org.littleshoot.proxy.MitmManager Java Examples
The following examples show how to use
org.littleshoot.proxy.MitmManager.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
| Source File: MitmManagerFactory.java From vividus with Apache License 2.0 | 6 votes |
|
@Override
public MitmManager createMitmManager(MitmManagerOptions options)
{
KeyStoreOptions keyStoreOptions = options.getKeyStoreOptions();
checkNotNull(keyStoreOptions.getPath(), "key store path");
checkNotNull(keyStoreOptions.getType(), "key store type");
checkNotNull(keyStoreOptions.getPassword(), "key store password");
checkNotNull(options.getAlias(), "alias");
File keyStore = ResourceUtils.loadFile(getClass(), keyStoreOptions.getPath());
KeyStoreFileCertificateSource certificateSource = new KeyStoreFileCertificateSource(keyStoreOptions.getType(),
keyStore, options.getAlias(), keyStoreOptions.getPassword());
return ImpersonatingMitmManager
.builder()
.rootCertificateSource(certificateSource)
.trustAllServers(options.isTrustAllServers())
.build();
}
Example #2
| Source File: ProxyServerFactoryTests.java From vividus with Apache License 2.0 | 6 votes |
|
@Test
@PrepareForTest({BrowserUpProxyServer.class, ThreadPoolConfiguration.class, ProxyServerFactory.class})
public void testCreateProxyServerConfigDisableMitm() throws Exception
{
MitmManagerOptions mitmManagerOptions = mock(MitmManagerOptions.class);
IMitmManagerFactory mitmManagerFactory = mock(IMitmManagerFactory.class);
MitmManager mitmManager = mock(MitmManager.class);
when(mitmManagerFactory.createMitmManager(mitmManagerOptions)).thenReturn(mitmManager);
BrowserUpProxyServer mockedServer = mock(BrowserUpProxyServer.class);
PowerMockito.whenNew(BrowserUpProxyServer.class).withNoArguments().thenReturn(mockedServer);
proxyServerFactory.setMitmManagerOptions(mitmManagerOptions);
proxyServerFactory.setMitmManagerFactory(mitmManagerFactory);
proxyServerFactory.setMitmEnabled(true);
proxyServerFactory.createProxyServer();
verify(mockedServer).setMitmManager(mitmManager);
}
Example #3
| Source File: ProxyServerFactoryTests.java From vividus with Apache License 2.0 | 5 votes |
|
@Test
@PrepareForTest({BrowserUpProxyServer.class, ThreadPoolConfiguration.class, ProxyServerFactory.class})
public void testCreateProxyServerConfig() throws Exception
{
MitmManagerOptions mitmManagerOptions = mock(MitmManagerOptions.class);
IMitmManagerFactory mitmManagerFactory = mock(IMitmManagerFactory.class);
MitmManager mitmManager = mock(MitmManager.class);
when(mitmManagerFactory.createMitmManager(mitmManagerOptions)).thenReturn(mitmManager);
BrowserUpProxyServer mockedServer = mock(BrowserUpProxyServer.class);
PowerMockito.whenNew(BrowserUpProxyServer.class).withNoArguments().thenReturn(mockedServer);
ThreadPoolConfiguration mockedConfig = mock(ThreadPoolConfiguration.class);
PowerMockito.whenNew(ThreadPoolConfiguration.class).withNoArguments().thenReturn(mockedConfig);
AdvancedHostResolver hostNameResolver = mock(AdvancedHostResolver.class);
boolean trustAllServers = true;
proxyServerFactory.setMitmManagerOptions(mitmManagerOptions);
proxyServerFactory.setMitmManagerFactory(mitmManagerFactory);
proxyServerFactory.setTrustAllServers(trustAllServers);
proxyServerFactory.setMitmEnabled(true);
proxyServerFactory.setAdvancedHostResolver(hostNameResolver);
proxyServerFactory.setCaptureTypes(CaptureType.getAllContentCaptureTypes());
proxyServerFactory.createProxyServer();
int expectedThreadsCount = 16;
verify(mockedConfig).withClientToProxyWorkerThreads(expectedThreadsCount);
verify(mockedConfig).withProxyToServerWorkerThreads(expectedThreadsCount);
verify(mockedServer).setTrustAllServers(trustAllServers);
verify(mockedServer).setMitmManager(mitmManager);
verify(mockedServer).setThreadPoolConfiguration(mockedConfig);
verify(mockedServer).setHostNameResolver(hostNameResolver);
verify(mockedServer).enableHarCaptureTypes(CaptureType.getAllContentCaptureTypes());
}
Example #4
| Source File: MitmManagerFactoryTests.java From vividus with Apache License 2.0 | 5 votes |
|
@Test
void testCreateMitmManager()
{
IMitmManagerFactory factory = new MitmManagerFactory();
MitmManagerOptions options = new MitmManagerOptions("alias", true,
new KeyStoreOptions("bundle.p12", "password", "PKCS12"));
MitmManager mitmManager = factory.createMitmManager(options);
assertThat(mitmManager, instanceOf(ImpersonatingMitmManager.class));
}
Example #5
| Source File: ProxyToServerConnection.java From yfs with Apache License 2.0 | 5 votes |
|
protected Future<?> execute() {
LOG.debug("Handling CONNECT request through Chained Proxy");
chainedProxy.filterRequest(initialRequest);
MitmManager mitmManager = proxyServer.getMitmManager();
boolean isMitmEnabled = mitmManager != null;
/*
* We ignore the LastHttpContent which we read from the client
* connection when we are negotiating connect (see readHttp()
* in ProxyConnection). This cannot be ignored while we are
* doing MITM + Chained Proxy because the HttpRequestEncoder
* of the ProxyToServerConnection will be in an invalid state
* when the next request is written. Writing the EmptyLastContent
* resets its state.
*/
if(isMitmEnabled){
ChannelFuture future = writeToChannel(initialRequest);
future.addListener(new ChannelFutureListener() {
@Override
public void operationComplete(ChannelFuture arg0) throws Exception {
if(arg0.isSuccess()){
writeToChannel(LastHttpContent.EMPTY_LAST_CONTENT);
}
}
});
return future;
} else {
return writeToChannel(initialRequest);
}
}
Example #6
| Source File: DefaultHttpProxyServer.java From g4proxy with Apache License 2.0 | 5 votes |
|
@Override
public HttpProxyServerBootstrap withManInTheMiddle(
MitmManager mitmManager) {
this.mitmManager = mitmManager;
if (this.sslEngineSource != null) {
LOG.warn("Enabled man in the middle with encrypted inbound connections. "
+ "These are mutually exclusive - encrypted inbound connections will be disabled.");
this.sslEngineSource = null;
}
return this;
}
Example #7
| Source File: ProxyToServerConnection.java From g4proxy with Apache License 2.0 | 5 votes |
|
protected Future<?> execute() {
LOG.debug("Handling CONNECT request through Chained Proxy");
chainedProxy.filterRequest(initialRequest);
MitmManager mitmManager = proxyServer.getMitmManager();
boolean isMitmEnabled = mitmManager != null;
/*
* We ignore the LastHttpContent which we read from the client
* connection when we are negotiating connect (see readHttp()
* in ProxyConnection). This cannot be ignored while we are
* doing MITM + Chained Proxy because the HttpRequestEncoder
* of the ProxyToServerConnection will be in an invalid state
* when the next request is written. Writing the EmptyLastContent
* resets its state.
*/
if(isMitmEnabled){
ChannelFuture future = writeToChannel(initialRequest);
future.addListener(new ChannelFutureListener() {
@Override
public void operationComplete(ChannelFuture arg0) throws Exception {
if(arg0.isSuccess()){
writeToChannel(LastHttpContent.EMPTY_LAST_CONTENT);
}
}
});
return future;
} else {
return writeToChannel(initialRequest);
}
}
Example #8
| Source File: LittleProxyMitmProxy.java From LittleProxy-mitm with Apache License 2.0 | 4 votes |
|
public LittleProxyMitmProxy(int proxyPort, MitmManager mitmManager) {
super(proxyPort);
this.mitmManager = mitmManager;
}
Example #9
| Source File: BrowserMobProxyServer.java From AndroidHttpCapture with MIT License | 4 votes |
|
@Override
public void setMitmManager(MitmManager mitmManager) {
this.mitmManager = mitmManager;
}
Example #10
| Source File: BrowserMobProxyServer.java From Dream-Catcher with MIT License | 4 votes |
|
@Override
public void setMitmManager(MitmManager mitmManager) {
this.mitmManager = mitmManager;
}
Example #11
| Source File: ProxyToServerConnection.java From yfs with Apache License 2.0 | 4 votes |
|
/**
* This method initializes our {@link ConnectionFlow} based on however this connection has been configured. If
* the {@link #disableSni} value is true, this method will not pass peer information to the MitmManager when
* handling CONNECTs.
*/
private void initializeConnectionFlow() {
this.connectionFlow = new ConnectionFlow(clientConnection, this,
connectLock)
.then(ConnectChannel);
if (chainedProxy != null && chainedProxy.requiresEncryption()) {
connectionFlow.then(serverConnection.EncryptChannel(chainedProxy
.newSslEngine()));
}
if (ProxyUtils.isCONNECT(initialRequest)) {
// If we're chaining, forward the CONNECT request
if (hasUpstreamChainedProxy()) {
connectionFlow.then(
serverConnection.HTTPCONNECTWithChainedProxy);
}
MitmManager mitmManager = proxyServer.getMitmManager();
boolean isMitmEnabled = mitmManager != null;
if (isMitmEnabled) {
// When MITM is enabled and when chained proxy is set up, remoteAddress
// will be the chained proxy's address. So we use serverHostAndPort
// which is the end server's address.
HostAndPort parsedHostAndPort = HostAndPort.fromString(serverHostAndPort);
// SNI may be disabled for this request due to a previous failed attempt to connect to the server
// with SNI enabled.
if (disableSni) {
connectionFlow.then(serverConnection.EncryptChannel(proxyServer.getMitmManager()
.serverSslEngine()));
} else {
connectionFlow.then(serverConnection.EncryptChannel(proxyServer.getMitmManager()
.serverSslEngine(parsedHostAndPort.getHost(), parsedHostAndPort.getPort())));
}
connectionFlow
.then(clientConnection.RespondCONNECTSuccessful)
.then(serverConnection.MitmEncryptClientChannel);
} else {
connectionFlow.then(serverConnection.StartTunneling)
.then(clientConnection.RespondCONNECTSuccessful)
.then(clientConnection.StartTunneling);
}
}
}
Example #12
| Source File: DefaultHttpProxyServer.java From g4proxy with Apache License 2.0 | 4 votes |
|
private DefaultHttpProxyServerBootstrap(
ServerGroup serverGroup,
TransportProtocol transportProtocol,
InetSocketAddress requestedAddress,
SslEngineSource sslEngineSource,
boolean authenticateSslClients,
ProxyAuthenticator proxyAuthenticator,
ChainedProxyManager chainProxyManager,
MitmManager mitmManager,
HttpFiltersSource filtersSource,
boolean transparent, int idleConnectionTimeout,
Collection<ActivityTracker> activityTrackers,
int connectTimeout, HostResolver serverResolver,
long readThrottleBytesPerSecond,
long writeThrottleBytesPerSecond,
InetSocketAddress localAddress,
String proxyAlias,
int maxInitialLineLength,
int maxHeaderSize,
int maxChunkSize,
boolean allowRequestToOriginServer) {
this.serverGroup = serverGroup;
this.transportProtocol = transportProtocol;
this.requestedAddress = requestedAddress;
this.port = requestedAddress.getPort();
this.sslEngineSource = sslEngineSource;
this.authenticateSslClients = authenticateSslClients;
this.proxyAuthenticator = proxyAuthenticator;
this.chainProxyManager = chainProxyManager;
this.mitmManager = mitmManager;
this.filtersSource = filtersSource;
this.transparent = transparent;
this.idleConnectionTimeout = idleConnectionTimeout;
if (activityTrackers != null) {
this.activityTrackers.addAll(activityTrackers);
}
this.connectTimeout = connectTimeout;
this.serverResolver = serverResolver;
this.readThrottleBytesPerSecond = readThrottleBytesPerSecond;
this.writeThrottleBytesPerSecond = writeThrottleBytesPerSecond;
this.localAddress = localAddress;
this.proxyAlias = proxyAlias;
this.maxInitialLineLength = maxInitialLineLength;
this.maxHeaderSize = maxHeaderSize;
this.maxChunkSize = maxChunkSize;
this.allowRequestToOriginServer = allowRequestToOriginServer;
}
Example #13
| Source File: DefaultHttpProxyServer.java From g4proxy with Apache License 2.0 | 4 votes |
|
protected MitmManager getMitmManager() {
return mitmManager;
}
Example #14
| Source File: DefaultHttpProxyServer.java From g4proxy with Apache License 2.0 | 4 votes |
|
/**
* Creates a new proxy server.
*
* @param serverGroup our ServerGroup for shared thread pools and such
* @param transportProtocol The protocol to use for data transport
* @param requestedAddress The address on which this server will listen
* @param sslEngineSource (optional) if specified, this Proxy will encrypt inbound
* connections from clients using an {@link SSLEngine} obtained
* from this {@link SslEngineSource}.
* @param authenticateSslClients Indicate whether or not to authenticate clients when using SSL
* @param proxyAuthenticator (optional) If specified, requests to the proxy will be
* authenticated using HTTP BASIC authentication per the provided
* {@link ProxyAuthenticator}
* @param chainProxyManager The proxy to send requests to if chaining proxies. Typically
* <code>null</code>.
* @param mitmManager The {@link MitmManager} to use for man in the middle'ing
* CONNECT requests
* @param filtersSource Source for {@link HttpFilters}
* @param transparent If true, this proxy will run as a transparent proxy. This will
* not modify the response, and will only modify the request to
* amend the URI if the target is the origin server (to comply
* with RFC 7230 section 5.3.1).
* @param idleConnectionTimeout The timeout (in seconds) for auto-closing idle connections.
* @param activityTrackers for tracking activity on this proxy
* @param connectTimeout number of milliseconds to wait to connect to the upstream
* server
* @param serverResolver the {@link HostResolver} to use for resolving server addresses
* @param readThrottleBytesPerSecond read throttle bandwidth
* @param writeThrottleBytesPerSecond write throttle bandwidth
* @param maxInitialLineLength
* @param maxHeaderSize
* @param maxChunkSize
* @param allowRequestsToOriginServer when true, allow the proxy to handle requests that contain an origin-form URI, as defined in RFC 7230 5.3.1
*/
private DefaultHttpProxyServer(ServerGroup serverGroup,
TransportProtocol transportProtocol,
InetSocketAddress requestedAddress,
SslEngineSource sslEngineSource,
boolean authenticateSslClients,
ProxyAuthenticator proxyAuthenticator,
ChainedProxyManager chainProxyManager,
MitmManager mitmManager,
HttpFiltersSource filtersSource,
boolean transparent,
int idleConnectionTimeout,
Collection<ActivityTracker> activityTrackers,
int connectTimeout,
HostResolver serverResolver,
long readThrottleBytesPerSecond,
long writeThrottleBytesPerSecond,
InetSocketAddress localAddress,
String proxyAlias,
int maxInitialLineLength,
int maxHeaderSize,
int maxChunkSize,
boolean allowRequestsToOriginServer) {
this.serverGroup = serverGroup;
this.transportProtocol = transportProtocol;
this.requestedAddress = requestedAddress;
this.sslEngineSource = sslEngineSource;
this.authenticateSslClients = authenticateSslClients;
this.proxyAuthenticator = proxyAuthenticator;
this.chainProxyManager = chainProxyManager;
this.mitmManager = mitmManager;
this.filtersSource = filtersSource;
this.transparent = transparent;
this.idleConnectionTimeout = idleConnectionTimeout;
if (activityTrackers != null) {
this.activityTrackers.addAll(activityTrackers);
}
this.connectTimeout = connectTimeout;
this.serverResolver = serverResolver;
if (writeThrottleBytesPerSecond > 0 || readThrottleBytesPerSecond > 0) {
this.globalTrafficShapingHandler = createGlobalTrafficShapingHandler(transportProtocol, readThrottleBytesPerSecond, writeThrottleBytesPerSecond);
} else {
this.globalTrafficShapingHandler = null;
}
this.localAddress = localAddress;
if (proxyAlias == null) {
// attempt to resolve the name of the local machine. if it cannot be resolved, use the fallback name.
String hostname = ProxyUtils.getHostName();
if (hostname == null) {
hostname = FALLBACK_PROXY_ALIAS;
}
this.proxyAlias = hostname;
} else {
this.proxyAlias = proxyAlias;
}
this.maxInitialLineLength = maxInitialLineLength;
this.maxHeaderSize = maxHeaderSize;
this.maxChunkSize = maxChunkSize;
this.allowRequestsToOriginServer = allowRequestsToOriginServer;
}
Example #15
| Source File: ProxyToServerConnection.java From g4proxy with Apache License 2.0 | 4 votes |
|
/**
* This method initializes our {@link ConnectionFlow} based on however this connection has been configured. If
* the {@link #disableSni} value is true, this method will not pass peer information to the MitmManager when
* handling CONNECTs.
*/
private void initializeConnectionFlow() {
this.connectionFlow = new ConnectionFlow(clientConnection, this,
connectLock)
.then(ConnectChannel);
if (chainedProxy != null && chainedProxy.requiresEncryption()) {
connectionFlow.then(serverConnection.EncryptChannel(chainedProxy
.newSslEngine()));
}
if (ProxyUtils.isCONNECT(initialRequest)) {
// If we're chaining, forward the CONNECT request
if (hasUpstreamChainedProxy()) {
connectionFlow.then(
serverConnection.HTTPCONNECTWithChainedProxy);
}
MitmManager mitmManager = proxyServer.getMitmManager();
boolean isMitmEnabled = mitmManager != null;
if (isMitmEnabled) {
// When MITM is enabled and when chained proxy is set up, remoteAddress
// will be the chained proxy's address. So we use serverHostAndPort
// which is the end server's address.
HostAndPort parsedHostAndPort = HostAndPort.fromString(serverHostAndPort);
// SNI may be disabled for this request due to a previous failed attempt to connect to the server
// with SNI enabled.
if (disableSni) {
connectionFlow.then(serverConnection.EncryptChannel(proxyServer.getMitmManager()
.serverSslEngine()));
} else {
connectionFlow.then(serverConnection.EncryptChannel(proxyServer.getMitmManager()
.serverSslEngine(parsedHostAndPort.getHost(), parsedHostAndPort.getPort())));
}
connectionFlow
.then(clientConnection.RespondCONNECTSuccessful)
.then(serverConnection.MitmEncryptClientChannel);
} else {
connectionFlow.then(serverConnection.StartTunneling)
.then(clientConnection.RespondCONNECTSuccessful)
.then(clientConnection.StartTunneling);
}
}
}
Example #16
| Source File: BrowserMobProxyServer.java From CapturePacket with MIT License | 4 votes |
|
@Override
public void setMitmManager(MitmManager mitmManager) {
this.mitmManager = mitmManager;
}
Example #17
| Source File: BrowserUpProxyServer.java From browserup-proxy with Apache License 2.0 | 4 votes |
|
@Override
public void setMitmManager(MitmManager mitmManager) {
this.mitmManager = mitmManager;
}
Example #18
| Source File: BrowserMobProxy.java From CapturePacket with MIT License | 2 votes |
|
/**
* Sets the MITM manager, which is responsible for generating forged SSL certificates to present to clients. By default,
* BrowserMob Proxy uses the ca-certificate-rsa.cer root certificate for impersonation. See the documentation at
* {@link net.lightbody.bmp.mitm.manager.ImpersonatingMitmManager} and {@link net.lightbody.bmp.mitm.manager.ImpersonatingMitmManager.Builder}
* for details on customizing the root and server certificate generation.
*
* @param mitmManager MITM manager to use
*/
void setMitmManager(MitmManager mitmManager);
Example #19
| Source File: BrowserUpProxy.java From browserup-proxy with Apache License 2.0 | 2 votes |
|
/**
* Sets the MITM manager, which is responsible for generating forged SSL certificates to present to clients. By default,
* BrowserUp Proxy uses the ca-certificate-rsa.cer root certificate for impersonation. See the documentation at
* {@link com.browserup.bup.mitm.manager.ImpersonatingMitmManager} and {@link com.browserup.bup.mitm.manager.ImpersonatingMitmManager.Builder}
* for details on customizing the root and server certificate generation.
*
* @param mitmManager MITM manager to use
*/
void setMitmManager(MitmManager mitmManager);
Example #20
| Source File: MitmProxyServer.java From browserup-proxy with Apache License 2.0 | 2 votes |
|
@Override
public void setMitmManager(MitmManager mitmManager) {
}
Example #21
| Source File: BrowserMobProxy.java From Dream-Catcher with MIT License | 2 votes |
|
/**
* Sets the MITM manager, which is responsible for generating forged SSL certificates to present to clients. By default,
* BrowserMob Proxy uses the ca-certificate-rsa.cer root certificate for impersonation. See the documentation at
* {@link net.lightbody.bmp.mitm.manager.ImpersonatingMitmManager} and {@link net.lightbody.bmp.mitm.manager.ImpersonatingMitmManager.Builder}
* for details on customizing the root and server certificate generation.
*
* @param mitmManager MITM manager to use
*/
void setMitmManager(MitmManager mitmManager);
Example #22
| Source File: BrowserMobProxy.java From AndroidHttpCapture with MIT License | 2 votes |
|
/**
* Sets the MITM manager, which is responsible for generating forged SSL certificates to present to clients. By default,
* BrowserMob Proxy uses the ca-certificate-rsa.cer root certificate for impersonation. See the documentation at
* {@link net.lightbody.bmp.mitm.manager.ImpersonatingMitmManager} and {@link net.lightbody.bmp.mitm.manager.ImpersonatingMitmManager.Builder}
* for details on customizing the root and server certificate generation.
*
* @param mitmManager MITM manager to use
*/
void setMitmManager(MitmManager mitmManager);
Example #23
| Source File: IMitmManagerFactory.java From vividus with Apache License 2.0 | votes |
|
MitmManager createMitmManager(MitmManagerOptions options);
