From f9a69d11d11733d6bc56f44d1f5dc69bd1fbfa46 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E7=8E=8B=E8=89=AF?= <841369634@qq.com> Date: Sat, 12 Oct 2024 01:58:06 +0800 Subject: [PATCH] =?UTF-8?q?optimize:=20=E6=97=A5=E5=BF=97=E5=AE=8C?= =?UTF-8?q?=E5=96=84=EF=BC=8C`fakeServer`=20=E8=AE=B0=E5=BD=95=20`clientEr?= =?UTF-8?q?ror`=20=E5=92=8C=20`tlsClientError`=20=E4=B8=A4=E4=B8=AA?= =?UTF-8?q?=E5=BC=82=E5=B8=B8=E6=97=A5=E5=BF=97=E3=80=82?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../mitmproxy/src/lib/proxy/common/config.js | 9 +-- .../proxy/mitmproxy/createConnectHandler.js | 2 + .../proxy/mitmproxy/createFakeServerCenter.js | 3 +- .../src/lib/proxy/mitmproxy/index.js | 54 ++++++++++-------- .../src/lib/proxy/tls/FakeServersCenter.js | 57 +++++++++++++++++-- .../mitmproxy/src/lib/proxy/tls/tlsUtils.js | 4 ++ 6 files changed, 91 insertions(+), 38 deletions(-) diff --git a/packages/mitmproxy/src/lib/proxy/common/config.js b/packages/mitmproxy/src/lib/proxy/common/config.js index 1ba20e2..fd37b6e 100644 --- a/packages/mitmproxy/src/lib/proxy/common/config.js +++ b/packages/mitmproxy/src/lib/proxy/common/config.js @@ -1,16 +1,13 @@ const path = require('path') const config = exports -config.caCertFileName = 'dev-sidecar.ca.crt' - -config.caKeyFileName = 'dev-sidecar.ca.key.pem' - config.defaultHost = '127.0.0.1' - config.defaultPort = 31181 +config.defaultMaxLength = 100 +config.caCertFileName = 'dev-sidecar.ca.crt' +config.caKeyFileName = 'dev-sidecar.ca.key.pem' config.caName = 'DevSidecar - This certificate is generated locally' - config.caBasePath = buildDefaultCABasePath() config.getDefaultCABasePath = function () { diff --git a/packages/mitmproxy/src/lib/proxy/mitmproxy/createConnectHandler.js b/packages/mitmproxy/src/lib/proxy/mitmproxy/createConnectHandler.js index 65eb838..6c8faaa 100644 --- a/packages/mitmproxy/src/lib/proxy/mitmproxy/createConnectHandler.js +++ b/packages/mitmproxy/src/lib/proxy/mitmproxy/createConnectHandler.js @@ -39,6 +39,8 @@ module.exports = function createConnectHandler (sslConnectInterceptor, middlewar connect(req, cltSocket, head, localIP, serverObj.port) }, (e) => { log.error(`----- fakeServer getServerPromise error: ${hostname}:${port}, error:`, e) + }).catch((e) => { + log.error(`----- fakeServer getServerPromise error: ${hostname}:${port}, error:`, e) }) } else { log.info(`未匹配到任何 sslConnectInterceptors,不拦截请求,直接连接目标服务器: ${hostname}:${port}, headers:`, req.headers) diff --git a/packages/mitmproxy/src/lib/proxy/mitmproxy/createFakeServerCenter.js b/packages/mitmproxy/src/lib/proxy/mitmproxy/createFakeServerCenter.js index 977831c..cf90b77 100644 --- a/packages/mitmproxy/src/lib/proxy/mitmproxy/createFakeServerCenter.js +++ b/packages/mitmproxy/src/lib/proxy/mitmproxy/createFakeServerCenter.js @@ -3,6 +3,7 @@ const forge = require('node-forge') const FakeServersCenter = require('../tls/FakeServersCenter') const log = require('../../../utils/util.log') module.exports = function createFakeServerCenter ({ + maxLength, caCertPath, caKeyPath, requestHandler, @@ -26,7 +27,7 @@ module.exports = function createFakeServerCenter ({ return new FakeServersCenter({ caCert, caKey, - maxLength: 100, + maxLength, requestHandler, upgradeHandler, getCertSocketTimeout diff --git a/packages/mitmproxy/src/lib/proxy/mitmproxy/index.js b/packages/mitmproxy/src/lib/proxy/mitmproxy/index.js index 5beee08..684a2d7 100644 --- a/packages/mitmproxy/src/lib/proxy/mitmproxy/index.js +++ b/packages/mitmproxy/src/lib/proxy/mitmproxy/index.js @@ -11,6 +11,7 @@ module.exports = { createProxy ({ host = config.defaultHost, port = config.defaultPort, + maxLength = config.defaultMaxLength, caCertPath, caKeyPath, sslConnectInterceptor, @@ -63,6 +64,7 @@ module.exports = { const upgradeHandler = createUpgradeHandler(setting) const fakeServersCenter = createFakeServerCenter({ + maxLength, caCertPath, caKeyPath, requestHandler, @@ -81,49 +83,51 @@ module.exports = { const server = new http.Server() server.listen(port, host, () => { log.info(`dev-sidecar启动端口: ${host}:${port}`) - server.on('error', (err) => { - log.error('server error:', err) - }) server.on('request', (req, res) => { const ssl = false - log.debug('【server request】req:', req) + log.debug('【server request】\r\n----- req -----\r\n', req, '\r\n----- res -----\r\n', res) requestHandler(req, res, ssl) }) // tunneling for https server.on('connect', (req, cltSocket, head) => { - log.debug('【server connect】req:', req, ', socket:', cltSocket, ', head:', head) + log.debug('【server connect】\r\n----- req -----\r\n', req, '\r\n----- cltSocket -----\r\n', cltSocket, '\r\n----- head -----\r\n', head) connectHandler(req, cltSocket, head) }) // TODO: handler WebSocket server.on('upgrade', function (req, cltSocket, head) { const ssl = false - log.debug('【server upgrade】req:', req) + log.debug('【server upgrade】\r\n----- req -----\r\n', req) upgradeHandler(req, cltSocket, head, ssl) }) + server.on('error', (err) => { + log.error('【server error】\r\n----- error -----\r\n', err) + }) server.on('clientError', (err, cltSocket) => { - log.error('【server clientError】error:', err, ', socket:', cltSocket) + log.error('【server clientError】\r\n----- error -----\r\n', err, '\r\n----- cltSocket -----\r\n', cltSocket) cltSocket.end('HTTP/1.1 400 Bad Request\r\n\r\n') }) // 其他事件:仅记录debug日志 - server.on('close', () => { - log.debug('【server close】') - }) - server.on('connection', (cltSocket) => { - log.debug('【server connection】socket:', cltSocket) - }) - server.on('listening', () => { - log.debug('【server listening】') - }) - server.on('checkContinue', (req, res) => { - log.debug('【server checkContinue】req:', req, ', res:', res) - }) - server.on('checkExpectation', (req, res) => { - log.debug('【server checkExpectation】req:', req, ', res:', res) - }) - server.on('dropRequest', (req, cltSocket) => { - log.debug('【server checkExpectation】req:', req, ', socket:', cltSocket) - }) + if (process.env.NODE_ENV === 'development') { + server.on('close', () => { + log.debug('【server close】no arguments...') + }) + server.on('connection', (cltSocket) => { + log.debug('【server connection】\r\n----- cltSocket -----\r\n', cltSocket) + }) + server.on('listening', () => { + log.debug('【server listening】no arguments...') + }) + server.on('checkContinue', (req, res) => { + log.debug('【server checkContinue】\r\n----- req -----\r\n', req, '\r\n----- res -----\r\n', res) + }) + server.on('checkExpectation', (req, res) => { + log.debug('【server checkExpectation】\r\n----- req -----\r\n', req, '\r\n----- res -----\r\n', res) + }) + server.on('dropRequest', (req, cltSocket) => { + log.debug('【server checkExpectation】\r\n----- req -----\r\n', req, '\r\n----- cltSocket -----\r\n', cltSocket) + }) + } if (callback) { callback(server) diff --git a/packages/mitmproxy/src/lib/proxy/tls/FakeServersCenter.js b/packages/mitmproxy/src/lib/proxy/tls/FakeServersCenter.js index cf3d954..a066b2b 100644 --- a/packages/mitmproxy/src/lib/proxy/tls/FakeServersCenter.js +++ b/packages/mitmproxy/src/lib/proxy/tls/FakeServersCenter.js @@ -26,7 +26,7 @@ module.exports = class FakeServersCenter { log.info('超过最大服务数量,删除旧服务。delServerObj:', delServerObj) delServerObj.serverObj.server.close() } catch (e) { - log.info('`delServerObj.serverObj.server.close()` error:', e) + log.error('`delServerObj.serverObj.server.close()` error:', e) } } this.queue.push(serverPromiseObj) @@ -78,26 +78,71 @@ module.exports = class FakeServersCenter { port: 0 // if prot === 0 ,should listen server's `listening` event. } serverPromiseObj.serverObj = serverObj + fakeServer.listen(0, () => { const address = fakeServer.address() serverObj.port = address.port }) fakeServer.on('request', (req, res) => { const ssl = true + log.debug(`【fakeServer request - ${hostname}:${port}】\r\n----- req -----\r\n`, req, '\r\n----- res -----\r\n', res) this.requestHandler(req, res, ssl) }) - fakeServer.on('error', (e) => { - log.error('fakeServer error:', e) - }) fakeServer.on('listening', () => { - const mappingHostNames = tlsUtils.getMappingHostNamesFromCert(certObj.cert) - serverPromiseObj.mappingHostNames = mappingHostNames + log.debug(`【fakeServer listening - ${hostname}:${port}】no arguments...`) + serverPromiseObj.mappingHostNames = tlsUtils.getMappingHostNamesFromCert(certObj.cert) resolve(serverObj) }) fakeServer.on('upgrade', (req, socket, head) => { const ssl = true + log.debug(`【fakeServer upgrade - ${hostname}:${port}】\r\n----- req -----\r\n`, req, '\r\n----- socket -----\r\n', socket, '\r\n----- head -----\r\n', head) this.upgradeHandler(req, socket, head, ssl) }) + + // 三个 error 事件 + fakeServer.on('error', (e) => { + log.error(`【fakeServer error - ${hostname}:${port}】\r\n----- error -----\r\n`, e) + }) + fakeServer.on('clientError', (err, socket) => { + log.error(`【fakeServer clientError - ${hostname}:${port}】\r\n----- error -----\r\n`, err, '\r\n----- socket -----\r\n', socket) + }) + fakeServer.on('tlsClientError', (err, tlsSocket) => { + log.error(`【fakeServer tlsClientError - ${hostname}:${port}】\r\n----- error -----\r\n`, err, '\r\n----- tlsSocket -----\r\n', tlsSocket) + }) + + // 其他监听事件,只打印debug日志 + if (process.env.NODE_ENV === 'development') { + fakeServer.on('keylog', (line, tlsSocket) => { + log.debug(`【fakeServer keylog - ${hostname}:${port}】\r\n----- line -----\r\n`, line, '\r\n----- tlsSocket -----\r\n', tlsSocket) + }) + // fakeServer.on('newSession', (sessionId, sessionData, callback) => { + // log.debug('【fakeServer newSession - ${hostname}:${port}】\r\n----- sessionId -----\r\n', sessionId, '\r\n----- sessionData -----\r\n', sessionData, '\r\n----- callback -----\r\n', callback) + // }) + // fakeServer.on('OCSPRequest', (certificate, issuer, callback) => { + // log.debug('【fakeServer OCSPRequest - ${hostname}:${port}】\r\n----- certificate -----\r\n', certificate, '\r\n----- issuer -----\r\n', issuer, '\r\n----- callback -----\r\n', callback) + // }) + // fakeServer.on('resumeSession', (sessionId, callback) => { + // log.debug('【fakeServer resumeSession - ${hostname}:${port}】\r\n----- sessionId -----\r\n', sessionId, '\r\n----- callback -----\r\n', callback) + // }) + fakeServer.on('secureConnection', (tlsSocket) => { + log.debug(`【fakeServer secureConnection - ${hostname}:${port}】\r\n----- tlsSocket -----\r\n`, tlsSocket) + }) + fakeServer.on('close', () => { + log.debug(`【fakeServer close - ${hostname}:${port}】no arguments...`) + }) + fakeServer.on('connection', (socket) => { + log.debug(`【fakeServer connection - ${hostname}:${port}】\r\n----- socket -----\r\n`, socket) + }) + fakeServer.on('checkContinue', (req, res) => { + log.debug(`【fakeServer checkContinue - ${hostname}:${port}】\r\n----- req -----\r\n`, req, '\r\n----- res -----\r\n', res) + }) + fakeServer.on('checkExpectation', (req, res) => { + log.debug(`【fakeServer checkExpectation - ${hostname}:${port}】\r\n----- req -----\r\n`, req, '\r\n----- res -----\r\n', res) + }) + fakeServer.on('connect', (req, socket, head) => { + log.debug(`【fakeServer resumeSession - ${hostname}:${port}】\r\n----- req -----\r\n`, req, '\r\n----- socket -----\r\n', socket, '\r\n----- head -----\r\n', head) + }) + } })() }) diff --git a/packages/mitmproxy/src/lib/proxy/tls/tlsUtils.js b/packages/mitmproxy/src/lib/proxy/tls/tlsUtils.js index 5b029e0..f0476d2 100644 --- a/packages/mitmproxy/src/lib/proxy/tls/tlsUtils.js +++ b/packages/mitmproxy/src/lib/proxy/tls/tlsUtils.js @@ -226,6 +226,10 @@ utils.isBrowserRequest = function (userAgent) { // /^[^.]+\.a\.com$/.test('c.a.com') // utils.isMappingHostName = function (DNSName, hostname) { + if (DNSName === hostname) { + return true + } + let reg = DNSName.replace(/\./g, '\\.').replace(/\*/g, '[^.]+') reg = '^' + reg + '$' return (new RegExp(reg)).test(hostname)