ritm 0.1.0 → 1.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: dfb89d29700be9091b25f9134b25edf93e7ae313
-  data.tar.gz: db8b9d6abeeda4efc2a3c9edccf6284c2c2dbd17
+  metadata.gz: 96ffb4d3b3d3b382171277d5095c9ba57396b6ee
+  data.tar.gz: ca0cafa22dcd94188702deb3d1ee3c4e3e71ed6a
 SHA512:
-  metadata.gz: 9e1a13a985ffafa3a5c066e89c3d23fe5b81fb1bed5d90fa2513c40ed73ec6d5a7e526b8a8eba2465364be7780dffd0a58ff1f6336e9dacf8090d28930409e02
-  data.tar.gz: f8eafca5d1c73d7e480c896771eea5e922b2a302598298bb47314dad8eb10ed0d1a3a003b1f2fab5d5682a3a7a296ad244c1d66c5d1223bfc2803fec2eef88c6
+  metadata.gz: f05d3344d6157f1a2a374818b006019400a30d524d6df3db249abc5c9caaa4a4e494a9637bf784133f1cc92af7d34b47899a67d6ebfb1af1a2dc008747224a1f
+  data.tar.gz: c0a8e290882acde4b170fd788122186b3499e755395411ae3f35d0d80e5c6ba75546c6bc3c4181f25d24018590b3366850a3bf9fcec598d6a4c0e51edb41df50

data/lib/ritm.rb

@@ -1,5 +1,2 @@
 require 'ritm/version'
-require 'ritm/dispatcher'
-require 'ritm/configuration'
 require 'ritm/main'
-require 'ritm/proxy/launcher'

data/lib/ritm/configuration.rb

@@ -4,51 +4,52 @@ require 'set'
 module Ritm
   # Global Ritm settings
   class Configuration
-    DEFAULT_SETTINGS = {
-      proxy: {
-        bind_address: '127.0.0.1',
-        bind_port: 8080
-      },
-
-      ssl_reverse_proxy: {
-        bind_address: '127.0.0.1',
-        bind_port: 8081,
-        ca: {
-          pem: nil,
-          key: nil
-        }
-      },
+    def default_settings # rubocop:disable Metrics/MethodLength
+      {
+        proxy: {
+          bind_address: '127.0.0.1',
+          bind_port: 8080
+        },
 
-      intercept: {
-        enabled: true,
-        request: {
-          add_headers: {},
-          strip_headers: [/proxy-*/],
-          unpack_gzip_deflate: true,
-          update_content_length: true
+        ssl_reverse_proxy: {
+          bind_address: '127.0.0.1',
+          bind_port: 8081,
+          ca: {
+            pem: nil,
+            key: nil
+          }
         },
-        response: {
-          add_headers: { 'connection' => 'close' },
-          strip_headers: ['strict-transport-security'],
-          unpack_gzip_deflate: true,
-          update_content_length: true
+
+        intercept: {
+          enabled: true,
+          request: {
+            add_headers: {},
+            strip_headers: [/proxy-*/],
+            unpack_gzip_deflate: true,
+            update_content_length: true
+          },
+          response: {
+            add_headers: { 'connection' => 'close' },
+            strip_headers: ['strict-transport-security'],
+            unpack_gzip_deflate: true,
+            update_content_length: true
+          },
+          process_chunked_encoded_transfer: true
         },
-        process_chunked_encoded_transfer: true
-      },
 
-      misc: {
-        ssl_pass_through: []
+        misc: {
+          ssl_pass_through: [],
+          upstream_proxy: nil
+        }
       }
+    end
 
-    }.freeze
-
-    def initialize(settings = {})
-      reset(settings)
+    def initialize
+      reset
     end
 
-    def reset(settings = {})
-      settings = DEFAULT_SETTINGS.merge(settings)
-      @settings = settings.to_properties
+    def reset
+      @settings = default_settings.to_properties
     end
 
     def method_missing(m, *args, &block)
@@ -59,10 +60,6 @@ module Ritm
       end
     end
 
-    def respond_to_missing?(method_name, _include_private = false)
-      @settings.respond_to?(method_name) || super
-    end
-
     # Re-enable interception
     def enable
       @settings.intercept[:enabled] = true
@@ -72,5 +69,9 @@ module Ritm
     def disable
       @settings.intercept[:enabled] = false
     end
+
+    def respond_to_missing?(method_name, _include_private = false)
+      @settings.respond_to?(method_name) || super
+    end
   end
 end

data/lib/ritm/helpers/patches.rb

@@ -1,3 +1,4 @@
+require 'openssl'
 require 'webrick'
 require 'webrick/httpproxy'
 require 'ritm/helpers/utils'
@@ -5,6 +6,10 @@ require 'ritm/helpers/utils'
 # Patch WEBrick too short max uri length
 Ritm::Utils.silence_warnings { WEBrick::HTTPRequest::MAX_URI_LENGTH = 4000 }
 
+# Digest::Digest is deprecated. This has been fixed in certificate_authority master
+# but the project is no longer maintained and the fixed version was never published
+Ritm::Utils.silence_warnings { OpenSSL::Digest::Digest = OpenSSL::Digest }
+
 # Make request method writable
 WEBrick::HTTPRequest.instance_eval { attr_accessor :request_method, :unparsed_uri }
 

data/lib/ritm/interception/handlers.rb

@@ -1,10 +1,12 @@
 
-dispatcher = Ritm.dispatcher
-
-DEFAULT_REQUEST_HANDLER = proc do |req|
-  dispatcher.notify_request(req) if Ritm.conf.intercept.enabled
+def default_request_handler(session)
+  proc do |req|
+    session.dispatcher.notify_request(req) if session.conf.intercept.enabled
+  end
 end
 
-DEFAULT_RESPONSE_HANDLER = proc do |req, res|
-  dispatcher.notify_response(req, res) if Ritm.conf.intercept.enabled
+def default_response_handler(session)
+  proc do |req, res|
+    session.dispatcher.notify_response(req, res) if session.conf.intercept.enabled
+  end
 end

data/lib/ritm/interception/http_forwarder.rb

@@ -16,21 +16,22 @@ module Ritm
   class HTTPForwarder
     include InterceptUtils
 
-    def initialize(request_interceptor, response_interceptor)
+    def initialize(request_interceptor, response_interceptor, context_config)
       @request_interceptor = request_interceptor
       @response_interceptor = response_interceptor
+      @config = context_config
       # TODO: make SSL verification a configuration setting
       @client = Faraday.new(ssl: { verify: false }) do |conn|
         conn.adapter :net_http
-        # TODO: support customizations (e.g. upstream proxies or different adapters)
+        conn.proxy @config.misc.upstream_proxy unless @config.misc.upstream_proxy.nil?
       end
     end
 
     def forward(request, response)
-      intercept_request(@request_interceptor, request)
+      intercept_request(@request_interceptor, request, @config.intercept.request)
       faraday_response = faraday_forward request
       to_webrick_response faraday_response, response
-      intercept_response(@response_interceptor, request, response)
+      intercept_response(@response_interceptor, request, response, @config.intercept.response)
     end
 
     private

data/lib/ritm/interception/intercept_utils.rb

@@ -3,18 +3,18 @@ require 'ritm/helpers/encodings'
 module Ritm
   # Interceptor callbacks calling logic shared by the HTTP Proxy Server and the SSL Reverse Proxy Server
   module InterceptUtils
-    def intercept_request(handler, request)
+    def intercept_request(handler, request, intercept_request_settings)
       return if handler.nil?
-      preprocess(request, Ritm.conf.intercept.request)
+      preprocess(request, intercept_request_settings)
       handler.call(request)
-      postprocess(request, Ritm.conf.intercept.request)
+      postprocess(request, intercept_request_settings)
     end
 
-    def intercept_response(handler, request, response)
+    def intercept_response(handler, request, response, intercept_response_settings)
       return if handler.nil?
-      preprocess(response, Ritm.conf.intercept.response)
+      preprocess(response, intercept_response_settings)
       handler.call(request, response)
-      postprocess(response, Ritm.conf.intercept.response)
+      postprocess(response, intercept_response_settings)
     end
 
     private

data/lib/ritm/interception/request_interceptor_servlet.rb

@@ -4,9 +4,9 @@ require 'ritm/interception/http_forwarder'
 module Ritm
   # Actual implementation of the SSL Reverse Proxy service (decoupled from the certificate handling)
   class RequestInterceptorServlet < WEBrick::HTTPServlet::AbstractServlet
-    def initialize(server, request_interceptor, response_interceptor)
+    def initialize(server, request_interceptor, response_interceptor, conf)
       super server
-      @forwarder = HTTPForwarder.new(request_interceptor, response_interceptor)
+      @forwarder = HTTPForwarder.new(request_interceptor, response_interceptor, conf)
     end
 
     def service(request, response)

data/lib/ritm/main.rb

@@ -1,38 +1,18 @@
+require 'ritm/session'
+
 # Main module
 module Ritm
-  # Define global settings
-  def self.configure(&block)
-    conf.instance_eval(&block)
-  end
-
-  # Re-enable fuzzing (if it was disabled)
-  def self.enable
-    conf.enable
-  end
-
-  # Disable fuzzing (if it was enabled)
-  def self.disable
-    conf.disable
-  end
-
-  # Access the current config settings
-  def self.conf
-    @configuration ||= Configuration.new
-  end
-
-  def self.dispatcher
-    @dispatcher ||= Dispatcher.new
-  end
-
-  def self.add_handler(handler)
-    dispatcher.add_handler(handler)
-  end
+  GLOBAL_SESSION = Session.new
 
-  def self.on_request(&block)
-    dispatcher.on_request(&block)
+  def self.method_missing(m, *args, &block)
+    if GLOBAL_SESSION.respond_to?(m)
+      GLOBAL_SESSION.send(m, *args, &block)
+    else
+      super
+    end
   end
 
-  def self.on_response(&block)
-    dispatcher.on_response(&block)
+  def self.respond_to_missing?(method_name, _include_private = false)
+    GLOBAL_SESSION.respond_to?(method_name) || super
   end
 end

data/lib/ritm/proxy/launcher.rb

@@ -7,19 +7,10 @@ module Ritm
   module Proxy
     # Launches the Proxy server and the SSL Reverse Proxy with the given settings
     class Launcher
-      # By default settings are read from Ritm::Configuration but you can override some via these named arguments:
-      #   interface [String]: the host/address to bind the main proxy
-      #   proxy_port [Fixnum]: the port where the main proxy listens (the one to be configured in the client)
-      #   ssl_reverse_proxy_port [Fixnum]: the port where the reverse proxy for ssl traffic interception listens
-      #   ca_crt_path [String]: the path to the certification authority certificate
-      #   ca_key_path [String]: the path to the certification authority private key
-      #   request_interceptor [Proc |request|]: the handler for request interception
-      #   response_interceptor [Proc |request, response|]: the handler for response interception
-      def initialize(**args)
-        build_settings(**args)
-
-        build_reverse_proxy(@ssl_proxy_host, @ssl_proxy_port, @request_interceptor, @response_interceptor)
-        build_proxy(@proxy_host, @proxy_port, @https_forward, @request_interceptor, @response_interceptor)
+      def initialize(session)
+        build_settings(session)
+        build_reverse_proxy
+        build_proxy
       end
 
       # Starts the service (non blocking)
@@ -36,36 +27,37 @@ module Ritm
 
       private
 
-      def build_settings(**args)
-        c = Ritm.conf
-        @proxy_host = args.fetch(:interface, c.proxy.bind_address)
-        @proxy_port = args.fetch(:proxy_port, c.proxy.bind_port)
-        @ssl_proxy_host = c.ssl_reverse_proxy.bind_address
-        @ssl_proxy_port = args.fetch(:ssl_reverse_proxy_port, c.ssl_reverse_proxy.bind_port)
-        @https_forward = "#{@ssl_proxy_host}:#{@ssl_proxy_port}"
-        @request_interceptor = args[:request_interceptor] || DEFAULT_REQUEST_HANDLER
-        @response_interceptor = args[:response_interceptor] || DEFAULT_RESPONSE_HANDLER
+      def build_settings(session)
+        @conf = session.conf
+        ssl_proxy_host = @conf.ssl_reverse_proxy.bind_address
+        ssl_proxy_port = @conf.ssl_reverse_proxy.bind_port
+        @https_forward = "#{ssl_proxy_host}:#{ssl_proxy_port}"
+        @request_interceptor = default_request_handler(session)
+        @response_interceptor = default_response_handler(session)
 
-        crt_path = args.fetch(:ca_crt_path, c.ssl_reverse_proxy.ca.pem)
-        key_path = args.fetch(:ca_key_path, c.ssl_reverse_proxy.ca.key)
+        crt_path = @conf.ssl_reverse_proxy.ca.pem
+        key_path = @conf.ssl_reverse_proxy.ca.key
         @certificate = ca_certificate(crt_path, key_path)
       end
 
-      def build_proxy(host, port, https_forward_to, req_intercept, res_intercept)
-        @http = Ritm::Proxy::ProxyServer.new(Port: port,
+      def build_proxy
+        @http = Ritm::Proxy::ProxyServer.new(BindAddress: @conf.proxy.bind_address,
+                                             Port: @conf.proxy.bind_port,
                                              AccessLog: [],
-                                             BindAddress: host,
                                              Logger: WEBrick::Log.new(File.open(File::NULL, 'w')),
-                                             https_forward: https_forward_to,
+                                             https_forward: @https_forward,
                                              ProxyVia: nil,
-                                             request_interceptor: req_intercept,
-                                             response_interceptor: res_intercept)
+                                             request_interceptor: @request_interceptor,
+                                             response_interceptor: @response_interceptor,
+                                             ritm_conf: @conf)
       end
 
-      def build_reverse_proxy(_host, port, req_intercept, res_intercept)
-        @https = Ritm::Proxy::SSLReverseProxy.new(port, @certificate,
-                                                  request_interceptor: req_intercept,
-                                                  response_interceptor: res_intercept)
+      def build_reverse_proxy
+        @https = Ritm::Proxy::SSLReverseProxy.new(@conf.ssl_reverse_proxy.bind_port,
+                                                  @certificate,
+                                                  @conf,
+                                                  request_interceptor: @request_interceptor,
+                                                  response_interceptor: @response_interceptor)
       end
 
       def ca_certificate(pem, key)

data/lib/ritm/proxy/proxy_server.rb

@@ -30,7 +30,7 @@ module Ritm
         proxy_auth(req, res)
 
         # Request modifier handler
-        intercept_request(@config[:request_interceptor], req)
+        intercept_request(@config[:request_interceptor], req, @config[:ritm_conf].intercept.request)
 
         begin
           send("do_#{req.request_method}", req, res)
@@ -41,13 +41,24 @@ module Ritm
         end
 
         # Response modifier handler
-        intercept_response(@config[:response_interceptor], req, res)
+        intercept_response(@config[:response_interceptor], req, res, @config[:ritm_conf].intercept.response)
+      end
+
+      # Override
+      def proxy_uri(req, _res)
+        if req.request_method == 'CONNECT'
+          # Let the reverse proxy handle upstream proxies for https
+          nil
+        else
+          proxy = @config[:ritm_conf].misc.upstream_proxy
+          proxy.nil? ? nil : URI.parse(proxy)
+        end
       end
 
       private
 
       def ssl_pass_through?(destination)
-        Ritm.conf.misc.ssl_pass_through.each do |matcher|
+        @config[:ritm_conf].misc.ssl_pass_through.each do |matcher|
           case matcher
           when String
             return true if destination == matcher

data/lib/ritm/proxy/ssl_reverse_proxy.rb

@@ -13,7 +13,7 @@ module Ritm
       # @param ca [Ritm::CA]: The certificate authority used to sign fake server certificates
       # @param request_interceptor [Proc]: If given, it will be invoked before proxying the request
       # @param response_interceptor [Proc]: If give, it will be invoked before sending back the response
-      def initialize(port, ca, request_interceptor: nil, response_interceptor: nil)
+      def initialize(port, ca, conf, request_interceptor: nil, response_interceptor: nil)
         @ca = ca
         default_vhost = 'localhost'
         @server = CertSigningHTTPSServer.new(Port: port,
@@ -22,7 +22,7 @@ module Ritm
                                              ca: ca,
                                              **vhost_settings(default_vhost))
 
-        @server.mount '/', RequestInterceptorServlet, request_interceptor, response_interceptor
+        @server.mount '/', RequestInterceptorServlet, request_interceptor, response_interceptor, conf
       end
 
       def start_async

data/lib/ritm/session.rb

@@ -0,0 +1,57 @@
+require 'ritm/dispatcher'
+require 'ritm/proxy/launcher'
+require 'ritm/configuration'
+
+module Ritm
+  # Holds the context of a interception session.
+  # Changes in the context configuration should affect only this session
+  class Session
+    attr_reader :conf, :dispatcher
+
+    def initialize
+      @conf = Configuration.new
+      @dispatcher = Dispatcher.new
+      @proxy = nil
+    end
+
+    # Define configuration settings
+    def configure(&block)
+      conf.instance_eval(&block)
+    end
+
+    # Re-enable fuzzing (if it was disabled)
+    def enable
+      conf.enable
+    end
+
+    # Disable fuzzing (if it was enabled)
+    def disable
+      conf.disable
+    end
+
+    # Start the proxy service
+    def start
+      raise 'Proxy already started' unless @proxy.nil?
+      @proxy = Proxy::Launcher.new(self)
+      @proxy.start
+    end
+
+    # Shutdown the proxy service
+    def shutdown
+      @proxy.shutdown unless @proxy.nil?
+      @proxy = nil
+    end
+
+    def add_handler(handler)
+      dispatcher.add_handler(handler)
+    end
+
+    def on_request(&block)
+      dispatcher.on_request(&block)
+    end
+
+    def on_response(&block)
+      dispatcher.on_response(&block)
+    end
+  end
+end

data/lib/ritm/version.rb

@@ -1,4 +1,4 @@
 # Ritm version
 module Ritm
-  VERSION = '0.1.0'.freeze
+  VERSION = '1.0.0'.freeze
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: ritm
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 1.0.0
 platform: ruby
 authors:
 - Sebastián Tello
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2016-07-28 00:00:00.000000000 Z
+date: 2016-12-30 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: faraday
@@ -187,6 +187,7 @@ files:
 - lib/ritm/proxy/launcher.rb
 - lib/ritm/proxy/proxy_server.rb
 - lib/ritm/proxy/ssl_reverse_proxy.rb
+- lib/ritm/session.rb
 - lib/ritm/version.rb
 homepage: https://github.com/argos83/ritm
 licenses:
@@ -208,7 +209,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.4.5.1
+rubygems_version: 2.5.1
 signing_key: 
 specification_version: 4
 summary: Ruby In The Middle