ¶
InitHTTPSDialFn initializes the dial function for HTTPS connections. This function is called lazily when the first HTTPS request is made on a connection. It establishes both a plain connection and performs the TLS handshake with the upstream server.
func (*Attacker) NotifyClientDisconnected ¶
func (a *Attacker) NotifyClientDisconnected(client *conn.ClientConn)
NotifyClientDisconnected implements conn.AddonNotifier.
func (*Attacker) NotifyServerDisconnected ¶
NotifyServerDisconnected implements conn.AddonNotifier.
func (*Attacker) ServeHTTP ¶
func (a *Attacker) ServeHTTP(res http.ResponseWriter, req *http.Request)
ServeHTTP implements the http.Handler interface for the Attacker. It handles incoming HTTP requests, including WebSocket upgrades and regular HTTP/HTTPS requests. This method ensures the request URL is properly formatted before passing it to the Attack method.