chaos-http-proxy icon indicating copy to clipboard operation
chaos-http-proxy copied to clipboard
verified publisher icon bouncestorage

HTTPS support

Open kahing opened this issue 10 years ago • 5 comments

it'd be good to have https support and induce chaos at the HTTPS layer

kahing avatar May 14 '15 18:05 kahing

What about a MITM proxy server that terminates the TLS connection at chaos-http-proxy? It would also be nice to induce HTTP errors in HTTPS sessions.

Happy to contribute, as I have an ahem need for such a thing.

flandr avatar Aug 24 '15 20:08 flandr

Please submit a pull request. I believe you can scoop all the needed logic out of S3Proxy.

gaul avatar Aug 24 '15 20:08 gaul

Ok, but in the meanwhile let's disable CONNECT; the URL composition logic is misinterpreting the request-uri portion of that message & it's doomed to failure anyway.

https://github.com/bouncestorage/chaos-http-proxy/pull/9

flandr avatar Aug 24 '15 21:08 flandr

Researching this some years later, I am not sure that any HTTPS clients will work in the MITM way that I had imagined and that would be useful to Chaos HTTP Proxy. Instead it seems that they use the CONNECT verb then pass encrypted traffic between client and server:

https://stackoverflow.com/a/36171547/2800111

Perhaps it is possible to inject a different SSL certificate as long as the client disables verification?

gaul avatar Dec 30 '20 10:12 gaul

compy shows how to do this in Go.

gaul avatar Jan 14 '21 10:01 gaul