App-HTTP_Proxy_IMP
view release on metacpan or search on metacpan
lib/App/HTTP_Proxy_IMP.pm view on Meta::CPAN
package App::HTTP_Proxy_IMP;
our $VERSION = '0.958';
use fields (
'addr', # \@addr to listen on
'impns', # \@namespace for IMP plugins
'filter', # \@plugins to load
'logrx', # regexp for filtering log messages
'pcapdir', # dir to store pcap files of requests
'mitm_ca', # file containing cert and key of proxy cert
'capath', # path to CA to verify server cert
'no_check_certificate', # don't check server certificates
'childs', # use this number of childs ( 0 = don't fork)
'max_connect_per_child', # max number of connections before child exits
);
use App::HTTP_Proxy_IMP::IMP;
use App::HTTP_Proxy_IMP::Conn;
use App::HTTP_Proxy_IMP::Request;
use App::HTTP_Proxy_IMP::Relay;
use AnyEvent;
lib/App/HTTP_Proxy_IMP.pm view on Meta::CPAN
$cmd Options* [ip:port|ip:port=upstream_ip:port]+
ip:port - listen address(es) for the proxy
ip:port=upstream_ip:port - listen adress and upstream proxy
Options:
-h|--help show usage
--mitm-ca ca.pem use given file in PEM format as a Proxy-CA for intercepting
SSL connections (e.g. man in the middle). Should include key
and cert.
--capath P path to file or dir containing CAs, which are used to verify
server certificates when intercepting SSL.
Tries to use builtin default if not given.
--no-check-certificate do not check server certificates when intercepting
SSL connections
-C|--childs N fork N childs an keep them running, e.g. if one child dies
immediatly fork another one. This way one can spread the load
over multiple processors (N>1) or just make sure, that child
gets restarted on errors (N=1)
-M|--maxconn N child will exit (and gets restarted) after N connections
lib/App/HTTP_Proxy_IMP.pm view on Meta::CPAN
# export to PKCS12 for import into browser
openssl pkcs12 -export -in proxy_ca.pem -inkey proxy_ca.pem -out proxy_ca.p12
It will try to create the directory proxy_ca.pem.cache and use it as a cache
for generated cloned certificates. If this is not possible the cloned certificates
will persist over restarts of the proxy.
=item capath certs.pem | cert-dir
The path (file with certificates or directory) with the CAs, which are used to
verify SSL certificates when doing SSL interception.
If not given it will check initially for various path, starting with using
Mozilla::CA, trying /etc/ssl/certs and /etc/ssl/certs.pem before giving up and
exiting.
=item no_check_certificate
If true disables checking of SSL certificates when doing SSL interception.
=item childs N
lib/App/HTTP_Proxy_IMP/Relay.pm view on Meta::CPAN
my $sfo = $self->{fds}[$from] or return
$self->fatal("cannot startssl $from - no such fo");
# stop handling all data
$self->mask($to,r=>0);
$self->mask($from,r=>0);
weaken( my $wself = $self );
my %sslargs = (
SSL_verifycn_name => $hostname,
SSL_verifycn_schema => 'http',
SSL_hostname => $hostname, # SNI
$conn->{capath} ? (
SSL_verify_mode => SSL_VERIFY_PEER,
( -d $conn->{capath} ? 'SSL_ca_path' : 'SSL_ca_file' ),
$conn->{capath}
):(
SSL_verify_mode => SSL_VERIFY_NONE
)
);
$sfo->startssl( %sslargs, sub {
my $sfo = shift;
my ($cert,$key) = $mitm->clone_cert($sfo->{fd}->peer_certificate);
my $cfo = $wself->{fds}[$to] or return
$wself->fatal("cannot startssl $to - no such fo");
$cfo->startssl(
SSL_server => 1,
SSL_cert => $cert,
lib/App/HTTP_Proxy_IMP/Relay.pm view on Meta::CPAN
# retry
my $dir =
$SSL_ERROR == SSL_WANT_READ ? 'r' :
$SSL_ERROR == SSL_WANT_WRITE ? 'w' :
return $self->{relay}->fatal( "unhandled $SSL_ERROR on EAGAIN" );
$self->mask( $dir => sub { _ssl($self,$sub,$cb,$sslargs) });
} elsif ( $sslargs->{SSL_server} ) {
return $self->{relay}->fatal( "error on accept_SSL: $SSL_ERROR|$!" );
} else {
return $self->{relay}->fatal(
"error on connect_SSL to $sslargs->{SSL_verifycn_name}: $SSL_ERROR|$!" );
}
}
############################################################################
# DNS cache
############################################################################
package App::HTTP_Proxy_IMP::Relay::DNS;
use AnyEvent::DNS;
( run in 0.333 second using v1.01-cache-2.11-cpan-73692580452 )