mirror of
https://github.com/SagerNet/sing-box.git
synced 2025-06-13 21:54:13 +08:00
mitm: Fix HTTP2 support & Add print
This commit is contained in:
世界
parent
b01fe5d364
commit
1fe983a81b
196
mitm/engine.go
196
mitm/engine.go
@ -17,6 +17,7 @@ import (
|
|||||||
"path/filepath"
|
"path/filepath"
|
||||||
"strings"
|
"strings"
|
||||||
"time"
|
"time"
|
||||||
|
"unicode"
|
||||||
|
|
||||||
"github.com/sagernet/sing-box/adapter"
|
"github.com/sagernet/sing-box/adapter"
|
||||||
"github.com/sagernet/sing-box/common/dialer"
|
"github.com/sagernet/sing-box/common/dialer"
|
||||||
@ -124,6 +125,7 @@ func (e *Engine) newTLS(ctx context.Context, this N.Dialer, conn net.Conn, metad
|
|||||||
acceptHTTP := len(metadata.ClientHello.SupportedProtos) == 0 || common.Contains(metadata.ClientHello.SupportedProtos, "http/1.1")
|
acceptHTTP := len(metadata.ClientHello.SupportedProtos) == 0 || common.Contains(metadata.ClientHello.SupportedProtos, "http/1.1")
|
||||||
acceptH2 := e.http2Enabled && common.Contains(metadata.ClientHello.SupportedProtos, "h2")
|
acceptH2 := e.http2Enabled && common.Contains(metadata.ClientHello.SupportedProtos, "h2")
|
||||||
if !acceptHTTP && !acceptH2 {
|
if !acceptHTTP && !acceptH2 {
|
||||||
|
metadata.MITM = nil
|
||||||
e.logger.DebugContext(ctx, "unsupported application protocol: ", strings.Join(metadata.ClientHello.SupportedProtos, ","))
|
e.logger.DebugContext(ctx, "unsupported application protocol: ", strings.Join(metadata.ClientHello.SupportedProtos, ","))
|
||||||
e.connection.NewConnection(ctx, this, conn, metadata, onClose)
|
e.connection.NewConnection(ctx, this, conn, metadata, onClose)
|
||||||
return nil
|
return nil
|
||||||
@ -148,11 +150,10 @@ func (e *Engine) newTLS(ctx context.Context, this N.Dialer, conn net.Conn, metad
|
|||||||
}
|
}
|
||||||
tlsConfig := &tls.Config{
|
tlsConfig := &tls.Config{
|
||||||
Time: e.timeFunc,
|
Time: e.timeFunc,
|
||||||
CipherSuites: metadata.ClientHello.CipherSuites,
|
|
||||||
ServerName: serverName,
|
ServerName: serverName,
|
||||||
CurvePreferences: metadata.ClientHello.SupportedCurves,
|
|
||||||
NextProtos: nextProtos,
|
NextProtos: nextProtos,
|
||||||
MinVersion: minVersion,
|
MinVersion: minVersion,
|
||||||
|
MaxVersion: maxVersion,
|
||||||
GetCertificate: func(info *tls.ClientHelloInfo) (*tls.Certificate, error) {
|
GetCertificate: func(info *tls.ClientHelloInfo) (*tls.Certificate, error) {
|
||||||
return sTLS.GenerateKeyPair(e.tlsCertificate, e.tlsPrivateKey, e.timeFunc, serverName)
|
return sTLS.GenerateKeyPair(e.tlsCertificate, e.tlsPrivateKey, e.timeFunc, serverName)
|
||||||
},
|
},
|
||||||
@ -163,7 +164,7 @@ func (e *Engine) newTLS(ctx context.Context, this N.Dialer, conn net.Conn, metad
|
|||||||
return E.Cause(err, "TLS handshake")
|
return E.Cause(err, "TLS handshake")
|
||||||
}
|
}
|
||||||
if tlsConn.ConnectionState().NegotiatedProtocol == "h2" {
|
if tlsConn.ConnectionState().NegotiatedProtocol == "h2" {
|
||||||
return e.newHTTP2(ctx, this, tlsConn, metadata, onClose)
|
return e.newHTTP2(ctx, this, tlsConn, tlsConfig, metadata, onClose)
|
||||||
} else {
|
} else {
|
||||||
return e.newHTTP1(ctx, this, tlsConn, tlsConfig, metadata)
|
return e.newHTTP1(ctx, this, tlsConn, tlsConfig, metadata)
|
||||||
}
|
}
|
||||||
@ -171,7 +172,6 @@ func (e *Engine) newTLS(ctx context.Context, this N.Dialer, conn net.Conn, metad
|
|||||||
|
|
||||||
func (e *Engine) newHTTP1(ctx context.Context, this N.Dialer, conn net.Conn, tlsConfig *tls.Config, metadata adapter.InboundContext) error {
|
func (e *Engine) newHTTP1(ctx context.Context, this N.Dialer, conn net.Conn, tlsConfig *tls.Config, metadata adapter.InboundContext) error {
|
||||||
options := metadata.MITM
|
options := metadata.MITM
|
||||||
metadata.MITM = nil
|
|
||||||
defer conn.Close()
|
defer conn.Close()
|
||||||
reader := bufio.NewReader(conn)
|
reader := bufio.NewReader(conn)
|
||||||
request, err := sHTTP.ReadRequest(reader)
|
request, err := sHTTP.ReadRequest(reader)
|
||||||
@ -209,9 +209,19 @@ func (e *Engine) newHTTP1(ctx context.Context, this N.Dialer, conn net.Conn, tls
|
|||||||
requestMatch = true
|
requestMatch = true
|
||||||
break
|
break
|
||||||
}
|
}
|
||||||
if requestScript != nil {
|
|
||||||
var body []byte
|
var body []byte
|
||||||
if requestScript.RequiresBody() && request.ContentLength > 0 && (requestScript.MaxSize() == 0 && request.ContentLength <= 131072 || request.ContentLength <= requestScript.MaxSize()) {
|
if options.Print && request.ContentLength > 0 && request.ContentLength <= 131072 {
|
||||||
|
body, err = io.ReadAll(request.Body)
|
||||||
|
if err != nil {
|
||||||
|
return E.Cause(err, "read HTTP request body")
|
||||||
|
}
|
||||||
|
request.Body = io.NopCloser(bytes.NewReader(body))
|
||||||
|
}
|
||||||
|
if options.Print {
|
||||||
|
e.printRequest(ctx, request, body)
|
||||||
|
}
|
||||||
|
if requestScript != nil {
|
||||||
|
if body == nil && requestScript.RequiresBody() && request.ContentLength > 0 && (requestScript.MaxSize() == 0 && request.ContentLength <= 131072 || request.ContentLength <= requestScript.MaxSize()) {
|
||||||
body, err = io.ReadAll(request.Body)
|
body, err = io.ReadAll(request.Body)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return E.Cause(err, "read HTTP request body")
|
return E.Cause(err, "read HTTP request body")
|
||||||
@ -266,8 +276,9 @@ func (e *Engine) newHTTP1(ctx context.Context, this N.Dialer, conn net.Conn, tls
|
|||||||
request.Header.Del("Host")
|
request.Header.Del("Host")
|
||||||
}
|
}
|
||||||
if result.Body != nil {
|
if result.Body != nil {
|
||||||
request.Body = io.NopCloser(bytes.NewReader(result.Body))
|
body = result.Body
|
||||||
request.ContentLength = int64(len(result.Body))
|
request.Body = io.NopCloser(bytes.NewReader(body))
|
||||||
|
request.ContentLength = int64(len(body))
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -337,7 +348,7 @@ func (e *Engine) newHTTP1(ctx context.Context, this N.Dialer, conn net.Conn, tls
|
|||||||
}
|
}
|
||||||
requestMatch = true
|
requestMatch = true
|
||||||
e.logger.DebugContext(ctx, "match body_rewrite[", i, "] => ", rule.String())
|
e.logger.DebugContext(ctx, "match body_rewrite[", i, "] => ", rule.String())
|
||||||
var body []byte
|
if body == nil {
|
||||||
if request.ContentLength <= 0 {
|
if request.ContentLength <= 0 {
|
||||||
e.logger.WarnContext(ctx, "body replace skipped due to non-fixed content length")
|
e.logger.WarnContext(ctx, "body replace skipped due to non-fixed content length")
|
||||||
break
|
break
|
||||||
@ -349,6 +360,7 @@ func (e *Engine) newHTTP1(ctx context.Context, this N.Dialer, conn net.Conn, tls
|
|||||||
if err != nil {
|
if err != nil {
|
||||||
return E.Cause(err, "read HTTP request body")
|
return E.Cause(err, "read HTTP request body")
|
||||||
}
|
}
|
||||||
|
}
|
||||||
for mi := 0; i < len(rule.Match); i++ {
|
for mi := 0; i < len(rule.Match); i++ {
|
||||||
body = rule.Match[mi].ReplaceAll(body, []byte(rule.Replace[i]))
|
body = rule.Match[mi].ReplaceAll(body, []byte(rule.Replace[i]))
|
||||||
}
|
}
|
||||||
@ -366,7 +378,6 @@ func (e *Engine) newHTTP1(ctx context.Context, this N.Dialer, conn net.Conn, tls
|
|||||||
var (
|
var (
|
||||||
statusCode = http.StatusOK
|
statusCode = http.StatusOK
|
||||||
headers = make(http.Header)
|
headers = make(http.Header)
|
||||||
body []byte
|
|
||||||
)
|
)
|
||||||
if rule.StatusCode > 0 {
|
if rule.StatusCode > 0 {
|
||||||
statusCode = rule.StatusCode
|
statusCode = rule.StatusCode
|
||||||
@ -410,26 +421,17 @@ func (e *Engine) newHTTP1(ctx context.Context, this N.Dialer, conn net.Conn, tls
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
ctx = adapter.WithContext(ctx, &metadata)
|
ctx = adapter.WithContext(ctx, &metadata)
|
||||||
var remoteConn net.Conn
|
|
||||||
if len(metadata.DestinationAddresses) > 0 || metadata.Destination.IsIP() {
|
|
||||||
remoteConn, err = dialer.DialSerialNetwork(ctx, this, N.NetworkTCP, metadata.Destination, metadata.DestinationAddresses, metadata.NetworkStrategy, metadata.NetworkType, metadata.FallbackNetworkType, metadata.FallbackDelay)
|
|
||||||
} else {
|
|
||||||
remoteConn, err = this.DialContext(ctx, N.NetworkTCP, metadata.Destination)
|
|
||||||
}
|
|
||||||
if err != nil {
|
|
||||||
return E.Cause(err, "open outbound connection")
|
|
||||||
}
|
|
||||||
defer remoteConn.Close()
|
|
||||||
var innerErr atomic.TypedValue[error]
|
var innerErr atomic.TypedValue[error]
|
||||||
httpClient := &http.Client{
|
httpClient := &http.Client{
|
||||||
Transport: &http.Transport{
|
Transport: &http.Transport{
|
||||||
DialTLSContext: func(ctx context.Context, network, address string) (net.Conn, error) {
|
DialContext: func(ctx context.Context, network, address string) (net.Conn, error) {
|
||||||
if tlsConfig != nil {
|
if len(metadata.DestinationAddresses) > 0 || metadata.Destination.IsIP() {
|
||||||
return tls.Client(remoteConn, tlsConfig), nil
|
return dialer.DialSerialNetwork(ctx, this, N.NetworkTCP, metadata.Destination, metadata.DestinationAddresses, metadata.NetworkStrategy, metadata.NetworkType, metadata.FallbackNetworkType, metadata.FallbackDelay)
|
||||||
} else {
|
} else {
|
||||||
return remoteConn, nil
|
return this.DialContext(ctx, N.NetworkTCP, metadata.Destination)
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
TLSClientConfig: tlsConfig,
|
||||||
},
|
},
|
||||||
CheckRedirect: func(req *http.Request, via []*http.Request) error {
|
CheckRedirect: func(req *http.Request, via []*http.Request) error {
|
||||||
return http.ErrUseLastResponse
|
return http.ErrUseLastResponse
|
||||||
@ -467,17 +469,27 @@ func (e *Engine) newHTTP1(ctx context.Context, this N.Dialer, conn net.Conn, tls
|
|||||||
responseMatch = true
|
responseMatch = true
|
||||||
break
|
break
|
||||||
}
|
}
|
||||||
if responseScript != nil {
|
var responseBody []byte
|
||||||
var body []byte
|
if options.Print && response.ContentLength > 0 && response.ContentLength <= 131072 {
|
||||||
if responseScript.RequiresBody() && response.ContentLength > 0 && (responseScript.MaxSize() == 0 && response.ContentLength <= 131072 || response.ContentLength <= responseScript.MaxSize()) {
|
responseBody, err = io.ReadAll(response.Body)
|
||||||
body, err = io.ReadAll(response.Body)
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return E.Cause(err, "read HTTP response body")
|
return E.Cause(err, "read HTTP response body")
|
||||||
}
|
}
|
||||||
response.Body = io.NopCloser(bytes.NewReader(body))
|
response.Body = io.NopCloser(bytes.NewReader(responseBody))
|
||||||
|
}
|
||||||
|
if options.Print {
|
||||||
|
e.printResponse(ctx, response, responseBody)
|
||||||
|
}
|
||||||
|
if responseScript != nil {
|
||||||
|
if responseBody == nil && responseScript.RequiresBody() && response.ContentLength > 0 && (responseScript.MaxSize() == 0 && response.ContentLength <= 131072 || response.ContentLength <= responseScript.MaxSize()) {
|
||||||
|
responseBody, err = io.ReadAll(response.Body)
|
||||||
|
if err != nil {
|
||||||
|
return E.Cause(err, "read HTTP response body")
|
||||||
|
}
|
||||||
|
response.Body = io.NopCloser(bytes.NewReader(responseBody))
|
||||||
}
|
}
|
||||||
var result *adapter.HTTPResponseScriptResult
|
var result *adapter.HTTPResponseScriptResult
|
||||||
result, err = responseScript.Run(ctx, request, response, body)
|
result, err = responseScript.Run(ctx, request, response, responseBody)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return E.Cause(err, "execute script/", responseScript.Type(), "[", responseScript.Tag(), "]")
|
return E.Cause(err, "execute script/", responseScript.Type(), "[", responseScript.Tag(), "]")
|
||||||
}
|
}
|
||||||
@ -490,8 +502,9 @@ func (e *Engine) newHTTP1(ctx context.Context, this N.Dialer, conn net.Conn, tls
|
|||||||
}
|
}
|
||||||
if result.Body != nil {
|
if result.Body != nil {
|
||||||
response.Body.Close()
|
response.Body.Close()
|
||||||
response.Body = io.NopCloser(bytes.NewReader(result.Body))
|
responseBody = result.Body
|
||||||
response.ContentLength = int64(len(result.Body))
|
response.Body = io.NopCloser(bytes.NewReader(responseBody))
|
||||||
|
response.ContentLength = int64(len(responseBody))
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if !responseMatch {
|
if !responseMatch {
|
||||||
@ -528,7 +541,7 @@ func (e *Engine) newHTTP1(ctx context.Context, this N.Dialer, conn net.Conn, tls
|
|||||||
}
|
}
|
||||||
responseMatch = true
|
responseMatch = true
|
||||||
e.logger.DebugContext(ctx, "match body_rewrite[", i, "] => ", rule.String())
|
e.logger.DebugContext(ctx, "match body_rewrite[", i, "] => ", rule.String())
|
||||||
var body []byte
|
if responseBody == nil {
|
||||||
if response.ContentLength <= 0 {
|
if response.ContentLength <= 0 {
|
||||||
e.logger.WarnContext(ctx, "body replace skipped due to non-fixed content length")
|
e.logger.WarnContext(ctx, "body replace skipped due to non-fixed content length")
|
||||||
break
|
break
|
||||||
@ -536,18 +549,19 @@ func (e *Engine) newHTTP1(ctx context.Context, this N.Dialer, conn net.Conn, tls
|
|||||||
e.logger.WarnContext(ctx, "body replace skipped due to large content length: ", request.ContentLength)
|
e.logger.WarnContext(ctx, "body replace skipped due to large content length: ", request.ContentLength)
|
||||||
break
|
break
|
||||||
}
|
}
|
||||||
body, err = io.ReadAll(response.Body)
|
responseBody, err = io.ReadAll(response.Body)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return E.Cause(err, "read HTTP request body")
|
return E.Cause(err, "read HTTP request body")
|
||||||
}
|
}
|
||||||
|
}
|
||||||
for mi := 0; i < len(rule.Match); i++ {
|
for mi := 0; i < len(rule.Match); i++ {
|
||||||
body = rule.Match[mi].ReplaceAll(body, []byte(rule.Replace[i]))
|
responseBody = rule.Match[mi].ReplaceAll(responseBody, []byte(rule.Replace[i]))
|
||||||
}
|
}
|
||||||
response.Body = io.NopCloser(bytes.NewReader(body))
|
response.Body = io.NopCloser(bytes.NewReader(responseBody))
|
||||||
response.ContentLength = int64(len(body))
|
response.ContentLength = int64(len(responseBody))
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if !requestMatch && !responseMatch {
|
if !options.Print && !requestMatch && !responseMatch {
|
||||||
e.logger.WarnContext(ctx, "request not modified")
|
e.logger.WarnContext(ctx, "request not modified")
|
||||||
}
|
}
|
||||||
err = response.Write(conn)
|
err = response.Write(conn)
|
||||||
@ -559,10 +573,11 @@ func (e *Engine) newHTTP1(ctx context.Context, this N.Dialer, conn net.Conn, tls
|
|||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func (e *Engine) newHTTP2(ctx context.Context, this N.Dialer, conn net.Conn, metadata adapter.InboundContext, onClose N.CloseHandlerFunc) error {
|
func (e *Engine) newHTTP2(ctx context.Context, this N.Dialer, conn net.Conn, tlsConfig *tls.Config, metadata adapter.InboundContext, onClose N.CloseHandlerFunc) error {
|
||||||
handler := &engineHandler{
|
handler := &engineHandler{
|
||||||
Engine: e,
|
Engine: e,
|
||||||
conn: conn,
|
conn: conn,
|
||||||
|
tlsConfig: tlsConfig,
|
||||||
dialer: this,
|
dialer: this,
|
||||||
metadata: metadata,
|
metadata: metadata,
|
||||||
httpClient: &http.Client{
|
httpClient: &http.Client{
|
||||||
@ -585,6 +600,7 @@ func (e *Engine) newHTTP2(ctx context.Context, this N.Dialer, conn net.Conn, met
|
|||||||
}
|
}
|
||||||
return tls.Client(remoteConn, cfg), nil
|
return tls.Client(remoteConn, cfg), nil
|
||||||
},
|
},
|
||||||
|
TLSClientConfig: tlsConfig,
|
||||||
},
|
},
|
||||||
CheckRedirect: func(req *http.Request, via []*http.Request) error {
|
CheckRedirect: func(req *http.Request, via []*http.Request) error {
|
||||||
return http.ErrUseLastResponse
|
return http.ErrUseLastResponse
|
||||||
@ -605,16 +621,17 @@ func (e *Engine) newHTTP2(ctx context.Context, this N.Dialer, conn net.Conn, met
|
|||||||
type engineHandler struct {
|
type engineHandler struct {
|
||||||
*Engine
|
*Engine
|
||||||
conn net.Conn
|
conn net.Conn
|
||||||
|
tlsConfig *tls.Config
|
||||||
dialer N.Dialer
|
dialer N.Dialer
|
||||||
metadata adapter.InboundContext
|
metadata adapter.InboundContext
|
||||||
onClose N.CloseHandlerFunc
|
onClose N.CloseHandlerFunc
|
||||||
|
|
||||||
httpClient *http.Client
|
httpClient *http.Client
|
||||||
}
|
}
|
||||||
|
|
||||||
func (e *engineHandler) ServeHTTP(writer http.ResponseWriter, request *http.Request) {
|
func (e *engineHandler) ServeHTTP(writer http.ResponseWriter, request *http.Request) {
|
||||||
err := e.serveHTTP(request.Context(), writer, request)
|
err := e.serveHTTP(request.Context(), writer, request)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
e.conn.Close()
|
||||||
if E.IsClosedOrCanceled(err) {
|
if E.IsClosedOrCanceled(err) {
|
||||||
e.logger.DebugContext(request.Context(), E.Cause(err, "connection closed"))
|
e.logger.DebugContext(request.Context(), E.Cause(err, "connection closed"))
|
||||||
} else {
|
} else {
|
||||||
@ -625,7 +642,6 @@ func (e *engineHandler) ServeHTTP(writer http.ResponseWriter, request *http.Requ
|
|||||||
|
|
||||||
func (e *engineHandler) serveHTTP(ctx context.Context, writer http.ResponseWriter, request *http.Request) error {
|
func (e *engineHandler) serveHTTP(ctx context.Context, writer http.ResponseWriter, request *http.Request) error {
|
||||||
options := e.metadata.MITM
|
options := e.metadata.MITM
|
||||||
e.metadata.MITM = nil
|
|
||||||
rawRequestURL := request.URL
|
rawRequestURL := request.URL
|
||||||
rawRequestURL.Scheme = "https"
|
rawRequestURL.Scheme = "https"
|
||||||
if rawRequestURL.Host == "" {
|
if rawRequestURL.Host == "" {
|
||||||
@ -657,10 +673,23 @@ func (e *engineHandler) serveHTTP(ctx context.Context, writer http.ResponseWrite
|
|||||||
requestMatch = true
|
requestMatch = true
|
||||||
break
|
break
|
||||||
}
|
}
|
||||||
var err error
|
var (
|
||||||
|
body []byte
|
||||||
|
err error
|
||||||
|
)
|
||||||
|
if options.Print && request.ContentLength > 0 && request.ContentLength <= 131072 {
|
||||||
|
body, err = io.ReadAll(request.Body)
|
||||||
|
if err != nil {
|
||||||
|
return E.Cause(err, "read HTTP request body")
|
||||||
|
}
|
||||||
|
request.Body.Close()
|
||||||
|
request.Body = io.NopCloser(bytes.NewReader(body))
|
||||||
|
}
|
||||||
|
if options.Print {
|
||||||
|
e.printRequest(ctx, request, body)
|
||||||
|
}
|
||||||
if requestScript != nil {
|
if requestScript != nil {
|
||||||
var body []byte
|
if body == nil && requestScript.RequiresBody() && request.ContentLength > 0 && (requestScript.MaxSize() == 0 && request.ContentLength <= 131072 || request.ContentLength <= requestScript.MaxSize()) {
|
||||||
if requestScript.RequiresBody() && request.ContentLength > 0 && (requestScript.MaxSize() == 0 && request.ContentLength <= 131072 || request.ContentLength <= requestScript.MaxSize()) {
|
|
||||||
body, err = io.ReadAll(request.Body)
|
body, err = io.ReadAll(request.Body)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return E.Cause(err, "read HTTP request body")
|
return E.Cause(err, "read HTTP request body")
|
||||||
@ -700,6 +729,7 @@ func (e *engineHandler) serveHTTP(ctx context.Context, writer http.ResponseWrite
|
|||||||
newDestination.Port = e.metadata.Destination.Port
|
newDestination.Port = e.metadata.Destination.Port
|
||||||
}
|
}
|
||||||
e.metadata.Destination = newDestination
|
e.metadata.Destination = newDestination
|
||||||
|
e.tlsConfig.ServerName = newURL.Hostname()
|
||||||
}
|
}
|
||||||
for key, values := range result.Headers {
|
for key, values := range result.Headers {
|
||||||
request.Header[key] = values
|
request.Header[key] = values
|
||||||
@ -734,6 +764,7 @@ func (e *engineHandler) serveHTTP(ctx context.Context, writer http.ResponseWrite
|
|||||||
newDestination.Port = e.metadata.Destination.Port
|
newDestination.Port = e.metadata.Destination.Port
|
||||||
}
|
}
|
||||||
e.metadata.Destination = newDestination
|
e.metadata.Destination = newDestination
|
||||||
|
e.tlsConfig.ServerName = rule.Destination.Hostname()
|
||||||
break
|
break
|
||||||
}
|
}
|
||||||
for i, rule := range options.SurgeHeaderRewrite {
|
for i, rule := range options.SurgeHeaderRewrite {
|
||||||
@ -876,18 +907,29 @@ func (e *engineHandler) serveHTTP(ctx context.Context, writer http.ResponseWrite
|
|||||||
responseMatch = true
|
responseMatch = true
|
||||||
break
|
break
|
||||||
}
|
}
|
||||||
if responseScript != nil {
|
var responseBody []byte
|
||||||
var body []byte
|
if options.Print && response.ContentLength > 0 && response.ContentLength <= 131072 {
|
||||||
if responseScript.RequiresBody() && response.ContentLength > 0 && (responseScript.MaxSize() == 0 && response.ContentLength <= 131072 || response.ContentLength <= responseScript.MaxSize()) {
|
responseBody, err = io.ReadAll(response.Body)
|
||||||
body, err = io.ReadAll(response.Body)
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return E.Cause(err, "read HTTP response body")
|
return E.Cause(err, "read HTTP response body")
|
||||||
}
|
}
|
||||||
response.Body.Close()
|
response.Body.Close()
|
||||||
response.Body = io.NopCloser(bytes.NewReader(body))
|
response.Body = io.NopCloser(bytes.NewReader(responseBody))
|
||||||
|
}
|
||||||
|
if options.Print {
|
||||||
|
e.printResponse(ctx, response, responseBody)
|
||||||
|
}
|
||||||
|
if responseScript != nil {
|
||||||
|
if responseBody == nil && responseScript.RequiresBody() && response.ContentLength > 0 && (responseScript.MaxSize() == 0 && response.ContentLength <= 131072 || response.ContentLength <= responseScript.MaxSize()) {
|
||||||
|
responseBody, err = io.ReadAll(response.Body)
|
||||||
|
if err != nil {
|
||||||
|
return E.Cause(err, "read HTTP response body")
|
||||||
|
}
|
||||||
|
response.Body.Close()
|
||||||
|
response.Body = io.NopCloser(bytes.NewReader(responseBody))
|
||||||
}
|
}
|
||||||
var result *adapter.HTTPResponseScriptResult
|
var result *adapter.HTTPResponseScriptResult
|
||||||
result, err = responseScript.Run(ctx, request, response, body)
|
result, err = responseScript.Run(ctx, request, response, responseBody)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return E.Cause(err, "execute script/", responseScript.Type(), "[", responseScript.Tag(), "]")
|
return E.Cause(err, "execute script/", responseScript.Type(), "[", responseScript.Tag(), "]")
|
||||||
}
|
}
|
||||||
@ -938,7 +980,7 @@ func (e *engineHandler) serveHTTP(ctx context.Context, writer http.ResponseWrite
|
|||||||
}
|
}
|
||||||
responseMatch = true
|
responseMatch = true
|
||||||
e.logger.DebugContext(ctx, "match body_rewrite[", i, "] => ", rule.String())
|
e.logger.DebugContext(ctx, "match body_rewrite[", i, "] => ", rule.String())
|
||||||
var body []byte
|
if responseBody == nil {
|
||||||
if response.ContentLength <= 0 {
|
if response.ContentLength <= 0 {
|
||||||
e.logger.WarnContext(ctx, "body replace skipped due to non-fixed content length")
|
e.logger.WarnContext(ctx, "body replace skipped due to non-fixed content length")
|
||||||
break
|
break
|
||||||
@ -946,22 +988,23 @@ func (e *engineHandler) serveHTTP(ctx context.Context, writer http.ResponseWrite
|
|||||||
e.logger.WarnContext(ctx, "body replace skipped due to large content length: ", request.ContentLength)
|
e.logger.WarnContext(ctx, "body replace skipped due to large content length: ", request.ContentLength)
|
||||||
break
|
break
|
||||||
}
|
}
|
||||||
body, err = io.ReadAll(response.Body)
|
responseBody, err = io.ReadAll(response.Body)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return E.Cause(err, "read HTTP request body")
|
return E.Cause(err, "read HTTP request body")
|
||||||
}
|
}
|
||||||
response.Body.Close()
|
response.Body.Close()
|
||||||
|
}
|
||||||
for mi := 0; i < len(rule.Match); i++ {
|
for mi := 0; i < len(rule.Match); i++ {
|
||||||
body = rule.Match[mi].ReplaceAll(body, []byte(rule.Replace[i]))
|
responseBody = rule.Match[mi].ReplaceAll(responseBody, []byte(rule.Replace[i]))
|
||||||
}
|
}
|
||||||
response.Body = io.NopCloser(bytes.NewReader(body))
|
response.Body = io.NopCloser(bytes.NewReader(responseBody))
|
||||||
response.ContentLength = int64(len(body))
|
response.ContentLength = int64(len(responseBody))
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if !requestMatch && !responseMatch {
|
if !options.Print && !requestMatch && !responseMatch {
|
||||||
e.logger.WarnContext(ctx, "request not modified")
|
e.logger.WarnContext(ctx, "request not modified")
|
||||||
}
|
}
|
||||||
for key, values := range request.Header {
|
for key, values := range response.Header {
|
||||||
writer.Header()[key] = values
|
writer.Header()[key] = values
|
||||||
}
|
}
|
||||||
writer.WriteHeader(response.StatusCode)
|
writer.WriteHeader(response.StatusCode)
|
||||||
@ -973,6 +1016,45 @@ func (e *engineHandler) serveHTTP(ctx context.Context, writer http.ResponseWrite
|
|||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (e *Engine) printRequest(ctx context.Context, request *http.Request, body []byte) {
|
||||||
|
e.logger.TraceContext(ctx, "request: ", request.Proto, " ", request.Method, " ", request.URL.String())
|
||||||
|
if request.URL.Hostname() != "" && request.URL.Hostname() != request.Host {
|
||||||
|
e.logger.TraceContext(ctx, "request: ", "Host: ", request.Host)
|
||||||
|
}
|
||||||
|
for key, values := range request.Header {
|
||||||
|
for _, value := range values {
|
||||||
|
e.logger.TraceContext(ctx, "request: ", key, ": ", value)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if len(body) > 0 {
|
||||||
|
if !bytes.ContainsFunc(body, func(r rune) bool {
|
||||||
|
return !unicode.IsPrint(r) && !unicode.IsSpace(r)
|
||||||
|
}) {
|
||||||
|
e.logger.TraceContext(ctx, "request: body: ", string(body))
|
||||||
|
} else {
|
||||||
|
e.logger.TraceContext(ctx, "request: body unprintable")
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func (e *Engine) printResponse(ctx context.Context, response *http.Response, body []byte) {
|
||||||
|
e.logger.TraceContext(ctx, "response: ", response.Proto, " ", response.Status)
|
||||||
|
for key, values := range response.Header {
|
||||||
|
for _, value := range values {
|
||||||
|
e.logger.TraceContext(ctx, "response: ", key, ": ", value)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if len(body) > 0 {
|
||||||
|
if !bytes.ContainsFunc(body, func(r rune) bool {
|
||||||
|
return !unicode.IsPrint(r) && !unicode.IsSpace(r)
|
||||||
|
}) {
|
||||||
|
e.logger.TraceContext(ctx, "response: ", string(body))
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
e.logger.TraceContext(ctx, "response: body unprintable")
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
type simpleResponseWriter struct {
|
type simpleResponseWriter struct {
|
||||||
statusCode int
|
statusCode int
|
||||||
header http.Header
|
header http.Header
|
||||||
|
|||||||
@ -18,6 +18,7 @@ type TLSDecryptionOptions struct {
|
|||||||
|
|
||||||
type MITMRouteOptions struct {
|
type MITMRouteOptions struct {
|
||||||
Enabled bool `json:"enabled,omitempty"`
|
Enabled bool `json:"enabled,omitempty"`
|
||||||
|
Print bool `json:"print,omitempty"`
|
||||||
Script badoption.Listable[string] `json:"script,omitempty"`
|
Script badoption.Listable[string] `json:"script,omitempty"`
|
||||||
SurgeURLRewrite badoption.Listable[SurgeURLRewriteLine] `json:"sg_url_rewrite,omitempty"`
|
SurgeURLRewrite badoption.Listable[SurgeURLRewriteLine] `json:"sg_url_rewrite,omitempty"`
|
||||||
SurgeHeaderRewrite badoption.Listable[SurgeHeaderRewriteLine] `json:"sg_header_rewrite,omitempty"`
|
SurgeHeaderRewrite badoption.Listable[SurgeHeaderRewriteLine] `json:"sg_header_rewrite,omitempty"`
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user