-
Notifications
You must be signed in to change notification settings - Fork 31
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #14 from mefellows/feat/ssl
SSL, TCP Tamperer and more
- Loading branch information
Showing
26 changed files
with
834 additions
and
101 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,59 @@ | ||
# SSL Muxy Tests | ||
|
||
Tests the following features: | ||
|
||
* Run Proxy with HTTPS enabled | ||
* Run Proxy with HTTPS enabled + custom certificate | ||
* Proxy HTTPS target | ||
* Proxy HTTPS target with invalid (untrusted) certificate | ||
* Proxy HTTPS target requiring client certificates | ||
|
||
|
||
### Start MASSL server | ||
|
||
``` | ||
cd examples/ssl/massl-server | ||
go run main.go | ||
``` | ||
|
||
From this directory, you should be able to `curl` the server to ensure it's up: | ||
|
||
``` | ||
curl --cacert ca.pem -E ./client.p12:password https://localhost:8080/hello | ||
# responds with "hello, world!" | ||
``` | ||
|
||
### Start Muxy | ||
|
||
``` | ||
cd examples/ssl | ||
muxy proxy --config certificate.yml | ||
``` | ||
|
||
### cURL muxy | ||
|
||
``` | ||
curl -k -v https://localhost:8000/hello | ||
``` | ||
|
||
You should see "Server certificate: localhost" if the correct certificates are being used. | ||
|
||
### Add some chaos | ||
|
||
Now that you have things working, time to add some chaos - uncomment the `http_tamperer` | ||
in `certificate.yml`: | ||
|
||
``` | ||
## HTTP Tamperer - Messes with Layer 7. | ||
## | ||
## Useful for messing with the HTTP protocol | ||
## | ||
- name: http_tamperer | ||
config: | ||
request: | ||
path: "/nothello" | ||
body: "wow, new body!" # Override request body | ||
response: | ||
status: 201 # Override HTTP Status code | ||
body: "my new body" # Override response body | ||
``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,66 @@ | ||
## Test configuration name. Used for reporting. | ||
name: Serve SSL and Send client certificates | ||
|
||
## Test Description. Used for reporting | ||
description: Slow network to mobile levels, and add 1s delay to all messages | ||
|
||
## Specify log output level | ||
## | ||
## Log Levels supported: | ||
## Trace (0), Debug (1), Info (2, Default), Warn (3), Error (4), Fatal (5) | ||
loglevel: 0 | ||
|
||
## Configure a proxy that will handle your requests, and forward | ||
## to proxied host. | ||
## | ||
## Currently supports `tcp_proxy` and `http_proxy`. | ||
proxy: | ||
|
||
## HTTP Proxy: Configures an HTTP Proxy | ||
## | ||
## NOTE: SSL is currently not supported | ||
- name: http_proxy | ||
config: | ||
host: 0.0.0.0 | ||
port: 8000 | ||
protocol: https | ||
proxy_host: localhost | ||
proxy_port: 8080 | ||
proxy_protocol: https | ||
proxy_ssl_key: proxy-server/test.key | ||
proxy_ssl_cert: proxy-server/test.crt | ||
proxy_client_ssl_key: client-certs/cert-key.pem | ||
proxy_client_ssl_cert: client-certs/cert.pem | ||
proxy_client_ssl_ca: client-certs/ca.pem | ||
# insecure: true # allow insecure https | ||
|
||
## Middleware | ||
## | ||
## Middleware are plugins that are given the opportunity to intervene | ||
## before a request is dispatched to the proxied system (PRE_DISPATCH event) | ||
## and afterwards (POST_DISPATCH event). They are given a reference to | ||
## the current context (HTTP Context or []bytes) and can mutate them. | ||
## | ||
## Middleware are executed in the order specified in this config. | ||
## | ||
middleware: | ||
|
||
## HTTP Tamperer - Messes with Layer 7. | ||
## | ||
## Useful for messing with the HTTP protocol | ||
## | ||
- name: http_tamperer | ||
config: | ||
request: | ||
path: "/nothello" | ||
body: "wow, new body!" # Override request body | ||
response: | ||
status: 201 # Override HTTP Status code | ||
body: "my new body" # Override response body | ||
|
||
## Request Logger - use this to see what's going in/out of the Proxy. | ||
## | ||
## | ||
- name: logger | ||
config: | ||
hex_output: false # Display output as Hex instead of a string |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,19 @@ | ||
-----BEGIN CERTIFICATE----- | ||
MIIDAjCCAeqgAwIBAgIRANd+eeBjb4D4mNW86NmUFk8wDQYJKoZIhvcNAQELBQAw | ||
KjESMBAGA1UEChMJbG9jYWxob3N0MRQwEgYDVQQDEwtQa2kgQ0EgUm9vdDAeFw0x | ||
NzAyMjgyMjIzMDBaFw0yMDAyMTMyMjIzMDBaMCoxEjAQBgNVBAoTCWxvY2FsaG9z | ||
dDEUMBIGA1UEAxMLUGtpIENBIFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw | ||
ggEKAoIBAQDS4qFc21Bh5fw4UftWS/MLxKkyJklX+045brxmYL05zGA/isF1QWSq | ||
pZaXaXhFr68/LcXAHOAiNzJSHe9ezscnn7lLN0J+6v5wvW6UKoQhMdCZpWHsGFe5 | ||
e4od6hWJm6rjh3qGx4ENgqXOZNukRMYbig7MKGE5htxcnvdImrPXAiRtuJ6Aa6bl | ||
dBhkpOhQwHEey90NtcliRM6H1jYcCbhtlRStCVXsWiMjfpq9YIq+Wf/ece27Rvgy | ||
DX3UVNkRTuS0ZeX+D3n4lyOMTzgT6Cn0OUU23D5TRCCkDCDxkXgmnT6Cri9x2WnX | ||
AT7c2apUAx6ms9+AACE32ijqSg0Zx0+zAgMBAAGjIzAhMA4GA1UdDwEB/wQEAwIC | ||
pDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCZ/d2+NWcU2bNy | ||
/W4XrwOHuBGVWW6vB2HGDN8l+Ut3K6Gbc5sXrkmmoap2y9zZKZl9mybchqQUJ9Qo | ||
U8zrhRJ5L74NRay9Jm+csRXbMBdSZtfJ8RRzZK7cr+fZ3DTd7tReSmV00nj7ciGj | ||
O2s73/GZHab7FzbTSbEf/5ei0UMAlN4L89DxzJxfnvIg6wu7dXg/QPhU3Ws4Y4bj | ||
5Dpl7pS2ZnVTh+cz39PgD+WkjubSx/CfOoo0bvwXKvg7vuE3HB65aP8tEZePSj4t | ||
MKWLAxwTNSqq7FVDrYkpgsnG00BTefaViTRyEuMaBWc4IpJ+r+W2ODEtFTWVyiyJ | ||
zXOYmm2Y | ||
-----END CERTIFICATE----- |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,27 @@ | ||
-----BEGIN RSA PRIVATE KEY----- | ||
MIIEpQIBAAKCAQEAuV2YLWXBXUyRp0FEIBr/Jp2EeOcm9XfQPZzZ6M21eH3Cky29 | ||
+OD0ynINBdFHi7QB5fFdnTtg4jpH+q9CvvpGVcrW6tpjKic+RaN6abnSkz+RrXII | ||
X4RtfV/W9wMz6V/h8nhzGWQID0iQkhooaIvTie2nQ+gwQm8wmCL1+KT2IRoELCvC | ||
3VwrjDGde+dSOp+g9oWo4CkCce+wnSQQkI1Htctaq9EayAnrpPFupSTw0+AEOBJK | ||
fGXg2yBN3EqUXBmF/jNcNsMqjV4LCheH6QYWSUxt24HoL9ycPdRnPeUKmzPi9dE9 | ||
dNfXvPtoltE8e/D8zTNNGWcRgGR0lzfxuWeW/wIDAQABAoIBAEx13+Sx+W3bvKTq | ||
FgjMOf0asl8QshBEyL/xaC1QVQ+LiGwfTSJQ4Ih1PQvuRH3K1ZGc2wmVSaRnd/Ne | ||
wcB3CfYvgjFDve3QXC5rfX4I6WRVr2iFBhEoVeWGV+xyBMK6C0ByEMAjc/Oh8ghi | ||
A9MEAlD9l6Y6K1Xr+XZ3zVAv81q5ZMEQsTERUkLA9lwDUpkQVipoLoKEVUeDiRvB | ||
jH+t9/I+axyARyuEx0Vx4Dza4AOhyNdW9J9szlAo2dhV21vW12MLvKH9jx1U2iAw | ||
vOBPe87xX40EIbiUkDrFKogdibFylQp/EWdsWFPM794b3D8/czfh2QYInghfoTzO | ||
bk5+rrECgYEA8u5UBYHYhHV9cQNAZVmpDE1JwUBg34q5M11TuSs7dyy2iqiHI7MS | ||
ysGsaOlf2bycKXQw10Ut+SVR0qnxjf2E/+cuCwnMySCaCPzat9UcGTMk3PqW7B4r | ||
foYmUmgH9n9zc845/L/LNEtHkeLEAGOJL+jvwx4dKxf0C84TZmHUKscCgYEAw1Z4 | ||
QI5L6OKIL1dGDUWLMJXkplxDSPH7XNwDg6zGa81T1NfgDCA+lyLqXEp9YqMSOk5N | ||
4X+mTspazmgv3x6b6urGtIIRENZFLFgKqNfwDFkWDShwChF/8M7bzJsS4P/cNtr1 | ||
lV0RHFERErRIE88v4ErXWwzDmOC/fJojJEW3OgkCgYEAzEuVKVR7C1nq9kFvxEvU | ||
mF3e6sADN7rn6MRRhmVPCvf1Q0Ja87DC2vRo04l/bBLrmQj3kfHBqcayuuDkHS7Y | ||
zIRT+kBxkarzHx/Vp8d2a9LQ621pwoPUvACA9cg6+hdQtlD1/xIkB4RPWeZEQrdy | ||
RXI1P/dxPC5WtB7HvdADpz0CgYEApzvkgABTZPJsfXtOchZT8CikNPlQcacZ+Io0 | ||
SAsnZSvI1bRsEHWaoHI4CwOLDWNnO5vGeYR7sYD09TmlonPmMN0HeYrRaYTIfAp0 | ||
NdGJpkiu5Fz2buhEjLnM3AL3ysHCmwQitNmUyJVu9IB8JNmAt5nbfgwTeVMRHXAp | ||
HejB0WECgYEA5hLQLsyqJY+BzzrvsC9RJ5y/U+P1KMFWnTyo/O8q2tihqSc9tlmk | ||
Jun18bc6z9qzwiSrYqOpAsE6IJlG+Cf39tXytVCxpuBXIe529VZekl2tEYaqdiQ1 | ||
0fbh7R+eGKRjtl+bXucciv+jok13oNWCTuTcpzbxWbNxenpMVYPwB5s= | ||
-----END RSA PRIVATE KEY----- |
Oops, something went wrong.