npm - @dev-swarup/http-mitm-proxy - Versions diffs - 0.9.6 - Mend

@dev-swarup/http-mitm-proxy 0.9.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (32) hide show

package/.editorconfig +17 -0
package/.gitattributes +2 -0
package/.github/workflows/npm-publish.yml +23 -0
package/.github/workflows/tests.yml +63 -0
package/README.md +555 -0
package/bin/mitm-proxy.js +36 -0
package/eslint.config.mjs +10 -0
package/examples/forwardHttps.js +62 -0
package/examples/modifyGoogle.js +44 -0
package/examples/onCertificateMissing.js +30 -0
package/examples/onCertificateRequired.js +23 -0
package/examples/preventRequest.js +20 -0
package/examples/processFullResponseBody.js +36 -0
package/examples/removeProxyToServerContentLength.js +17 -0
package/examples/websocket.js +31 -0
package/examples/wildcard.js +17 -0
package/index.d.ts +314 -0
package/index.js +3 -0
package/lib/ca.js +268 -0
package/lib/middleware/gunzip.js +19 -0
package/lib/middleware/wildcard.js +24 -0
package/lib/proxy.js +1199 -0
package/package.json +45 -0
package/test/01_proxy.js +555 -0
package/test/http.client.js +37 -0
package/test/tunnel.agent.js +321 -0
package/test/www/1024.bin +64 -0
package/test/wwwA/1024.bin +64 -0
package/test/wwwA/example.com.html +8 -0
package/test/wwwA/index.html +0 -0
package/test/wwwB/1024.bin +64 -0
package/test/wwwB/index.html +0 -0

package/lib/ca.js ADDED Viewed

@@ -0,0 +1,268 @@
+'use strict';
+var FS = require('fs');
+var path = require('path');
+var Forge = require('node-forge');
+var pki = Forge.pki;
+const { mkdirp } = require('mkdirp');
+var async = require('async');
+var CAattrs = [
+  {
+    name: 'commonName',
+    value: 'NodeMITMProxyCA',
+  },
+  {
+    name: 'countryName',
+    value: 'Internet',
+  },
+  {
+    shortName: 'ST',
+    value: 'Internet',
+  },
+  {
+    name: 'localityName',
+    value: 'Internet',
+  },
+  {
+    name: 'organizationName',
+    value: 'Node MITM Proxy CA',
+  },
+  {
+    shortName: 'OU',
+    value: 'CA',
+  },
+];
+var CAextensions = [
+  {
+    name: 'basicConstraints',
+    cA: true,
+  },
+  {
+    name: 'keyUsage',
+    keyCertSign: true,
+    digitalSignature: true,
+    nonRepudiation: true,
+    keyEncipherment: true,
+    dataEncipherment: true,
+  },
+  {
+    name: 'extKeyUsage',
+    serverAuth: true,
+    clientAuth: true,
+    codeSigning: true,
+    emailProtection: true,
+    timeStamping: true,
+  },
+  {
+    name: 'nsCertType',
+    client: true,
+    server: true,
+    email: true,
+    objsign: true,
+    sslCA: true,
+    emailCA: true,
+    objCA: true,
+  },
+  {
+    name: 'subjectKeyIdentifier',
+  },
+];
+var ServerAttrs = [
+  {
+    name: 'countryName',
+    value: 'Internet',
+  },
+  {
+    shortName: 'ST',
+    value: 'Internet',
+  },
+  {
+    name: 'localityName',
+    value: 'Internet',
+  },
+  {
+    name: 'organizationName',
+    value: 'Node MITM Proxy CA',
+  },
+  {
+    shortName: 'OU',
+    value: 'Node MITM Proxy Server Certificate',
+  },
+];
+var ServerExtensions = [
+  {
+    name: 'basicConstraints',
+    cA: false,
+  },
+  {
+    name: 'keyUsage',
+    keyCertSign: false,
+    digitalSignature: true,
+    nonRepudiation: false,
+    keyEncipherment: true,
+    dataEncipherment: true,
+  },
+  {
+    name: 'extKeyUsage',
+    serverAuth: true,
+    clientAuth: true,
+    codeSigning: false,
+    emailProtection: false,
+    timeStamping: false,
+  },
+  {
+    name: 'nsCertType',
+    client: true,
+    server: true,
+    email: false,
+    objsign: false,
+    sslCA: false,
+    emailCA: false,
+    objCA: false,
+  },
+  {
+    name: 'subjectKeyIdentifier',
+  },
+];
+var CA = function () {};
+CA.create = function (caFolder, callback) {
+  var ca = new CA();
+  ca.baseCAFolder = caFolder;
+  ca.certsFolder = path.join(ca.baseCAFolder, 'certs');
+  ca.keysFolder = path.join(ca.baseCAFolder, 'keys');
+  mkdirp(ca.baseCAFolder)
+    .then(() =>
+      mkdirp(ca.certsFolder).then(() =>
+        mkdirp(ca.keysFolder).then(() => {
+          if (FS.existsSync(path.join(ca.certsFolder, 'ca.pem'))) {
+            ca.loadCA((err) => (err ? callback(err) : callback(null, ca)));
+          } else {
+            ca.generateCA((err) => (err ? callback(err) : callback(null, ca)));
+          }
+        })
+      )
+    )
+    .catch((err) => (err ? callback(err) : callback(null, ca)));
+};
+CA.prototype.randomSerialNumber = function () {
+  // generate random 16 bytes hex string
+  var sn = '';
+  for (var i = 0; i < 4; i++) {
+    sn += ('00000000' + Math.floor(Math.random() * Math.pow(256, 4)).toString(16)).slice(-8);
+  }
+  return sn;
+};
+CA.prototype.generateCA = function (callback) {
+  var self = this;
+  pki.rsa.generateKeyPair({ bits: 2048 }, function (err, keys) {
+    if (err) {
+      return callback(err);
+    }
+    var cert = pki.createCertificate();
+    cert.publicKey = keys.publicKey;
+    cert.serialNumber = self.randomSerialNumber();
+    cert.validity.notBefore = new Date();
+    cert.validity.notBefore.setDate(cert.validity.notBefore.getDate() - 1);
+    cert.validity.notAfter = new Date();
+    cert.validity.notAfter.setFullYear(cert.validity.notBefore.getFullYear() + 2);
+    cert.setSubject(CAattrs);
+    cert.setIssuer(CAattrs);
+    cert.setExtensions(CAextensions);
+    cert.sign(keys.privateKey, Forge.md.sha256.create());
+    self.CAcert = cert;
+    self.CAkeys = keys;
+    async.parallel(
+      [
+        FS.writeFile.bind(null, path.join(self.certsFolder, 'ca.pem'), pki.certificateToPem(cert)),
+        FS.writeFile.bind(null, path.join(self.keysFolder, 'ca.private.key'), pki.privateKeyToPem(keys.privateKey)),
+        FS.writeFile.bind(null, path.join(self.keysFolder, 'ca.public.key'), pki.publicKeyToPem(keys.publicKey)),
+      ],
+      callback
+    );
+  });
+};
+CA.prototype.loadCA = function (callback) {
+  var self = this;
+  async.auto(
+    {
+      certPEM: function (callback) {
+        FS.readFile(path.join(self.certsFolder, 'ca.pem'), 'utf-8', callback);
+      },
+      keyPrivatePEM: function (callback) {
+        FS.readFile(path.join(self.keysFolder, 'ca.private.key'), 'utf-8', callback);
+      },
+      keyPublicPEM: function (callback) {
+        FS.readFile(path.join(self.keysFolder, 'ca.public.key'), 'utf-8', callback);
+      },
+    },
+    function (err, results) {
+      if (err) {
+        return callback(err);
+      }
+      self.CAcert = pki.certificateFromPem(results.certPEM);
+      self.CAkeys = {
+        privateKey: pki.privateKeyFromPem(results.keyPrivatePEM),
+        publicKey: pki.publicKeyFromPem(results.keyPublicPEM),
+      };
+      return callback();
+    }
+  );
+};
+CA.prototype.generateServerCertificateKeys = function (hosts, cb) {
+  var self = this;
+  if (typeof hosts === 'string') hosts = [hosts];
+  var mainHost = hosts[0];
+  var keysServer = pki.rsa.generateKeyPair(2048);
+  var certServer = pki.createCertificate();
+  certServer.publicKey = keysServer.publicKey;
+  certServer.serialNumber = this.randomSerialNumber();
+  certServer.validity.notBefore = new Date();
+  certServer.validity.notBefore.setDate(certServer.validity.notBefore.getDate() - 1);
+  certServer.validity.notAfter = new Date();
+  certServer.validity.notAfter.setFullYear(certServer.validity.notBefore.getFullYear() + 2);
+  var attrsServer = ServerAttrs.slice(0);
+  attrsServer.unshift({
+    name: 'commonName',
+    value: mainHost,
+  });
+  certServer.setSubject(attrsServer);
+  certServer.setIssuer(this.CAcert.issuer.attributes);
+  certServer.setExtensions(
+    ServerExtensions.concat([
+      {
+        name: 'subjectAltName',
+        altNames: hosts.map(function (host) {
+          if (host.match(/^[\d\.]+$/)) {
+            return { type: 7, ip: host };
+          }
+          return { type: 2, value: host };
+        }),
+      },
+    ])
+  );
+  certServer.sign(this.CAkeys.privateKey, Forge.md.sha256.create());
+  var certPem = pki.certificateToPem(certServer);
+  var keyPrivatePem = pki.privateKeyToPem(keysServer.privateKey);
+  cb(certPem, keyPrivatePem);
+};
+CA.prototype.hostToFilename = function (hostname, ext) {
+  // Replace wildcards and colons, not portably supported in filenames
+  return hostname.replace(/\*/g, '_').replace(/\:/g, ';') + ext;
+};
+CA.prototype.getCACertPath = function () {
+  return this.certsFolder + '/ca.pem';
+};
+module.exports = CA;

package/lib/middleware/gunzip.js ADDED Viewed

@@ -0,0 +1,19 @@
+'use strict';
+var zlib = require('zlib');
+module.exports = {
+  onResponse: function(ctx, callback) {
+    if (ctx.serverToProxyResponse.headers['content-encoding']
+      && ctx.serverToProxyResponse.headers['content-encoding'].toLowerCase() == 'gzip') {
+      delete ctx.serverToProxyResponse.headers['content-encoding'];
+      ctx.addResponseFilter(zlib.createGunzip());
+    }
+    return callback();
+  },
+  onRequest: function(ctx, callback) {
+    ctx.proxyToServerRequestOptions.headers['accept-encoding'] = 'gzip';
+    return callback();
+  }
+};

package/lib/middleware/wildcard.js ADDED Viewed

@@ -0,0 +1,24 @@
+'use strict';
+/**
+ * group1: subdomain
+ * group2: domain.ext
+ * exclude short domains (length < 4) to avoid catching double extensions (ex: net.au, co.uk, ...)
+ */
+const HOSTNAME_REGEX = /^(.+)(\.[^\.]{4,}(\.[^\.]{1,3})*\.[^\.]+)$/;
+module.exports = {
+  onCertificateRequired: function (hostname, callback) {
+    var rootHost = hostname;
+    if (HOSTNAME_REGEX.test(hostname)) {
+      rootHost = hostname.replace(/^[^\.]+\./, '');
+    }
+    // Replace wildcards and colons, not portably supported in filenames
+    const hostCertFilename = rootHost.replace(/\*/g, '_').replace(/\:/g, ';') + ext;
+    return callback(null, {
+      keyFile: this.sslCaDir + '/keys/_.' + hostCertFilename + '.key',
+      certFile: this.sslCaDir + '/certs/_.' + hostCertFilename + '.pem',
+      hosts: ['*.' + rootHost, rootHost],
+    });
+  },
+};