Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How do I write a simple HTTPS proxy server in Ruby?

Tags:

ruby

proxy

https

ssl

I've seen several examples of writing an HTTP proxy in Ruby, e.g. this gist by Torsten Becker, but how would I extend it to handle HTTPS, aka for a "man in the middle" SSL proxy?

I'm looking for a simple source code framework which I can extend for my own logging and testing needs.

update

I already use Charles, a nifty HTTPS proxy app similar to Fiddler and it is essentially what I want except that it's packaged up in an app. I want to write my own because I have specific needs for filtering and presentation.

update II

Having poked around, I understand the terminology a little better. I'm NOT after a full "Man in the Middle" SSL proxy. Instead, it will run locally on my machine and so I can honor whatever SSL cert it offers. However, I need to see the decrypted contents of packets of my requests and the decrypted contents of the responses.

like image 210
fearless_fool Avatar asked Aug 29 '12 22:08

fearless_fool

1 Answers

Just for background information, a normal HTTP proxy handles HTTPS requests via the CONNECT method: it reads the host name and port, establishes a TCP connection to this target server on this port, returns 200 OK and then merely tunnels that TCP connection to the initial client (the fact that SSL/TLS is exchanged on top of that TCP connection is barely relevant).

This is what the do_CONNECT method if WEBrick::HTTPProxyServer.

If you want a MITM proxy, i.e. if you want to be able to look inside the SSL/TLS traffic, you can certainly use WEBrick::HTTPProxyServer, but you'll need to change do_CONNECT completely:

  • Firstly, your proxy server will need to embed a mini CA, capable of generating certificates on the fly (failing that, you might be able to use self-signed certificates, if you're willing to bypass warning messages in the browser). You would then import that CA certificate into the browser.
  • When you get the CONNECT request, you'll need to generate a certificate valid for that host name (preferable with a Suject Alt. Name for that host name, or in the Subject DN's Common Name), and upgrade the socket into an SSL/TLS server socket (using that certificate). If the browser accepts to trust that certificate, what you get from thereon on this SSL/TLS socket is the plain text traffic.
  • You would then have to handle the requests (get the request line, headers and entity) and take it to use it via a normal HTTPS client library. You might be able to send that traffic to a second instance of WEBrick::HTTPProxyServer, but it would have to be tweaked to make outgoing HTTPS requests instead of plain HTTP requests.
like image 100
Bruno Avatar answered Nov 15 '22 04:11

Bruno
Sign in to Comment

Related questions

Sanitize HTML and close incomplete tags
hex string to signed int conversion in Ruby
currency number format using spreadsheet gem
Redis backed Rails model
How to communicate with threads in Ruby?
How to print a string with a backward slash in Ruby
Highgui and ruby
Converting file path to URI
Pik on Windows 7 doesn't remember the selection
Ruby recursion issue
Global variable vs. constant vs. class instance variable for global cache
How do I test the assignment of an instance variable in the new action of my controller with rspec?
Sequel: How to use group and count
Filter site.related_posts in Jekyll
Simple ruby guard watcher
Ruby : Could not find RedCloth-4.2.9
Active Record order by group size
most efficient way to write data into a file
Could not resolve host when trying to install RVM
Subtract values in hash from corresponding values in another hash

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!