multiproxy

module

v0.3.1 Latest Latest Go to latest Published: Apr 29, 2021 License: MIT

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/akabos/multiproxy

Links

Open Source Insights

README ¶

multiproxy

multiproxy is an extensible and performant HTTP proxy implemented in Go.

Requirements

Go v1.15 (not tested, but should work with >1.11)

Installation

go install -u github.com/akabos/multiproxy/cmd

Usage

multiproxy

Running pre-built docker image:

docker run -rm -p 8080:8080 akabos/multiproxy

Making a request over the proxy:

curl -x http://127.0.0.1:8080 http://example.com

HTTPS

The proxy has two methods for handling CONNECT request. The default one is tunneling which is cryptographically consistent and used by default for all CONNECT requests. The downside of that handler is that proxy have to operate at TCP level and have no control over requests or responses passing through the proxy.

The other one is Man-in-the-Middle or MITM handler which basically implements Man-in-the-Middle attack. With this handler the proxy have full control over requests and responses. The downside is that client software have to be explicitly instructed to abandon attempts to verify server certificates.

Running the server in MITM mode:

mutiproxy -mitm '*'

Making a request over the proxy in MITM mode:

curl -k -x http://127.0.0.1:8080 https://example.com

It is possible to run proxy in the mixed mode. E.g. handling some domains with MITM and others with tunneling:

mutiproxy -mitm '.example.com,example.net' -tunnel '*'

In the example above example.com, all it's subdomains and example.net would be served by MITM and all the other hostnames with tunneling.

Proxy headers

According to RFC 2616, the Via general-header field MUST be used by gateways and proxies to indicate the intermediate protocols and recipients between the user agent and the server on requests, and between the origin server and the client on responses. By default, multiproxy obeys that requirement and adds an aforementioned header to each request, including those intercepted from CONNECT sessions. It also appends client IP to X-Forwarded-For header which is not defined by any RFC but is well known.

If that is not what you want, you have to explicitly disable that behaviour:

multiproxy -novia -noxforwardedfor

Goals

performance
extensibility
RFC compliance

Non-goals

GUI
transparent HTTPS proxying capabilities

TODO

Examples
Better test coverage

Directories ¶

Path	Synopsis
cmd
multiproxy
pkg
handlers
issuer
middleware/log
middleware/via
router

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL