RubyGems - dongjia_ritm - Versions diffs - 1.0.4 - Mend

dongjia_ritm 1.0.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (21) hide show

checksums.yaml +7 -0
data/lib/ritm/certs/ca.rb +41 -0
data/lib/ritm/certs/certificate.rb +48 -0
data/lib/ritm/configuration.rb +74 -0
data/lib/ritm/dispatcher.rb +37 -0
data/lib/ritm/helpers/encodings.rb +63 -0
data/lib/ritm/helpers/patches.rb +58 -0
data/lib/ritm/helpers/utils.rb +15 -0
data/lib/ritm/interception/handlers.rb +12 -0
data/lib/ritm/interception/http_forwarder.rb +80 -0
data/lib/ritm/interception/intercept_utils.rb +82 -0
data/lib/ritm/interception/request_interceptor_servlet.rb +15 -0
data/lib/ritm/main.rb +17 -0
data/lib/ritm/proxy/cert_signing_https_server.rb +67 -0
data/lib/ritm/proxy/launcher.rb +70 -0
data/lib/ritm/proxy/proxy_server.rb +57 -0
data/lib/ritm/proxy/ssl_reverse_proxy.rb +57 -0
data/lib/ritm/session.rb +57 -0
data/lib/ritm/version.rb +3 -0
data/lib/ritm.rb +2 -0
metadata +229 -0

checksums.yaml ADDED Viewed

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: a153a707f90726c604a8ee1d7f4b5c8b56b46bdfbe5508b3eaa73ccd83c4e752
+  data.tar.gz: db8814c5492caafa00c56334520c24eba69efc81d5e85482cc1479ca6ac71ffe
+SHA512:
+  metadata.gz: 66da915d817a478faaa7e7551ef1a9e7f0798a5bccd980d7e593b9143511d444f9bb19ca2d6474f929767abc3d2b4ed3bb1a65ffe51f092d8e4b8ee73b721bd7
+  data.tar.gz: fa0b5609a8c211da90b70748b70a301577200993d842c9ca753ad3a8c52bc1a00f133db7f57abcb0f5ff327fdb3402fe23fb7dcfbd11c1a6916d70c72003e35f

data/lib/ritm/certs/ca.rb ADDED Viewed

@@ -0,0 +1,41 @@
+require 'certificate_authority'
+require 'ritm/certs/certificate'
+module Ritm
+  # Wrapper on a Certificate Authority with ability of signing certificates
+  class CA < Ritm::Certificate
+    def self.create(common_name: 'RubyInTheMiddle')
+      super(common_name, serial_number: 1) do |cert|
+        cert.signing_entity = true
+        cert.sign!(ca_signing_profile)
+        yield cert if block_given?
+      end
+    end
+    def self.load(crt, private_key)
+      super(crt, private_key) do |cert|
+        cert.signing_entity = true
+        cert.sign!(ca_signing_profile)
+        yield cert if block_given?
+      end
+    end
+    def sign(certificate)
+      certificate.cert.parent = @cert
+      certificate.cert.sign!(self.class.signing_profile)
+    end
+    def self.signing_profile
+      {
+        'extensions' => {
+          'keyUsage' => { 'usage' => %w[keyEncipherment digitalSignature] },
+          'extendedKeyUsage' => { 'usage' => %w[serverAuth clientAuth] }
+        }
+      }
+    end
+    def self.ca_signing_profile
+      { 'extensions' => { 'keyUsage' => { 'usage' => %w[critical keyCertSign keyEncipherment digitalSignature] } } }
+    end
+  end
+end

data/lib/ritm/certs/certificate.rb ADDED Viewed

@@ -0,0 +1,48 @@
+require 'certificate_authority'
+module Ritm
+  # Wraps a SSL Certificate via on-the-fly creation or loading from files
+  class Certificate
+    attr_accessor :cert
+    def self.load(crt, private_key)
+      x509 = OpenSSL::X509::Certificate.new(crt)
+      cert = CertificateAuthority::Certificate.from_openssl(x509)
+      cert.key_material.private_key = OpenSSL::PKey::RSA.new(private_key)
+      yield cert if block_given?
+      new cert
+    end
+    def self.create(common_name, serial_number: nil)
+      cert = CertificateAuthority::Certificate.new
+      cert.subject.common_name = common_name
+      cert.subject.organization = cert.subject.organizational_unit = 'RubyInTheMiddle'
+      cert.subject.country = 'AR'
+      cert.not_before = cert.not_before - 3600 * 24 * 30 # Substract 30 days
+      cert.serial_number.number = serial_number || common_name.hash.abs
+      cert.key_material.generate_key(2048)
+      yield cert if block_given?
+      new cert
+    end
+    def initialize(cert)
+      @cert = cert
+    end
+    def private_key
+      @cert.key_material.private_key
+    end
+    def public_key
+      @cert.key_material.public_key
+    end
+    def pem
+      @cert.to_pem
+    end
+    def x509
+      @cert.openssl_body
+    end
+  end
+end

data/lib/ritm/configuration.rb ADDED Viewed

@@ -0,0 +1,74 @@
+require 'dot_hash'
+require 'set'
+module Ritm
+  class Configuration
+    def default_settings # rubocop:disable Metrics/MethodLength
+      {
+        proxy: {
+          bind_address: '127.0.0.1',
+          bind_port: 8080
+        },
+        ssl_reverse_proxy: {
+          bind_address: '127.0.0.1',
+          bind_port: 8081,
+          ca: {
+            pem: nil,
+            key: nil
+          }
+        },
+        intercept: {
+          enabled: true,
+          request: {
+            add_headers: {},
+            strip_headers: [/proxy-*/],
+            unpack_gzip_deflate: true,
+            update_content_length: true
+          },
+          response: {
+            add_headers: { 'connection' => 'close' },
+            strip_headers: ['strict-transport-security'],
+            unpack_gzip_deflate: true,
+            update_content_length: true
+          },
+          process_chunked_encoded_transfer: true
+        },
+        misc: {
+          ssl_pass_through: [],
+          upstream_proxy: nil
+        }
+      }
+    end
+    def initialize
+      reset
+    end
+    def reset
+      @settings = default_settings.to_properties
+    end
+    def method_missing(m, *args, &block)
+      if @settings.respond_to?(m)
+        @settings.send(m, *args, &block)
+      else
+        super
+      end
+    end
+    def enable
+      @settings.intercept[:enabled] = true
+    end
+    def disable
+      @settings.intercept[:enabled] = false
+    end
+    def respond_to_missing?(method_name, _include_private = false)
+      @settings.respond_to?(method_name) || super
+    end
+  end
+end

data/lib/ritm/dispatcher.rb ADDED Viewed

@@ -0,0 +1,37 @@
+module Ritm
+  # Keeps a list of subscribers and notifies them when requests/responses are intercepted
+  class Dispatcher
+    def initialize
+      @handlers = { on_request: [], on_response: [] }
+    end
+    def add_handler(handler)
+      on_request { |*args| handler.on_request(*args) } if handler.respond_to? :on_request
+      on_response { |*args| handler.on_response(*args) } if handler.respond_to? :on_response
+    end
+    def on_request(&block)
+      @handlers[:on_request] << block
+    end
+    def on_response(&block)
+      @handlers[:on_response] << block
+    end
+    def notify_request(request)
+      notify(:on_request, request)
+    end
+    def notify_response(request, response)
+      notify(:on_response, request, response)
+    end
+    private
+    def notify(event, *args)
+      @handlers[event].each do |handler|
+        handler.call(*args)
+      end
+    end
+  end
+end

data/lib/ritm/helpers/encodings.rb ADDED Viewed

@@ -0,0 +1,63 @@
+require 'zlib'
+module Ritm
+  module Encodings
+    ENCODINGS = %i[identity gzip deflate].freeze
+    def self.encode(encoding, data)
+      case encoding
+      when :gzip
+        encode_gzip(data)
+      when :deflate
+        encode_deflate(data)
+      when :identity
+        identity(data)
+      else
+        raise "Unsupported encoding #{encoding}"
+      end
+    end
+    def self.decode(encoding, data)
+      case encoding
+      when :gzip
+        decode_gzip(data)
+      when :deflate
+        decode_deflate(data)
+      when :identity
+        identity(data)
+      else
+        raise "Unsupported encoding #{encoding}"
+      end
+    end
+    class << self
+      private
+      def identity(data)
+        data
+      end
+      def encode_gzip(data)
+        wio = StringIO.new('wb')
+        w_gz = Zlib::GzipWriter.new(wio)
+        w_gz.write(data)
+        w_gz.close
+        wio.string
+      end
+      def decode_gzip(data)
+        io = StringIO.new(data, 'rb')
+        gz = Zlib::GzipReader.new(io)
+        gz.read
+      end
+      def encode_deflate(data)
+        Zlib::Deflate.deflate(data)
+      end
+      def decode_deflate(data)
+        Zlib::Inflate.inflate(data)
+      end
+    end
+  end
+end

data/lib/ritm/helpers/patches.rb ADDED Viewed

@@ -0,0 +1,58 @@
+require 'openssl'
+require 'webrick'
+require 'webrick/httpproxy'
+require 'ritm/helpers/utils'
+# Patch WEBrick too short max uri length
+Ritm::Utils.silence_warnings { WEBrick::HTTPRequest::MAX_URI_LENGTH = 4000 }
+# Digest::Digest is deprecated. This has been fixed in certificate_authority master
+# but the project is no longer maintained and the fixed version was never published
+Ritm::Utils.silence_warnings { OpenSSL::Digest::Digest = OpenSSL::Digest }
+# Make request method writable
+WEBrick::HTTPRequest.instance_eval { attr_accessor :request_method, :unparsed_uri }
+module WEBrick
+  # Other patches to WEBrick::HTTPRequest
+  class HTTPRequest
+    def []=(header_name, *values)
+      @header[header_name.downcase] = values.map(&:to_s)
+    end
+    def body=(str)
+      body # Read current body
+      @body = str
+    end
+    def request_uri=(uri)
+      @request_uri = parse_uri(uri.to_s)
+    end
+  end
+  # Support other methods in HTTPServer
+  class HTTPServer
+    def do_DELETE(req, res)
+      perform_proxy_request(req, res) do |http, path, header|
+        http.delete(path, header)
+      end
+    end
+    def do_PUT(req, res)
+      perform_proxy_request(req, res) do |http, path, header|
+        http.put(path, req.body || '', header)
+      end
+    end
+    def do_PATCH(req, res)
+      perform_proxy_request(req, res) do |http, path, header|
+        http.patch(path, req.body || '', header)
+      end
+    end
+    # TODO: make sure options gets proxied too (so trace)
+    def do_OPTIONS(_req, res)
+      res['allow'] = 'GET,HEAD,POST,PUT,PATCH,DELETE,OPTIONS,CONNECT'
+    end
+  end
+end

data/lib/ritm/helpers/utils.rb ADDED Viewed

@@ -0,0 +1,15 @@
+module Ritm
+  # Shortcuts and other utilities to be included
+  # in modules/classes
+  module Utils
+    # Runs a block of code without warnings.
+    def self.silence_warnings
+      warn_level = $VERBOSE
+      $VERBOSE = nil
+      result = yield
+      $VERBOSE = warn_level
+      result
+    end
+  end
+end

data/lib/ritm/interception/handlers.rb ADDED Viewed

@@ -0,0 +1,12 @@
+def default_request_handler(session)
+  proc do |req|
+    session.dispatcher.notify_request(req) if session.conf.intercept.enabled
+  end
+end
+def default_response_handler(session)
+  proc do |req, res|
+    session.dispatcher.notify_response(req, res) if session.conf.intercept.enabled
+  end
+end

data/lib/ritm/interception/http_forwarder.rb ADDED Viewed

@@ -0,0 +1,80 @@
+require 'faraday'
+require 'ritm/interception/intercept_utils'
+require 'webrick/cookie'
+module Ritm
+  # Forwarder that acts as a WEBrick <-> Faraday adaptor: Works this way:
+  #  1. A WEBrick request objects is received
+  #  2. The WEBrick request object is sent to the request interceptor
+  #  3. The (maybe modified) WEBrick request object is transformed into a Faraday request and sent to destination server
+  #  4. The Faraday response obtained from the server is transformed into a WEBrick response
+  #  5. The WEBrick response object is sent to the response interceptor
+  #  6. The (maybe modified) WEBrick response object is sent back to the client
+  #
+  # Besides the possible modifications to be done by interceptors there might be automated globally configured
+  # transformations like header stripping/adding.
+  class ParamEncoder
+    def encode(params)
+      pairs = params.map { |k, v| "#{k}=#{v}" }
+      pairs.join('&')
+    end
+    def decode(query)
+      query.split('&').each_with_object({}) do |param, params|
+        k, v = param.split('=')
+        params[k] = v
+      end
+    end
+  end
+  class HTTPForwarder
+    include InterceptUtils
+    def initialize(request_interceptor, response_interceptor, context_config)
+      @request_interceptor = request_interceptor
+      @response_interceptor = response_interceptor
+      @config = context_config
+      # TODO: make SSL verification a configuration setting
+      @client = Faraday.new(
+        ssl: { verify: false },
+        request: { params_encoder: ParamEncoder.new }
+      ) do |conn|
+        conn.adapter :net_http
+      end
+    end
+    def forward(request, response)
+      intercept_request(@request_interceptor, request, @config.intercept.request)
+      faraday_response = faraday_forward request
+      to_webrick_response faraday_response, response
+      intercept_response(@response_interceptor, request, response, @config.intercept.response)
+    end
+    private
+    def faraday_forward(request)
+      req_method = request.request_method.downcase
+      @client.send req_method do |req|
+        req.options[:proxy] = @config.misc.upstream_proxy
+        req.url request.request_uri
+        req.body = request.body
+        request.header.each { |name, value| req.headers[name] = value }
+      end
+    end
+    def to_webrick_response(faraday_response, webrick_response)
+      webrick_response.status = faraday_response.status
+      webrick_response.body = faraday_response.body
+      faraday_response.headers.each do |name, value|
+        case name
+        when 'set-cookie'
+          WEBrick::Cookie.parse_set_cookies(value).each { |cookie| webrick_response.cookies << cookie }
+        else
+          webrick_response[name] = value
+        end
+      end
+      webrick_response
+    end
+  end
+end

data/lib/ritm/interception/intercept_utils.rb ADDED Viewed

@@ -0,0 +1,82 @@
+require 'ritm/helpers/encodings'
+module Ritm
+  # Interceptor callbacks calling logic shared by the HTTP Proxy Server and the SSL Reverse Proxy Server
+  module InterceptUtils
+    def intercept_request(handler, request, intercept_request_settings)
+      return if handler.nil?
+      preprocess(request, intercept_request_settings)
+      handler.call(request)
+      postprocess(request, intercept_request_settings)
+    end
+    def intercept_response(handler, request, response, intercept_response_settings)
+      return if handler.nil?
+      preprocess(response, intercept_response_settings)
+      handler.call(request, response)
+      postprocess(response, intercept_response_settings)
+    end
+    private
+    def preprocess(req_res, settings)
+      headers = header_obj(req_res)
+      decode(req_res) if settings.unpack_gzip_deflate
+      req_res.header.delete_if { |name, _v| strip?(name, settings.strip_headers) }
+      settings.add_headers.each { |name, value| headers[name] = value }
+      req_res.header.delete('transfer-encoding') if chunked?(headers)
+    end
+    def postprocess(req_res, settings)
+      header_obj(req_res)['content-length'] = (req_res.body || '').bytesize.to_s if settings.update_content_length
+    end
+    def chunked?(headers)
+      headers['transfer-encoding'] && headers['transfer-encoding'].casecmp('chunked')
+    end
+    def content_encoding(req_res)
+      ce = header_obj(req_res)['content-encoding'] || ''
+      case ce.downcase
+      when 'gzip', 'x-gzip'
+        :gzip
+      when 'deflate'
+        :deflate
+      else
+        :identity
+      end
+    end
+    def header_obj(req_res)
+      case req_res
+      when WEBrick::HTTPRequest
+        req_res
+      when WEBrick::HTTPResponse
+        req_res.header
+      end
+    end
+    def decode(req_res)
+      encoding = content_encoding(req_res)
+      return if encoding == :identity
+      req_res.body = Encodings.decode(encoding, req_res.body)
+      req_res.header.delete('content-encoding')
+      headers = header_obj(req_res)
+      headers['content-length'] = (req_res.body || '').bytesize.to_s
+    end
+    def strip?(header, rules)
+      header = header.to_s.downcase
+      rules.each do |rule|
+        case rule
+        when String
+          return true if header == rule
+        when Regexp
+          return true if header =~ rule
+        end
+      end
+      false
+    end
+  end
+end

data/lib/ritm/interception/request_interceptor_servlet.rb ADDED Viewed

@@ -0,0 +1,15 @@
+require 'webrick'
+module Ritm
+  # Actual implementation of the SSL Reverse Proxy service (decoupled from the certificate handling)
+  class RequestInterceptorServlet < WEBrick::HTTPServlet::AbstractServlet
+    def initialize(server, forwarder)
+      super server
+      @forwarder = forwarder
+    end
+    def service(request, response)
+      @forwarder.forward(request, response)
+    end
+  end
+end

data/lib/ritm/main.rb ADDED Viewed

@@ -0,0 +1,17 @@
+require 'ritm/session'
+module Ritm
+  GLOBAL_SESSION = Session.new
+  def self.method_missing(m, *args, &block)
+    if GLOBAL_SESSION.respond_to?(m)
+      GLOBAL_SESSION.send(m, *args, &block)
+    else
+      super
+    end
+  end
+  def self.respond_to_missing?(method_name, _include_private = false)
+    GLOBAL_SESSION.respond_to?(method_name) || super
+  end
+end

data/lib/ritm/proxy/cert_signing_https_server.rb ADDED Viewed

@@ -0,0 +1,67 @@
+require 'openssl'
+require 'webrick'
+require 'webrick/https'
+require 'ritm/certs/certificate'
+IS_RUBY_2_4_OR_OLDER = Gem::Version.new(RUBY_VERSION) >= Gem::Version.new('2.4')
+module Ritm
+  module Proxy
+    # Patches WEBrick::HTTPServer SSL context creation to get
+    # a callback on the 'Client Helo' step of the SSL-Handshake if SNI is specified
+    # So RitM can create self-signed certificates on the fly
+    class CertSigningHTTPSServer < WEBrick::HTTPServer
+      # Override
+      def setup_ssl_context(config)
+        ctx = super(config)
+        prepare_sni_callback(ctx, config[:ca])
+        ctx
+      end
+      private
+      # Keeps track of the created self-signed certificates
+      # TODO: this can grow a lot and take up memory, fix by either:
+      # 1. implementing wildcard certificates generation (so there's one certificate per top level domain)
+      # 2. Use the same key material (private/public keys) for all the server names and just do the signing on-the-fly
+      # 3. both of the above
+      def prepare_sni_callback(ctx, ca)
+        contexts = {}
+        mutex = Mutex.new
+        # Sets the SNI callback on the SSLTCPSocket
+        ctx.servername_cb = proc do |sock, servername|
+          mutex.synchronize do
+            unless contexts.include? servername
+              cert = Ritm::Certificate.create(servername)
+              cert.cert.extensions['subjectAltName'].dns_names = [servername]
+              ca.sign(cert)
+              contexts[servername] = context_with_cert(sock.context, cert)
+            end
+          end
+          contexts[servername]
+        end
+      end
+      def context_with_cert(original_ctx, cert)
+        ctx = duplicate_context(original_ctx)
+        ctx.key = cert.private_key
+        ctx.cert = cert.x509
+        ctx
+      end
+      def duplicate_context(original_ctx)
+        return original_ctx.dup unless IS_RUBY_2_4_OR_OLDER
+        ctx = OpenSSL::SSL::SSLContext.new
+        original_ctx.instance_variables.each do |variable_name|
+          prop_name = variable_name.to_s.sub(/^@/, '')
+          set_prop_method = "#{prop_name}="
+          ctx.send(set_prop_method, original_ctx.send(prop_name)) if ctx.respond_to? set_prop_method
+        end
+        ctx
+      end
+    end
+  end
+end

data/lib/ritm/proxy/launcher.rb ADDED Viewed

@@ -0,0 +1,70 @@
+require 'ritm/proxy/ssl_reverse_proxy'
+require 'ritm/proxy/proxy_server'
+require 'ritm/certs/ca'
+require 'ritm/interception/handlers'
+require 'ritm/interception/http_forwarder'
+module Ritm
+  module Proxy
+    # Launches the Proxy server and the SSL Reverse Proxy with the given settings
+    class Launcher
+      def initialize(session)
+        build_settings(session)
+        build_reverse_proxy
+        build_proxy
+      end
+      def start
+        @https.start_async
+        @http.start_async
+      end
+      def shutdown
+        @https.shutdown
+        @http.shutdown
+      end
+      private
+      def build_settings(session)
+        @conf = session.conf
+        ssl_proxy_host = @conf.ssl_reverse_proxy.bind_address
+        ssl_proxy_port = @conf.ssl_reverse_proxy.bind_port
+        @https_forward = "#{ssl_proxy_host}:#{ssl_proxy_port}"
+        request_interceptor = default_request_handler(session)
+        response_interceptor = default_response_handler(session)
+        @forwarder = HTTPForwarder.new(request_interceptor, response_interceptor, @conf)
+        crt_path = @conf.ssl_reverse_proxy.ca.pem
+        key_path = @conf.ssl_reverse_proxy.ca.key
+        @certificate = ca_certificate(crt_path, key_path)
+      end
+      def build_proxy
+        @http = Ritm::Proxy::ProxyServer.new(BindAddress: @conf.proxy.bind_address,
+                                             Port: @conf.proxy.bind_port,
+                                             AccessLog: [],
+                                             Logger: WEBrick::Log.new(File.open(File::NULL, 'w')),
+                                             https_forward: @https_forward,
+                                             ProxyVia: nil,
+                                             forwarder: @forwarder,
+                                             ritm_conf: @conf)
+      end
+      def build_reverse_proxy
+        @https = Ritm::Proxy::SSLReverseProxy.new(@conf.ssl_reverse_proxy.bind_port,
+                                                  @certificate,
+                                                  @forwarder)
+      end
+      def ca_certificate(pem, key)
+        if pem.nil? || key.nil?
+          Ritm::CA.create
+        else
+          Ritm::CA.load(File.read(pem), File.read(key))
+        end
+      end
+    end
+  end
+end

data/lib/ritm/proxy/proxy_server.rb ADDED Viewed

@@ -0,0 +1,57 @@
+require 'webrick'
+require 'webrick/httpproxy'
+require 'ritm/helpers/patches'
+module Ritm
+  module Proxy
+    # Proxy server that accepts request and response intercept handlers for HTTP traffic
+    # HTTPS traffic is redirected to the SSLReverseProxy for interception
+    class ProxyServer < WEBrick::HTTPProxyServer
+      def start_async
+        trap(:TERM) { shutdown }
+        trap(:INT) { shutdown }
+        Thread.new { start }
+      end
+      # Override
+      # Patches the destination address on HTTPS connections to go via the HTTPS Reverse Proxy
+      def do_CONNECT(req, res)
+        req.unparsed_uri = @config[:https_forward] unless ssl_pass_through? req.unparsed_uri
+        super
+      end
+      # Override
+      # Handles HTTP (no SSL) traffic interception
+      def proxy_service(req, res)
+        # Proxy Authentication
+        proxy_auth(req, res)
+        @config[:forwarder].forward(req, res)
+      end
+      # Override
+      def proxy_uri(req, _res)
+        if req.request_method == 'CONNECT'
+          # Let the reverse proxy handle upstream proxies for https
+          nil
+        else
+          proxy = @config[:ritm_conf].misc.upstream_proxy
+          proxy.nil? ? nil : URI.parse(proxy)
+        end
+      end
+      private
+      def ssl_pass_through?(destination)
+        @config[:ritm_conf].misc.ssl_pass_through.each do |matcher|
+          case matcher
+          when String
+            return true if destination == matcher
+          when Regexp
+            return true if destination =~ matcher
+          end
+        end
+        false
+      end
+    end
+  end
+end

data/lib/ritm/proxy/ssl_reverse_proxy.rb ADDED Viewed

@@ -0,0 +1,57 @@
+require 'ritm/helpers/patches'
+require 'ritm/interception/request_interceptor_servlet'
+require 'ritm/proxy/cert_signing_https_server'
+require 'ritm/certs/certificate'
+module Ritm
+  module Proxy
+    # SSL Intercept reverse proxy server. Supports interception of https request and responses
+    # It does man-in-the-middle with on-the-fly certificate signing using the given CA
+    class SSLReverseProxy
+      # Creates a HTTPS server with the given settings
+      # @param port [Fixnum]: TCP port to bind the service
+      # @param ca [Ritm::CA]: The certificate authority used to sign fake server certificates
+      # @param forwarder [Ritm::HTTPForwarder]: Forwards http traffic with interception
+      def initialize(port, ca, forwarder)
+        @ca = ca
+        default_vhost = 'localhost'
+        @server = CertSigningHTTPSServer.new(Port: port,
+                                             AccessLog: [],
+                                             Logger: WEBrick::Log.new(File.open(File::NULL, 'w')),
+                                             ca: ca,
+                                             **vhost_settings(default_vhost))
+        @server.mount '/', RequestInterceptorServlet, forwarder
+      end
+      def start_async
+        trap(:TERM) { shutdown }
+        trap(:INT) { shutdown }
+        Thread.new { @server.start }
+      end
+      def shutdown
+        @server.shutdown
+      end
+      private
+      def gen_signed_cert(common_name)
+        cert = Ritm::Certificate.create(common_name)
+        @ca.sign(cert)
+        cert
+      end
+      def vhost_settings(hostname)
+        cert = gen_signed_cert(hostname)
+        {
+          ServerName: hostname,
+          SSLEnable: true,
+          SSLVerifyClient: OpenSSL::SSL::VERIFY_NONE,
+          SSLPrivateKey: OpenSSL::PKey::RSA.new(cert.private_key),
+          SSLCertificate: OpenSSL::X509::Certificate.new(cert.pem),
+          SSLCertName: [['CN', hostname]]
+        }
+      end
+    end
+  end
+end

data/lib/ritm/session.rb ADDED Viewed

@@ -0,0 +1,57 @@
+require 'ritm/dispatcher'
+require 'ritm/proxy/launcher'
+require 'ritm/configuration'
+module Ritm
+  # Holds the context of a interception session.
+  # Changes in the context configuration should affect only this session
+  class Session
+    attr_reader :conf, :dispatcher
+    def initialize
+      @conf = Configuration.new
+      @dispatcher = Dispatcher.new
+      @proxy = nil
+    end
+    # Define configuration settings
+    def configure(&block)
+      conf.instance_eval(&block)
+    end
+    # Re-enable fuzzing (if it was disabled)
+    def enable
+      conf.enable
+    end
+    # Disable fuzzing (if it was enabled)
+    def disable
+      conf.disable
+    end
+    # Start the proxy service
+    def start
+      raise 'Proxy already started' unless @proxy.nil?
+      @proxy = Proxy::Launcher.new(self)
+      @proxy.start
+    end
+    # Shutdown the proxy service
+    def shutdown
+      @proxy.shutdown unless @proxy.nil?
+      @proxy = nil
+    end
+    def add_handler(handler)
+      dispatcher.add_handler(handler)
+    end
+    def on_request(&block)
+      dispatcher.on_request(&block)
+    end
+    def on_response(&block)
+      dispatcher.on_response(&block)
+    end
+  end
+end

data/lib/ritm/version.rb ADDED Viewed

@@ -0,0 +1,3 @@
+module Ritm
+  VERSION = '1.0.4'.freeze
+end

data/lib/ritm.rb ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ require 'ritm/version'
2	+ require 'ritm/main'

metadata ADDED Viewed

@@ -0,0 +1,229 @@
+--- !ruby/object:Gem::Specification
+name: dongjia_ritm
+version: !ruby/object:Gem::Version
+  version: 1.0.4
+platform: ruby
+authors:
+- dongjia
+autorequire:
+bindir: bin
+cert_chain: []
+date: 2020-03-18 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: certificate_authority
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.1.6
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.1.6
+- !ruby/object:Gem::Dependency
+  name: dot_hash
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.5'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.5'
+- !ruby/object:Gem::Dependency
+  name: faraday
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.13'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.13'
+- !ruby/object:Gem::Dependency
+  name: webrick
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.3'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.3'
+- !ruby/object:Gem::Dependency
+  name: httpclient
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.8'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.8'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '12.2'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '12.2'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.7'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.7'
+- !ruby/object:Gem::Dependency
+  name: rubocop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.51'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.51'
+- !ruby/object:Gem::Dependency
+  name: simplecov
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.15'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.15'
+- !ruby/object:Gem::Dependency
+  name: sinatra
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+- !ruby/object:Gem::Dependency
+  name: sinatra-contrib
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+- !ruby/object:Gem::Dependency
+  name: thin
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.7'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.7'
+description: HTTP(S) Intercept Proxy
+email: ios@idongjia.cn
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- lib/ritm.rb
+- lib/ritm/certs/ca.rb
+- lib/ritm/certs/certificate.rb
+- lib/ritm/configuration.rb
+- lib/ritm/dispatcher.rb
+- lib/ritm/helpers/encodings.rb
+- lib/ritm/helpers/patches.rb
+- lib/ritm/helpers/utils.rb
+- lib/ritm/interception/handlers.rb
+- lib/ritm/interception/http_forwarder.rb
+- lib/ritm/interception/intercept_utils.rb
+- lib/ritm/interception/request_interceptor_servlet.rb
+- lib/ritm/main.rb
+- lib/ritm/proxy/cert_signing_https_server.rb
+- lib/ritm/proxy/launcher.rb
+- lib/ritm/proxy/proxy_server.rb
+- lib/ritm/proxy/ssl_reverse_proxy.rb
+- lib/ritm/session.rb
+- lib/ritm/version.rb
+homepage: https://github.com/argos83/ritm
+licenses:
+- MIT
+metadata: {}
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.1.2
+signing_key:
+specification_version: 4
+summary: Ruby In The Middle
+test_files: []