goproxy
goproxy copied to clipboard
Security issue: if use mitn handler websocket ignores cascade end proxy and use direct connect
Hi! I get code from https://github.com/elazarl/goproxy/blob/0581fc3aee2d07555835bed1a876aca196a4a511/examples/cascadeproxy/main.go
and connect to wss://webhook.site/....
or ws://webhook.site/....
all ok - connected via end proxy.
But if add Mitm handler to middleProxy
middleProxy.OnRequest(goproxy.ReqHostMatches(regexp.MustCompile("^.*$"))).HandleConnect(goproxy.AlwaysMitm)
not ok - connected via server IP.
I believe this is a security issue and should not be enabled by default.
May be related: https://github.com/elazarl/goproxy/issues/125