RubyGems - dongjia_ritm - Versions diffs - 1.0.4 - Mend

dongjia_ritm 1.0.4

Files changed (21) hide show

checksums.yaml +7 -0
data/lib/ritm/certs/ca.rb +41 -0
data/lib/ritm/certs/certificate.rb +48 -0
data/lib/ritm/configuration.rb +74 -0
data/lib/ritm/dispatcher.rb +37 -0
data/lib/ritm/helpers/encodings.rb +63 -0
data/lib/ritm/helpers/patches.rb +58 -0
data/lib/ritm/helpers/utils.rb +15 -0
data/lib/ritm/interception/handlers.rb +12 -0
data/lib/ritm/interception/http_forwarder.rb +80 -0
data/lib/ritm/interception/intercept_utils.rb +82 -0
data/lib/ritm/interception/request_interceptor_servlet.rb +15 -0
data/lib/ritm/main.rb +17 -0
data/lib/ritm/proxy/cert_signing_https_server.rb +67 -0
data/lib/ritm/proxy/launcher.rb +70 -0
data/lib/ritm/proxy/proxy_server.rb +57 -0
data/lib/ritm/proxy/ssl_reverse_proxy.rb +57 -0
data/lib/ritm/session.rb +57 -0
data/lib/ritm/version.rb +3 -0
data/lib/ritm.rb +2 -0
metadata +229 -0

checksums.yaml ADDED Viewed

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: a153a707f90726c604a8ee1d7f4b5c8b56b46bdfbe5508b3eaa73ccd83c4e752
+  data.tar.gz: db8814c5492caafa00c56334520c24eba69efc81d5e85482cc1479ca6ac71ffe
+SHA512:
+  metadata.gz: 66da915d817a478faaa7e7551ef1a9e7f0798a5bccd980d7e593b9143511d444f9bb19ca2d6474f929767abc3d2b4ed3bb1a65ffe51f092d8e4b8ee73b721bd7
+  data.tar.gz: fa0b5609a8c211da90b70748b70a301577200993d842c9ca753ad3a8c52bc1a00f133db7f57abcb0f5ff327fdb3402fe23fb7dcfbd11c1a6916d70c72003e35f

data/lib/ritm/certs/ca.rb ADDED Viewed

@@ -0,0 +1,41 @@
+require 'certificate_authority'
+require 'ritm/certs/certificate'
+module Ritm
+  # Wrapper on a Certificate Authority with ability of signing certificates
+  class CA < Ritm::Certificate
+    def self.create(common_name: 'RubyInTheMiddle')
+      super(common_name, serial_number: 1) do |cert|
+        cert.signing_entity = true
+        cert.sign!(ca_signing_profile)
+        yield cert if block_given?
+      end
+    end
+    def self.load(crt, private_key)
+      super(crt, private_key) do |cert|
+        cert.signing_entity = true
+        cert.sign!(ca_signing_profile)
+        yield cert if block_given?
+      end
+    end
+    def sign(certificate)
+      certificate.cert.parent = @cert
+      certificate.cert.sign!(self.class.signing_profile)
+    end
+    def self.signing_profile
+      {
+        'extensions' => {
+          'keyUsage' => { 'usage' => %w[keyEncipherment digitalSignature] },
+          'extendedKeyUsage' => { 'usage' => %w[serverAuth clientAuth] }
+        }
+      }
+    end
+    def self.ca_signing_profile
+      { 'extensions' => { 'keyUsage' => { 'usage' => %w[critical keyCertSign keyEncipherment digitalSignature] } } }
+    end
+  end
+end

data/lib/ritm/certs/certificate.rb ADDED Viewed

@@ -0,0 +1,48 @@
+require 'certificate_authority'
+module Ritm
+  # Wraps a SSL Certificate via on-the-fly creation or loading from files
+  class Certificate
+    attr_accessor :cert
+    def self.load(crt, private_key)
+      x509 = OpenSSL::X509::Certificate.new(crt)
+      cert = CertificateAuthority::Certificate.from_openssl(x509)
+      cert.key_material.private_key = OpenSSL::PKey::RSA.new(private_key)
+      yield cert if block_given?
+      new cert
+    end
+    def self.create(common_name, serial_number: nil)
+      cert = CertificateAuthority::Certificate.new
+      cert.subject.common_name = common_name
+      cert.subject.organization = cert.subject.organizational_unit = 'RubyInTheMiddle'
+      cert.subject.country = 'AR'
+      cert.not_before = cert.not_before - 3600 * 24 * 30 # Substract 30 days
+      cert.serial_number.number = serial_number || common_name.hash.abs
+      cert.key_material.generate_key(2048)
+      yield cert if block_given?
+      new cert
+    end
+    def initialize(cert)
+      @cert = cert
+    end
+    def private_key
+      @cert.key_material.private_key
+    end
+    def public_key
+      @cert.key_material.public_key
+    end
+    def pem
+      @cert.to_pem
+    end
+    def x509
+      @cert.openssl_body
+    end
+  end
+end

data/lib/ritm/configuration.rb ADDED Viewed

@@ -0,0 +1,74 @@
+require 'dot_hash'
+require 'set'
+module Ritm
+  class Configuration
+    def default_settings # rubocop:disable Metrics/MethodLength
+      {
+        proxy: {
+          bind_address: '127.0.0.1',
+          bind_port: 8080
+        },
+        ssl_reverse_proxy: {
+          bind_address: '127.0.0.1',
+          bind_port: 8081,
+          ca: {
+            pem: nil,
+            key: nil
+          }
+        },
+        intercept: {
+          enabled: true,
+          request: {
+            add_headers: {},
+            strip_headers: [/proxy-*/],
+            unpack_gzip_deflate: true,
+            update_content_length: true
+          },
+          response: {
+            add_headers: { 'connection' => 'close' },
+            strip_headers: ['strict-transport-security'],
+            unpack_gzip_deflate: true,
+            update_content_length: true
+          },
+          process_chunked_encoded_transfer: true
+        },
+        misc: {
+          ssl_pass_through: [],
+          upstream_proxy: nil
+        }
+      }
+    end
+    def initialize
+      reset
+    end
+    def reset
+      @settings = default_settings.to_properties
+    end
+    def method_missing(m, *args, &block)
+      if @settings.respond_to?(m)
+        @settings.send(m, *args, &block)
+      else
+        super
+      end
+    end
+    def enable
+      @settings.intercept[:enabled] = true
+    end
+    def disable
+      @settings.intercept[:enabled] = false
+    end
+    def respond_to_missing?(method_name, _include_private = false)
+      @settings.respond_to?(method_name) || super
+    end
+  end
+end

data/lib/ritm/dispatcher.rb ADDED Viewed

@@ -0,0 +1,37 @@
+module Ritm
+  # Keeps a list of subscribers and notifies them when requests/responses are intercepted
+  class Dispatcher
+    def initialize
+      @handlers = { on_request: [], on_response: [] }
+    end
+    def add_handler(handler)
+      on_request { |*args| handler.on_request(*args) } if handler.respond_to? :on_request
+      on_response { |*args| handler.on_response(*args) } if handler.respond_to? :on_response
+    end
+    def on_request(&block)
+      @handlers[:on_request] << block
+    end
+    def on_response(&block)
+      @handlers[:on_response] << block
+    end
+    def notify_request(request)
+      notify(:on_request, request)
+    end
+    def notify_response(request, response)
+      notify(:on_response, request, response)
+    end
+    private
+    def notify(event, *args)
+      @handlers[event].each do |handler|
+        handler.call(*args)
+      end
+    end
+  end
+end

data/lib/ritm/helpers/encodings.rb ADDED Viewed

@@ -0,0 +1,63 @@
+require 'zlib'
+module Ritm
+  module Encodings
+    ENCODINGS = %i[identity gzip deflate].freeze
+    def self.encode(encoding, data)
+      case encoding
+      when :gzip
+        encode_gzip(data)
+      when :deflate
+        encode_deflate(data)
+      when :identity
+        identity(data)
+      else
+        raise "Unsupported encoding #{encoding}"
+      end
+    end
+    def self.decode(encoding, data)
+      case encoding
+      when :gzip
+        decode_gzip(data)
+      when :deflate
+        decode_deflate(data)
+      when :identity
+        identity(data)
+      else
+        raise "Unsupported encoding #{encoding}"
+      end
+    end
+    class << self
+      private
+      def identity(data)
+        data
+      end
+      def encode_gzip(data)
+        wio = StringIO.new('wb')
+        w_gz = Zlib::GzipWriter.new(wio)
+        w_gz.write(data)
+        w_gz.close
+        wio.string
+      end
+      def decode_gzip(data)
+        io = StringIO.new(data, 'rb')
+        gz = Zlib::GzipReader.new(io)
+        gz.read
+      end
+      def encode_deflate(data)
+        Zlib::Deflate.deflate(data)
+      end
+      def decode_deflate(data)
+        Zlib::Inflate.inflate(data)
+      end
+    end
+  end
+end

data/lib/ritm/helpers/patches.rb ADDED Viewed

@@ -0,0 +1,58 @@
+require 'openssl'
+require 'webrick'
+require 'webrick/httpproxy'
+require 'ritm/helpers/utils'
+# Patch WEBrick too short max uri length
+Ritm::Utils.silence_warnings { WEBrick::HTTPRequest::MAX_URI_LENGTH = 4000 }
+# Digest::Digest is deprecated. This has been fixed in certificate_authority master
+# but the project is no longer maintained and the fixed version was never published
+Ritm::Utils.silence_warnings { OpenSSL::Digest::Digest = OpenSSL::Digest }
+# Make request method writable
+WEBrick::HTTPRequest.instance_eval { attr_accessor :request_method, :unparsed_uri }
+module WEBrick
+  # Other patches to WEBrick::HTTPRequest
+  class HTTPRequest
+    def []=(header_name, *values)
+      @header[header_name.downcase] = values.map(&:to_s)
+    end
+    def body=(str)
+      body # Read current body
+      @body = str
+    end
+    def request_uri=(uri)
+      @request_uri = parse_uri(uri.to_s)
+    end
+  end
+  # Support other methods in HTTPServer
+  class HTTPServer
+    def do_DELETE(req, res)
+      perform_proxy_request(req, res) do |http, path, header|
+        http.delete(path, header)
+      end
+    end
+    def do_PUT(req, res)
+      perform_proxy_request(req, res) do |http, path, header|
+        http.put(path, req.body || '', header)
+      end
+    end
+    def do_PATCH(req, res)
+      perform_proxy_request(req, res) do |http, path, header|
+        http.patch(path, req.body || '', header)
+      end
+    end
+    # TODO: make sure options gets proxied too (so trace)
+    def do_OPTIONS(_req, res)
+      res['allow'] = 'GET,HEAD,POST,PUT,PATCH,DELETE,OPTIONS,CONNECT'
+    end
+  end
+end

data/lib/ritm/helpers/utils.rb ADDED Viewed

@@ -0,0 +1,15 @@
+module Ritm
+  # Shortcuts and other utilities to be included
+  # in modules/classes
+  module Utils
+    # Runs a block of code without warnings.
+    def self.silence_warnings
+      warn_level = $VERBOSE
+      $VERBOSE = nil
+      result = yield
+      $VERBOSE = warn_level
+      result
+    end
+  end
+end

data/lib/ritm/interception/handlers.rb ADDED Viewed

@@ -0,0 +1,12 @@
+def default_request_handler(session)
+  proc do |req|
+    session.dispatcher.notify_request(req) if session.conf.intercept.enabled
+  end
+end
+def default_response_handler(session)
+  proc do |req, res|
+    session.dispatcher.notify_response(req, res) if session.conf.intercept.enabled
+  end
+end

data/lib/ritm/interception/http_forwarder.rb ADDED Viewed

@@ -0,0 +1,80 @@
+require 'faraday'
+require 'ritm/interception/intercept_utils'
+require 'webrick/cookie'
+module Ritm
+  # Forwarder that acts as a WEBrick <-> Faraday adaptor: Works this way:
+  #  1. A WEBrick request objects is received
+  #  2. The WEBrick request object is sent to the request interceptor
+  #  3. The (maybe modified) WEBrick request object is transformed into a Faraday request and sent to destination server
+  #  4. The Faraday response obtained from the server is transformed into a WEBrick response
+  #  5. The WEBrick response object is sent to the response interceptor
+  #  6. The (maybe modified) WEBrick response object is sent back to the client
+  #
+  # Besides the possible modifications to be done by interceptors there might be automated globally configured
+  # transformations like header stripping/adding.
+  class ParamEncoder
+    def encode(params)
+      pairs = params.map { |k, v| "#{k}=#{v}" }
+      pairs.join('&')
+    end
+    def decode(query)
+      query.split('&').each_with_object({}) do |param, params|
+        k, v = param.split('=')
+        params[k] = v
+      end
+    end
+  end
+  class HTTPForwarder
+    include InterceptUtils
+    def initialize(request_interceptor, response_interceptor, context_config)
+      @request_interceptor = request_interceptor
+      @response_interceptor = response_interceptor
+      @config = context_config
+      # TODO: make SSL verification a configuration setting
+      @client = Faraday.new(
+        ssl: { verify: false },
+        request: { params_encoder: ParamEncoder.new }
+      ) do |conn|
+        conn.adapter :net_http
+      end
+    end
+    def forward(request, response)
+      intercept_request(@request_interceptor, request, @config.intercept.request)
+      faraday_response = faraday_forward request
+      to_webrick_response faraday_response, response
+      intercept_response(@response_interceptor, request, response, @config.intercept.response)
+    end
+    private
+    def faraday_forward(request)
+      req_method = request.request_method.downcase
+      @client.send req_method do |req|
+        req.options[:proxy] = @config.misc.upstream_proxy
+        req.url request.request_uri
+        req.body = request.body
+        request.header.each { |name, value| req.headers[name] = value }
+      end
+    end
+    def to_webrick_response(faraday_response, webrick_response)
+      webrick_response.status = faraday_response.status
+      webrick_response.body = faraday_response.body
+      faraday_response.headers.each do |name, value|
+        case name
+        when 'set-cookie'
+          WEBrick::Cookie.parse_set_cookies(value).each { |cookie| webrick_response.cookies << cookie }
+        else
+          webrick_response[name] = value
+        end
+      end
+      webrick_response
+    end
+  end
+end

data/lib/ritm/interception/intercept_utils.rb ADDED Viewed

@@ -0,0 +1,82 @@
+require 'ritm/helpers/encodings'
+module Ritm
+  # Interceptor callbacks calling logic shared by the HTTP Proxy Server and the SSL Reverse Proxy Server
+  module InterceptUtils
+    def intercept_request(handler, request, intercept_request_settings)
+      return if handler.nil?
+      preprocess(request, intercept_request_settings)
+      handler.call(request)
+      postprocess(request, intercept_request_settings)
+    end
+    def intercept_response(handler, request, response, intercept_response_settings)
+      return if handler.nil?
+      preprocess(response, intercept_response_settings)
+      handler.call(request, response)
+      postprocess(response, intercept_response_settings)
+    end
+    private
+    def preprocess(req_res, settings)
+      headers = header_obj(req_res)
+      decode(req_res) if settings.unpack_gzip_deflate
+      req_res.header.delete_if { |name, _v| strip?(name, settings.strip_headers) }
+      settings.add_headers.each { |name, value| headers[name] = value }
+      req_res.header.delete('transfer-encoding') if chunked?(headers)
+    end
+    def postprocess(req_res, settings)
+      header_obj(req_res)['content-length'] = (req_res.body || '').bytesize.to_s if settings.update_content_length
+    end
+    def chunked?(headers)
+      headers['transfer-encoding'] && headers['transfer-encoding'].casecmp('chunked')
+    end
+    def content_encoding(req_res)
+      ce = header_obj(req_res)['content-encoding'] || ''
+      case ce.downcase
+      when 'gzip', 'x-gzip'
+        :gzip
+      when 'deflate'
+        :deflate
+      else
+        :identity
+      end
+    end
+    def header_obj(req_res)
+      case req_res
+      when WEBrick::HTTPRequest
+        req_res
+      when WEBrick::HTTPResponse
+        req_res.header
+      end
+    end
+    def decode(req_res)
+      encoding = content_encoding(req_res)
+      return if encoding == :identity
+      req_res.body = Encodings.decode(encoding, req_res.body)
+      req_res.header.delete('content-encoding')
+      headers = header_obj(req_res)
+      headers['content-length'] = (req_res.body || '').bytesize.to_s
+    end
+    def strip?(header, rules)
+      header = header.to_s.downcase
+      rules.each do |rule|
+        case rule
+        when String
+          return true if header == rule
+        when Regexp
+          return true if header =~ rule
+        end
+      end
+      false
+    end
+  end
+end

data/lib/ritm/interception/request_interceptor_servlet.rb ADDED Viewed

@@ -0,0 +1,15 @@
+require 'webrick'
+module Ritm
+  # Actual implementation of the SSL Reverse Proxy service (decoupled from the certificate handling)
+  class RequestInterceptorServlet < WEBrick::HTTPServlet::AbstractServlet
+    def initialize(server, forwarder)
+      super server
+      @forwarder = forwarder
+    end
+    def service(request, response)
+      @forwarder.forward(request, response)
+    end
+  end
+end

data/lib/ritm/main.rb ADDED Viewed

@@ -0,0 +1,17 @@
+require 'ritm/session'
+module Ritm
+  GLOBAL_SESSION = Session.new
+  def self.method_missing(m, *args, &block)
+    if GLOBAL_SESSION.respond_to?(m)
+      GLOBAL_SESSION.send(m, *args, &block)
+    else
+      super
+    end
+  end
+  def self.respond_to_missing?(method_name, _include_private = false)
+    GLOBAL_SESSION.respond_to?(method_name) || super
+  end
+end

data/lib/ritm/proxy/cert_signing_https_server.rb ADDED Viewed

@@ -0,0 +1,67 @@
+require 'openssl'
+require 'webrick'
+require 'webrick/https'
+require 'ritm/certs/certificate'
+IS_RUBY_2_4_OR_OLDER = Gem::Version.new(RUBY_VERSION) >= Gem::Version.new('2.4')
+module Ritm
+  module Proxy
+    # Patches WEBrick::HTTPServer SSL context creation to get
+    # a callback on the 'Client Helo' step of the SSL-Handshake if SNI is specified
+    # So RitM can create self-signed certificates on the fly
+    class CertSigningHTTPSServer < WEBrick::HTTPServer
+      # Override
+      def setup_ssl_context(config)
+        ctx = super(config)
+        prepare_sni_callback(ctx, config[:ca])
+        ctx
+      end
+      private
+      # Keeps track of the created self-signed certificates
+      # TODO: this can grow a lot and take up memory, fix by either:
+      # 1. implementing wildcard certificates generation (so there's one certificate per top level domain)
+      # 2. Use the same key material (private/public keys) for all the server names and just do the signing on-the-fly
+      # 3. both of the above
+      def prepare_sni_callback(ctx, ca)
+        contexts = {}
+        mutex = Mutex.new
+        # Sets the SNI callback on the SSLTCPSocket
+        ctx.servername_cb = proc do |sock, servername|
+          mutex.synchronize do
+            unless contexts.include? servername
+              cert = Ritm::Certificate.create(servername)
+              cert.cert.extensions['subjectAltName'].dns_names = [servername]
+              ca.sign(cert)
+              contexts[servername] = context_with_cert(sock.context, cert)
+            end
+          end
+          contexts[servername]
+        end
+      end
+      def context_with_cert(original_ctx, cert)
+        ctx = duplicate_context(original_ctx)
+        ctx.key = cert.private_key
+        ctx.cert = cert.x509
+        ctx
+      end
+      def duplicate_context(original_ctx)
+        return original_ctx.dup unless IS_RUBY_2_4_OR_OLDER
+        ctx = OpenSSL::SSL::SSLContext.new
+        original_ctx.instance_variables.each do |variable_name|
+          prop_name = variable_name.to_s.sub(/^@/, '')
+          set_prop_method = "#{prop_name}="
+          ctx.send(set_prop_method, original_ctx.send(prop_name)) if ctx.respond_to? set_prop_method
+        end
+        ctx
+      end
+    end
+  end
+end

data/lib/ritm/proxy/launcher.rb ADDED Viewed

@@ -0,0 +1,70 @@
+require 'ritm/proxy/ssl_reverse_proxy'
+require 'ritm/proxy/proxy_server'
+require 'ritm/certs/ca'
+require 'ritm/interception/handlers'
+require 'ritm/interception/http_forwarder'
+module Ritm
+  module Proxy
+    # Launches the Proxy server and the SSL Reverse Proxy with the given settings
+    class Launcher
+      def initialize(session)
+        build_settings(session)
+        build_reverse_proxy
+        build_proxy
+      end
+      def start
+        @https.start_async
+        @http.start_async
+      end
+      def shutdown
+        @https.shutdown
+        @http.shutdown
+      end
+      private
+      def build_settings(session)
+        @conf = session.conf
+        ssl_proxy_host = @conf.ssl_reverse_proxy.bind_address
+        ssl_proxy_port = @conf.ssl_reverse_proxy.bind_port
+        @https_forward = "#{ssl_proxy_host}:#{ssl_proxy_port}"
+        request_interceptor = default_request_handler(session)
+        response_interceptor = default_response_handler(session)
+        @forwarder = HTTPForwarder.new(request_interceptor, response_interceptor, @conf)
+        crt_path = @conf.ssl_reverse_proxy.ca.pem
+        key_path = @conf.ssl_reverse_proxy.ca.key
+        @certificate = ca_certificate(crt_path, key_path)
+      end
+      def build_proxy
+        @http = Ritm::Proxy::ProxyServer.new(BindAddress: @conf.proxy.bind_address,
+                                             Port: @conf.proxy.bind_port,
+                                             AccessLog: [],
+                                             Logger: WEBrick::Log.new(File.open(File::NULL, 'w')),
+                                             https_forward: @https_forward,
+                                             ProxyVia: nil,
+                                             forwarder: @forwarder,
+                                             ritm_conf: @conf)
+      end
+      def build_reverse_proxy
+        @https = Ritm::Proxy::SSLReverseProxy.new(@conf.ssl_reverse_proxy.bind_port,
+                                                  @certificate,
+                                                  @forwarder)
+      end
+      def ca_certificate(pem, key)
+        if pem.nil? || key.nil?
+          Ritm::CA.create
+        else
+          Ritm::CA.load(File.read(pem), File.read(key))
+        end
+      end
+    end
+  end
+end

data/lib/ritm/proxy/proxy_server.rb ADDED Viewed

@@ -0,0 +1,57 @@
+require 'webrick'
+require 'webrick/httpproxy'
+require 'ritm/helpers/patches'
+module Ritm
+  module Proxy
+    # Proxy server that accepts request and response intercept handlers for HTTP traffic
+    # HTTPS traffic is redirected to the SSLReverseProxy for interception
+    class ProxyServer < WEBrick::HTTPProxyServer
+      def start_async
+        trap(:TERM) { shutdown }
+        trap(:INT) { shutdown }
+        Thread.new { start }
+      end
+      # Override
+      # Patches the destination address on HTTPS connections to go via the HTTPS Reverse Proxy
+      def do_CONNECT(req, res)
+        req.unparsed_uri = @config[:https_forward] unless ssl_pass_through? req.unparsed_uri
+        super
+      end
+      # Override
+      # Handles HTTP (no SSL) traffic interception
+      def proxy_service(req, res)
+        # Proxy Authentication
+        proxy_auth(req, res)
+        @config[:forwarder].forward(req, res)
+      end
+      # Override
+      def proxy_uri(req, _res)
+        if req.request_method == 'CONNECT'
+          # Let the reverse proxy handle upstream proxies for https
+          nil
+        else
+          proxy = @config[:ritm_conf].misc.upstream_proxy
+          proxy.nil? ? nil : URI.parse(proxy)
+        end
+      end
+      private
+      def ssl_pass_through?(destination)
+        @config[:ritm_conf].misc.ssl_pass_through.each do |matcher|
+          case matcher
+          when String
+            return true if destination == matcher
+          when Regexp
+            return true if destination =~ matcher
+          end
+        end
+        false
+      end
+    end
+  end
+end

data/lib/ritm/proxy/ssl_reverse_proxy.rb ADDED Viewed

@@ -0,0 +1,57 @@
+require 'ritm/helpers/patches'
+require 'ritm/interception/request_interceptor_servlet'
+require 'ritm/proxy/cert_signing_https_server'
+require 'ritm/certs/certificate'
+module Ritm
+  module Proxy
+    # SSL Intercept reverse proxy server. Supports interception of https request and responses
+    # It does man-in-the-middle with on-the-fly certificate signing using the given CA
+    class SSLReverseProxy
+      # Creates a HTTPS server with the given settings
+      # @param port [Fixnum]: TCP port to bind the service
+      # @param ca [Ritm::CA]: The certificate authority used to sign fake server certificates
+      # @param forwarder [Ritm::HTTPForwarder]: Forwards http traffic with interception
+      def initialize(port, ca, forwarder)
+        @ca = ca
+        default_vhost = 'localhost'
+        @server = CertSigningHTTPSServer.new(Port: port,
+                                             AccessLog: [],
+                                             Logger: WEBrick::Log.new(File.open(File::NULL, 'w')),
+                                             ca: ca,
+                                             **vhost_settings(default_vhost))
+        @server.mount '/', RequestInterceptorServlet, forwarder
+      end
+      def start_async
+        trap(:TERM) { shutdown }
+        trap(:INT) { shutdown }
+        Thread.new { @server.start }
+      end
+      def shutdown
+        @server.shutdown
+      end
+      private
+      def gen_signed_cert(common_name)
+        cert = Ritm::Certificate.create(common_name)
+        @ca.sign(cert)
+        cert
+      end
+      def vhost_settings(hostname)
+        cert = gen_signed_cert(hostname)
+        {
+          ServerName: hostname,
+          SSLEnable: true,
+          SSLVerifyClient: OpenSSL::SSL::VERIFY_NONE,
+          SSLPrivateKey: OpenSSL::PKey::RSA.new(cert.private_key),
+          SSLCertificate: OpenSSL::X509::Certificate.new(cert.pem),
+          SSLCertName: [['CN', hostname]]
+        }
+      end
+    end
+  end
+end

data/lib/ritm/session.rb ADDED Viewed

@@ -0,0 +1,57 @@
+require 'ritm/dispatcher'
+require 'ritm/proxy/launcher'
+require 'ritm/configuration'
+module Ritm
+  # Holds the context of a interception session.
+  # Changes in the context configuration should affect only this session
+  class Session
+    attr_reader :conf, :dispatcher
+    def initialize
+      @conf = Configuration.new
+      @dispatcher = Dispatcher.new
+      @proxy = nil
+    end
+    # Define configuration settings
+    def configure(&block)
+      conf.instance_eval(&block)
+    end
+    # Re-enable fuzzing (if it was disabled)
+    def enable
+      conf.enable
+    end
+    # Disable fuzzing (if it was enabled)
+    def disable
+      conf.disable
+    end
+    # Start the proxy service
+    def start
+      raise 'Proxy already started' unless @proxy.nil?
+      @proxy = Proxy::Launcher.new(self)
+      @proxy.start
+    end
+    # Shutdown the proxy service
+    def shutdown
+      @proxy.shutdown unless @proxy.nil?
+      @proxy = nil
+    end
+    def add_handler(handler)
+      dispatcher.add_handler(handler)
+    end
+    def on_request(&block)
+      dispatcher.on_request(&block)
+    end
+    def on_response(&block)
+      dispatcher.on_response(&block)
+    end
+  end
+end

data/lib/ritm/version.rb ADDED Viewed

@@ -0,0 +1,3 @@
+module Ritm
+  VERSION = '1.0.4'.freeze
+end

data/lib/ritm.rb ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ require 'ritm/version'
2	+ require 'ritm/main'

metadata ADDED Viewed

@@ -0,0 +1,229 @@
+--- !ruby/object:Gem::Specification
+name: dongjia_ritm
+version: !ruby/object:Gem::Version
+  version: 1.0.4
+platform: ruby
+authors:
+- dongjia
+autorequire:
+bindir: bin
+cert_chain: []
+date: 2020-03-18 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: certificate_authority
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.1.6
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.1.6
+- !ruby/object:Gem::Dependency
+  name: dot_hash
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.5'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.5'
+- !ruby/object:Gem::Dependency
+  name: faraday
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.13'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.13'
+- !ruby/object:Gem::Dependency
+  name: webrick
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.3'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.3'
+- !ruby/object:Gem::Dependency
+  name: httpclient
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.8'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.8'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '12.2'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '12.2'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.7'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.7'
+- !ruby/object:Gem::Dependency
+  name: rubocop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.51'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.51'
+- !ruby/object:Gem::Dependency
+  name: simplecov
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.15'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.15'
+- !ruby/object:Gem::Dependency
+  name: sinatra
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+- !ruby/object:Gem::Dependency
+  name: sinatra-contrib
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+- !ruby/object:Gem::Dependency
+  name: thin
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.7'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.7'
+description: HTTP(S) Intercept Proxy
+email: ios@idongjia.cn
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- lib/ritm.rb
+- lib/ritm/certs/ca.rb
+- lib/ritm/certs/certificate.rb
+- lib/ritm/configuration.rb
+- lib/ritm/dispatcher.rb
+- lib/ritm/helpers/encodings.rb
+- lib/ritm/helpers/patches.rb
+- lib/ritm/helpers/utils.rb
+- lib/ritm/interception/handlers.rb
+- lib/ritm/interception/http_forwarder.rb
+- lib/ritm/interception/intercept_utils.rb
+- lib/ritm/interception/request_interceptor_servlet.rb
+- lib/ritm/main.rb
+- lib/ritm/proxy/cert_signing_https_server.rb
+- lib/ritm/proxy/launcher.rb
+- lib/ritm/proxy/proxy_server.rb
+- lib/ritm/proxy/ssl_reverse_proxy.rb
+- lib/ritm/session.rb
+- lib/ritm/version.rb
+homepage: https://github.com/argos83/ritm
+licenses:
+- MIT
+metadata: {}
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.1.2
+signing_key:
+specification_version: 4
+summary: Ruby In The Middle
+test_files: []