ritm 0.0.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 2eeab06c6fd5db111b87a1ff18694f4206f571c9
+  data.tar.gz: b1537590beb540d93cd9161b7a7fee6d4090f3cb
+SHA512:
+  metadata.gz: a2e1a3bbb3b8c0b9ac87339152c9a3b726ea2295d3c14c48e67952e89a5b40ea5314446e445078b5e98556550faf8de6609af42d6e438509ae4b87604f98fd1a
+  data.tar.gz: 9ebf2c4991de1026d05cfd9e6226424f9feb0631b1d22a001819195d9d3e215f779a72feb0b65dc1f653c317d6dab62dac49ed45c29f592e37ed38ac0cc8897d

data/lib/ritm/certs/ca.rb

@@ -0,0 +1,32 @@
+require 'certificate_authority'
+require 'ritm/certs/certificate'
+
+module Ritm
+  # Wrapper on a Certificate Authority with ability of signing certificates
+  class CA < Ritm::Certificate
+    def self.create(common_name: 'RubyInTheMiddle')
+      super(common_name, serial_number: 1) do |cert|
+        cert.signing_entity = true
+        cert.sign!(signing_profile)
+        yield cert if block_given?
+      end
+    end
+
+    def self.load(crt, private_key)
+      super(crt, private_key) do |cert|
+        cert.signing_entity = true
+        cert.sign!(signing_profile)
+        yield cert if block_given?
+      end
+    end
+
+    def sign(certificate)
+      certificate.cert.parent = @cert
+      certificate.cert.sign!
+    end
+
+    def self.signing_profile
+      { 'extensions' => { 'keyUsage' => { 'usage' => %w(critical keyCertSign keyEncipherment digitalSignature) } } }
+    end
+  end
+end

data/lib/ritm/certs/certificate.rb

@@ -0,0 +1,41 @@
+require 'certificate_authority'
+
+module Ritm
+  # Wraps a SSL Certificate via on-the-fly creation or loading from files
+  class Certificate
+    attr_accessor :cert
+
+    def self.load(crt, private_key)
+      x509 = OpenSSL::X509::Certificate.new(crt)
+      cert = CertificateAuthority::Certificate.from_openssl(x509)
+      cert.key_material.private_key = OpenSSL::PKey::RSA.new(private_key)
+      yield cert if block_given?
+      new cert
+    end
+
+    def self.create(common_name, serial_number: nil)
+      cert = CertificateAuthority::Certificate.new
+      cert.subject.common_name = common_name
+      cert.serial_number.number = serial_number || common_name.hash.abs
+      cert.key_material.generate_key
+      yield cert if block_given?
+      new cert
+    end
+
+    def initialize(cert)
+      @cert = cert
+    end
+
+    def private_key
+      @cert.key_material.private_key
+    end
+
+    def public_key
+      @cert.key_material.public_key
+    end
+
+    def pem
+      @cert.to_pem
+    end
+  end
+end

data/lib/ritm/configuration.rb

@@ -0,0 +1,77 @@
+require 'dot_hash'
+require 'set'
+
+module Ritm
+  # Global Ritm settings
+  class Configuration
+    DEFAULT_SETTINGS = {
+      proxy: {
+        bind_address: '127.0.0.1',
+        bind_port: 8080
+      },
+
+      ssl_reverse_proxy: {
+        bind_address: '127.0.0.1',
+        bind_port: 8081,
+        ca: {
+          pem: nil,
+          key: nil
+        }
+      },
+
+      intercept: {
+        # Is interception enabled
+        enabled: true,
+
+        # Do not intercept requests whose URLs match/start with the given regex/strings (blacklist)
+        skip_urls: [],
+
+        # Intercepts requests whose  URLs match/start with the given regex/strings (whitelist)
+        # By default everything will be intercepted.
+        intercept_urls: []
+      },
+
+      misc: {
+        add_request_headers: {},
+        add_response_headers: { 'connection' => 'clone' },
+
+        strip_request_headers: [/proxy-*/],
+        strip_response_headers: ['strict-transport-security', 'transfer-encoding'],
+
+        unpack_gzip_deflate_in_requests: true,
+        unpack_gzip_deflate_in_responses: true,
+        process_chunked_encoded_transfer: true
+      }
+    }.freeze
+
+    def initialize(settings = {})
+      settings = DEFAULT_SETTINGS.merge(settings)
+      @values = {
+        dispatcher: Dispatcher.new,
+
+        # Is interception enabled
+        enabled: true
+      }
+
+      @settings = settings.to_properties
+    end
+
+    def method_missing(m, *args, &block)
+      @settings.send(m, *args, &block)
+    end
+
+    def [](setting)
+      @values[setting]
+    end
+
+    # Re-enable interception
+    def enable
+      @values[:enabled] = true
+    end
+
+    # Disable interception
+    def disable
+      @values[:enabled] = false
+    end
+  end
+end

data/lib/ritm/dispatcher.rb

@@ -0,0 +1,37 @@
+module Ritm
+  # Keeps a list of subscribers and notifies them when requests/responses are intercepted
+  class Dispatcher
+    def initialize
+      @handlers = { on_request: [], on_response: [] }
+    end
+
+    def add_handler(handler)
+      on_request { |*args| handler.on_request(*args) } if handler.respond_to? :on_request
+      on_response { |*args| handler.on_response(*args) } if handler.respond_to? :on_response
+    end
+
+    def on_request(&block)
+      @handlers[:on_request] << block
+    end
+
+    def on_response(&block)
+      @handlers[:on_response] << block
+    end
+
+    def notify_request(request)
+      notify(:on_request, request)
+    end
+
+    def notify_response(request, response)
+      notify(:on_response, request, response)
+    end
+
+    private
+
+    def notify(event, *args)
+      @handlers[event].each do |handler|
+        handler.call(*args)
+      end
+    end
+  end
+end

data/lib/ritm/helpers/encodings.rb

@@ -0,0 +1,65 @@
+require 'zlib'
+
+module Ritm
+  # ENCODER/DECODER of HTTP content
+  module Encodings
+    ENCODINGS = [:identity, :gzip, :deflate].freeze
+
+    def self.encode(encoding, data)
+      case encoding
+      when :gzip
+        encode_gzip(data)
+      when :deflate
+        encode_deflate(data)
+      when :identity
+        identity(data)
+      else
+        raise "Unsupported encoding #{encoding}"
+      end
+    end
+
+    def self.decode(encoding, data)
+      case encoding
+      when :gzip
+        decode_gzip(data)
+      when :deflate
+        decode_deflate(data)
+      when :identity
+        identity(data)
+      else
+        raise "Unsupported encoding #{encoding}"
+      end
+    end
+
+    class << self
+      private
+
+      # Returns data unchanged. Identity is the default value of Accept-Encoding headers.
+      def identity(data)
+        data
+      end
+
+      def encode_gzip(data)
+        wio = StringIO.new('wb')
+        w_gz = Zlib::GzipWriter.new(wio)
+        w_gz.write(data)
+        w_gz.close
+        wio.string
+      end
+
+      def decode_gzip(data)
+        io = StringIO.new(data, 'rb')
+        gz = Zlib::GzipReader.new(io)
+        gz.read
+      end
+
+      def encode_deflate(data)
+        Zlib::Deflate.deflate(data)
+      end
+
+      def decode_deflate(data)
+        Zlib::Inflate.inflate(data)
+      end
+    end
+  end
+end

data/lib/ritm/helpers/patches.rb

@@ -0,0 +1,53 @@
+require 'webrick'
+require 'webrick/httpproxy'
+require 'ritm/helpers/utils'
+
+# Patch WEBrick too short max uri length
+Ritm::Utils.silence_warnings { WEBrick::HTTPRequest::MAX_URI_LENGTH = 4000 }
+
+# Make request method writable
+WEBrick::HTTPRequest.instance_eval { attr_accessor :request_method, :unparsed_uri }
+
+module WEBrick
+  # Other patches to WEBrick::HTTPRequest
+  class HTTPRequest
+    def []=(header_name, *values)
+      @header[header_name.downcase] = values.map(&:to_s)
+    end
+
+    def body=(str)
+      body # Read current body
+      @body = str
+    end
+
+    def request_uri=(uri)
+      @request_uri = parse_uri(uri.to_s)
+    end
+  end
+
+  # Support other methods in HTTPServer
+  class HTTPServer
+    def do_DELETE(req, res)
+      perform_proxy_request(req, res) do |http, path, header|
+        http.delete(path, header)
+      end
+    end
+
+    def do_PUT(req, res)
+      perform_proxy_request(req, res) do |http, path, header|
+        http.put(path, req.body || '', header)
+      end
+    end
+
+    def do_PATCH(req, res)
+      perform_proxy_request(req, res) do |http, path, header|
+        http.patch(path, req.body || '', header)
+      end
+    end
+
+    # TODO: make sure options gets proxied too (so trace)
+    def do_OPTIONS(_req, res)
+      res['allow'] = 'GET,HEAD,POST,PUT,PATCH,DELETE,OPTIONS,CONNECT'
+    end
+  end
+end

data/lib/ritm/helpers/utils.rb

@@ -0,0 +1,15 @@
+
+module Ritm
+  # Shortcuts and other utilities to be included
+  # in modules/classes
+  module Utils
+    # Runs a block of code without warnings.
+    def self.silence_warnings
+      warn_level = $VERBOSE
+      $VERBOSE = nil
+      result = yield
+      $VERBOSE = warn_level
+      result
+    end
+  end
+end

data/lib/ritm/interception/handlers.rb

@@ -0,0 +1,10 @@
+
+dispatcher = Ritm.dispatcher
+
+DEFAULT_REQUEST_HANDLER = proc do |req|
+  dispatcher.notify_request(req) if Ritm.conf[:enabled]
+end
+
+DEFAULT_RESPONSE_HANDLER = proc do |req, res|
+  dispatcher.notify_response(req, res) if Ritm.conf[:enabled]
+end

data/lib/ritm/interception/http_forwarder.rb

@@ -0,0 +1,78 @@
+require 'faraday'
+
+require 'ritm/interception/intercept_utils'
+
+module Ritm
+  # Forwarder that acts as a WEBrick <-> Faraday adaptor: Works this way:
+  #  1. A WEBrick request objects is received
+  #  2. The WEBrick request object is sent to the request interceptor
+  #  3. The (maybe modified) WEBrick request object is transformed into a Faraday request and sent to destination server
+  #  4. The Faraday response obtained from the server is transformed into a WEBrick response
+  #  5. The WEBrick response object is sent to the response interceptor
+  #  6. The (maybe modified) WEBrick response object is sent back to the client
+  #
+  # Besides the possible modifications to be done by interceptors there might be automated globally configured
+  # transformations like header stripping/adding.
+  class HTTPForwarder
+    include InterceptUtils
+
+    def initialize(request_interceptor, response_interceptor)
+      @request_interceptor = request_interceptor
+      @response_interceptor = response_interceptor
+      # TODO: make SSL verification a configuration setting
+      @client = Faraday.new(ssl: { verify: false }) do |conn|
+        conn.adapter :net_http
+        # TODO: support customizations (e.g. upstream proxies or different adapters)
+      end
+    end
+
+    def forward(request, response)
+      intercept_request(@request_interceptor, request)
+
+      faraday_response = faraday_forward request
+      to_webrick_response faraday_response, response
+      intercept_response(@response_interceptor, request, response)
+    end
+
+    private
+
+    def faraday_forward(request)
+      req_method = request.request_method.downcase
+      @client.send req_method do |req|
+        req.url request.request_uri
+        req.body = request.body
+        add_request_headers(req, request)
+      end
+    end
+
+    def add_request_headers(faraday_request, webrick_request)
+      webrick_request.header.each do |name, value|
+        faraday_request.headers[name] = value unless strip?(name, Ritm.conf.misc.strip_request_headers)
+      end
+      Ritm.conf.misc.add_request_headers.each { |k, v| faraday_request.headers[k] = v }
+    end
+
+    def to_webrick_response(faraday_response, webrick_response)
+      webrick_response.status = faraday_response.status
+      webrick_response.body = faraday_response.body
+      faraday_response.headers.each do |name, value|
+        webrick_response[name] = value unless strip?(name, Ritm.conf.misc.strip_response_headers)
+      end
+      Ritm.conf.misc.add_response_headers.each { |k, v| webrick_response[k] = v }
+      webrick_response
+    end
+
+    def strip?(header, rules)
+      header = header.to_s.downcase
+      rules.each do |rule|
+        case rule
+        when String
+          return true if header == rule
+        when Regexp
+          return true if header =~ rule
+        end
+      end
+      false
+    end
+  end
+end

data/lib/ritm/interception/intercept_utils.rb

@@ -0,0 +1,50 @@
+require 'ritm/helpers/encodings'
+
+module Ritm
+  # Interceptor callbacks calling logic shared by the HTTP Proxy Server and the SSL Reverse Proxy Server
+  # Passes request
+  module InterceptUtils
+    def intercept_request(handler, request)
+      return if handler.nil?
+      handler.call(request)
+    end
+
+    def intercept_response(handler, request, response)
+      return if handler.nil?
+      # TODO: Disable the automated decoding from config
+      encoding = content_encoding(response)
+      decoded(encoding, response) do |decoded_response|
+        handler.call(request, decoded_response)
+      end
+
+      response.header.delete('content-length') if chunked?(response)
+    end
+
+    private
+
+    def chunked?(response)
+      response.header.fetch('transfer-encoding', '').casecmp 'chunked'
+    end
+
+    def content_encoding(response)
+      case response.header.fetch('content-encoding', '').downcase
+      when 'gzip', 'x-gzip'
+        :gzip
+      when 'deflate'
+        :deflate
+      else
+        :identity
+      end
+    end
+
+    def decoded(encoding, res)
+      res.body = Encodings.decode(encoding, res.body)
+      _content_encoding = res.header.delete('content-encoding')
+      yield res
+      # TODO: should it be re-encoded?
+      # res.body = Encodings.encode(encoding, res.body)
+      # res.header['content-encoding'] = content_encoding
+      res.header['content-length'] = res.body.size.to_s
+    end
+  end
+end

data/lib/ritm/interception/request_interceptor_servlet.rb

@@ -0,0 +1,16 @@
+require 'webrick'
+require 'ritm/interception/http_forwarder'
+
+module Ritm
+  # Actual implementation of the SSL Reverse Proxy service (decoupled from the certificate handling)
+  class RequestInterceptorServlet < WEBrick::HTTPServlet::AbstractServlet
+    def initialize(server, request_interceptor, response_interceptor)
+      super server
+      @forwarder = HTTPForwarder.new(request_interceptor, response_interceptor)
+    end
+
+    def service(request, response)
+      @forwarder.forward(request, response)
+    end
+  end
+end

data/lib/ritm/main.rb

@@ -0,0 +1,70 @@
+# Main module
+module Ritm
+  # Define global settings
+  def self.configure(&block)
+    conf.instance_eval(&block)
+  end
+
+  # Re-enable fuzzing (if it was disabled)
+  def self.enable
+    conf.enable
+  end
+
+  # Disable fuzzing (if it was enabled)
+  def self.disable
+    conf.disable
+  end
+
+  # Access the current config settings
+  def self.conf
+    @configuration ||= Configuration.new
+  end
+
+  def self.dispatcher
+    conf[:dispatcher]
+  end
+
+  def self.add_handler(handler)
+    dispatcher.add_handler(handler)
+  end
+
+  def self.on_request(&block)
+    dispatcher.on_request(&block)
+  end
+
+  def self.on_response(&block)
+    dispatcher.on_response(&block)
+  end
+
+  # private class methods
+
+  def self.intercept?(request)
+    return false unless conf[:enabled]
+    url = request.url.to_s
+    whitelisted?(url) && !blacklisted?(url)
+  end
+
+  def self.whitelisted?(url)
+    conf[:attack_urls].empty? || url_matches_any?(url, conf[:attack_urls])
+  end
+
+  def self.blacklisted?(url)
+    url_matches_any? url, conf[:skip_urls]
+  end
+
+  def self.url_matches_any?(url, matchers)
+    matchers.each do |matcher|
+      case matcher
+      when Regexp
+        return true if url =~ matcher
+      when String
+        return true if url.include? matcher
+      else
+        raise 'URL matcher should be a String or Regexp'
+      end
+    end
+    false
+  end
+
+  private_class_method :intercept?, :whitelisted?, :blacklisted?, :url_matches_any?
+end

data/lib/ritm/proxy/cert_signing_https_server.rb

@@ -0,0 +1,50 @@
+require 'webrick'
+require 'webrick/https'
+require 'ritm/certs/certificate'
+
+module Ritm
+  module Proxy
+    # Patches WEBrick::HTTPServer SSL context creation to get
+    # a callback on the 'Client Helo' step of the SSL-Handshake if SNI is specified
+    # So we can create self-signed certificates on the fly
+    class CertSigningHTTPSServer < WEBrick::HTTPServer
+      # Override
+      def setup_ssl_context(config)
+        ctx = super(config)
+        prepare_sni_callback(ctx, config[:ca])
+        ctx
+      end
+
+      private
+
+      # Keeps track of the created self-signed certificates
+      # TODO: this can grow a lot and take up memory, fix by either:
+      # 1. implementing wildcard certificates generation (so there's one certificate per top level domain)
+      # 2. Use the same key material (private/public keys) for all the server names and just do the signing on-the-fly
+      # 3. both of the above
+      def prepare_sni_callback(ctx, ca)
+        contexts = {}
+        mutex = Mutex.new
+
+        # Sets the SNI callback on the SSLTCPSocket
+        ctx.servername_cb = proc do |sock, servername|
+          mutex.synchronize do
+            unless contexts.include? servername
+              cert = Ritm::Certificate.create(servername)
+              ca.sign(cert)
+              contexts[servername] = context_with_cert(sock.context, cert)
+            end
+          end
+          contexts[servername]
+        end
+      end
+
+      def context_with_cert(original_ctx, cert)
+        ctx = original_ctx.dup
+        ctx.key = OpenSSL::PKey::RSA.new(cert.private_key)
+        ctx.cert = OpenSSL::X509::Certificate.new(cert.pem)
+        ctx
+      end
+    end
+  end
+end

data/lib/ritm/proxy/launcher.rb

@@ -0,0 +1,80 @@
+require 'ritm/proxy/ssl_reverse_proxy'
+require 'ritm/proxy/proxy_server'
+require 'ritm/certs/ca'
+require 'ritm/interception/handlers'
+
+module Ritm
+  module Proxy
+    # Launches the Proxy server and the SSL Reverse Proxy with the given settings
+    class Launcher
+      # By default settings are read from Ritm::Configuration but you can override some via these named arguments:
+      #   proxy_port [Fixnum]: the port where the main proxy listens (the one to be configured in the client)
+      #   ssl_reverse_proxy_port [Fixnum]: the port where the reverse proxy for ssl traffic interception listens
+      #   interface [String]: the host/address to bind the main proxy
+      #   ca_crt_path [String]: the path to the certification authority certificate
+      #   ca_key_path [String]: the path to the certification authority private key
+      #   request_interceptor [Proc |request|]: the handler for request interception
+      #   response_interceptor [Proc |request, response|]: the handler for response interception
+      def initialize(**args)
+        build_settings(**args)
+
+        build_reverse_proxy(@ssl_proxy_host, @ssl_proxy_port, @request_interceptor, @response_interceptor)
+        build_proxy(@proxy_host, @proxy_port, @https_forward, @request_interceptor, @response_interceptor)
+      end
+
+      # Starts the service (non blocking)
+      def start
+        @https.start_async
+        @http.start_async
+      end
+
+      # Stops the service
+      def shutdown
+        @https.shutdown
+        @http.shutdown
+      end
+
+      private
+
+      def build_settings(**args)
+        c = Ritm.conf
+        @proxy_host = args.fetch(:interface, c.proxy.bind_address)
+        @proxy_port = args.fetch(:proxy_port, c.proxy.bind_port)
+        @ssl_proxy_host = c.ssl_reverse_proxy.bind_address
+        @ssl_proxy_port = args.fetch(:ssl_reverse_proxy_port, c.ssl_reverse_proxy.bind_port)
+        @https_forward = "#{@ssl_proxy_host}:#{@ssl_proxy_port}"
+        @request_interceptor = args[:request_interceptor] || DEFAULT_REQUEST_HANDLER
+        @response_interceptor = args[:response_interceptor] || DEFAULT_RESPONSE_HANDLER
+
+        crt_path = args.fetch(:ca_crt_path, c.ssl_reverse_proxy.ca.pem)
+        key_path = args.fetch(:ca_key_path, c.ssl_reverse_proxy.ca.key)
+        @certificate = ca_certificate(crt_path, key_path)
+      end
+
+      def build_proxy(host, port, https_forward_to, req_intercept, res_intercept)
+        @http = Ritm::Proxy::ProxyServer.new(Port: port,
+                                             AccessLog: [],
+                                             BindAddress: host,
+                                             Logger: WEBrick::Log.new(File.open(File::NULL, 'w')),
+                                             https_forward: https_forward_to,
+                                             ProxyVia: nil,
+                                             request_interceptor: req_intercept,
+                                             response_interceptor: res_intercept)
+      end
+
+      def build_reverse_proxy(_host, port, req_intercept, res_intercept)
+        @https = Ritm::Proxy::SSLReverseProxy.new(port, @certificate,
+                                                  request_interceptor: req_intercept,
+                                                  response_interceptor: res_intercept)
+      end
+
+      def ca_certificate(pem, key)
+        if pem.nil? || key.nil?
+          Ritm::CA.create
+        else
+          Ritm::CA.load(File.read(pem), File.read(key))
+        end
+      end
+    end
+  end
+end

data/lib/ritm/proxy/proxy_server.rb

@@ -0,0 +1,49 @@
+require 'webrick'
+require 'webrick/httpproxy'
+require 'ritm/helpers/patches'
+require 'ritm/interception/intercept_utils'
+
+module Ritm
+  module Proxy
+    # Proxy server that accepts request and response intercept handlers for HTTP traffic
+    # HTTPS traffic is redirected to the SSLReverseProxy for interception
+    class ProxyServer < WEBrick::HTTPProxyServer
+      include InterceptUtils
+
+      def start_async
+        trap(:TERM) { shutdown }
+        trap(:INT) { shutdown }
+        Thread.new { start }
+      end
+
+      # Override
+      # Patches the destination address on HTTPS connections to go via the HTTPS Reverse Proxy
+      def do_CONNECT(req, res)
+        req.class.send(:attr_accessor, :unparsed_uri)
+        req.unparsed_uri = @config[:https_forward]
+        super
+      end
+
+      # Override
+      # Handles HTTP (no SSL) traffic interception
+      def proxy_service(req, res)
+        # Proxy Authentication
+        proxy_auth(req, res)
+
+        # Request modifier handler
+        intercept_request(@config[:request_interceptor], req)
+
+        begin
+          send("do_#{req.request_method}", req, res)
+        rescue NoMethodError
+          raise WEBrick::HTTPStatus::MethodNotAllowed, "unsupported method `#{req.request_method}'."
+        rescue => err
+          raise WEBrick::HTTPStatus::ServiceUnavailable, err.message
+        end
+
+        # Response modifier handler
+        intercept_response(@config[:response_interceptor], req, res)
+      end
+    end
+  end
+end

data/lib/ritm/proxy/ssl_reverse_proxy.rb

@@ -0,0 +1,59 @@
+require 'ritm/helpers/patches'
+require 'ritm/interception/request_interceptor_servlet'
+require 'ritm/proxy/cert_signing_https_server'
+require 'ritm/certs/certificate'
+
+module Ritm
+  module Proxy
+    # SSL Intercept reverse proxy server. Supports interception of https request and responses
+    # It does man-in-the-middle with on-the-fly certificate signing using the given CA
+    class SSLReverseProxy
+      # Creates a HTTPS server with the given settings
+      # @param port [Fixnum]: TCP port to bind the service
+      # @param ca [Ritm::CA]: The certificate authority used to sign fake server certificates
+      # @param request_interceptor [Proc]: If given, it will be invoked before proxying the request
+      # @param response_interceptor [Proc]: If give, it will be invoked before sending back the response
+      def initialize(port, ca, request_interceptor: nil, response_interceptor: nil)
+        @ca = ca
+        default_vhost = 'localhost'
+        @server = CertSigningHTTPSServer.new(Port: port,
+                                             AccessLog: [],
+                                             Logger: WEBrick::Log.new(File.open(File::NULL, 'w')),
+                                             ca: ca,
+                                             **vhost_settings(default_vhost))
+
+        @server.mount '/', RequestInterceptorServlet, request_interceptor, response_interceptor
+      end
+
+      def start_async
+        trap(:TERM) { shutdown }
+        trap(:INT) { shutdown }
+        Thread.new { @server.start }
+      end
+
+      def shutdown
+        @server.shutdown
+      end
+
+      private
+
+      def gen_signed_cert(common_name)
+        cert = Ritm::Certificate.create(common_name)
+        @ca.sign(cert)
+        cert
+      end
+
+      def vhost_settings(hostname)
+        cert = gen_signed_cert(hostname)
+        {
+          ServerName: hostname,
+          SSLEnable: true,
+          SSLVerifyClient: OpenSSL::SSL::VERIFY_NONE,
+          SSLPrivateKey: OpenSSL::PKey::RSA.new(cert.private_key),
+          SSLCertificate: OpenSSL::X509::Certificate.new(cert.pem),
+          SSLCertName: [['CN', hostname]]
+        }
+      end
+    end
+  end
+end

data/lib/ritm/version.rb

@@ -0,0 +1,4 @@
+# Ritm version
+module Ritm
+  VERSION = '0.0.1'.freeze
+end

data/lib/ritm.rb

@@ -0,0 +1,5 @@
+require 'ritm/version'
+require 'ritm/dispatcher'
+require 'ritm/configuration'
+require 'ritm/main'
+require 'ritm/proxy/launcher'

metadata

@@ -0,0 +1,187 @@
+--- !ruby/object:Gem::Specification
+name: ritm
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+platform: ruby
+authors:
+- Sebastián Tello
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2016-05-30 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: faraday
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.9'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.9'
+- !ruby/object:Gem::Dependency
+  name: webrick
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.3'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.3'
+- !ruby/object:Gem::Dependency
+  name: certificate_authority
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.1.6
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.1.6
+- !ruby/object:Gem::Dependency
+  name: dot_hash
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.5'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.5'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.4'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.4'
+- !ruby/object:Gem::Dependency
+  name: rubocop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.40'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.40'
+- !ruby/object:Gem::Dependency
+  name: sinatra
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.4'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.4'
+- !ruby/object:Gem::Dependency
+  name: thin
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.6'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.6'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '11.1'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '11.1'
+description: HTTP(S) Intercept Proxy
+email: argos83+ritm@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- lib/ritm.rb
+- lib/ritm/certs/ca.rb
+- lib/ritm/certs/certificate.rb
+- lib/ritm/configuration.rb
+- lib/ritm/dispatcher.rb
+- lib/ritm/helpers/encodings.rb
+- lib/ritm/helpers/patches.rb
+- lib/ritm/helpers/utils.rb
+- lib/ritm/interception/handlers.rb
+- lib/ritm/interception/http_forwarder.rb
+- lib/ritm/interception/intercept_utils.rb
+- lib/ritm/interception/request_interceptor_servlet.rb
+- lib/ritm/main.rb
+- lib/ritm/proxy/cert_signing_https_server.rb
+- lib/ritm/proxy/launcher.rb
+- lib/ritm/proxy/proxy_server.rb
+- lib/ritm/proxy/ssl_reverse_proxy.rb
+- lib/ritm/version.rb
+homepage: https://github.com/argos83/ritm
+licenses:
+- Apache License, v2.0
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.4.5.1
+signing_key: 
+specification_version: 4
+summary: Ruby In The Middle
+test_files: []