http-https-tunnel/tunnel.go

196 lines
4.7 KiB
Go
Raw Normal View History

2018-01-16 16:22:15 -06:00
package main
import (
"crypto/rand"
"crypto/rsa"
"crypto/tls"
"crypto/x509"
"crypto/x509/pkix"
"encoding/pem"
"flag"
"io"
"log"
"math/big"
"net"
"net/http"
"os"
"time"
"fmt"
)
func exists(path string) bool {
_, err := os.Stat(path)
return err == nil
}
func generateCert(host string) (string, string) {
var err error
dir := "/tmp/https-certs/" + host + "/"
certPath := dir + "cert.pem"
keyPath := dir + "key.pem"
if exists(certPath) && exists(keyPath) {
return certPath, keyPath
}
log.Println("Generating new certificates...")
priv, err := rsa.GenerateKey(rand.Reader, 2048)
if err != nil {
log.Fatalf("failed to generate private key: %s", err)
}
notBefore := time.Now()
notAfter := notBefore.Add(365 * 24 * time.Hour)
serialNumberLimit := new(big.Int).Lsh(big.NewInt(1), 128)
serialNumber, err := rand.Int(rand.Reader, serialNumberLimit)
if err != nil {
log.Fatalf("failed to generate serial number: %s", err)
}
template := x509.Certificate{
IsCA: true,
SerialNumber: serialNumber,
Subject: pkix.Name{
Organization: []string{"Acme Co"},
},
NotBefore: notBefore,
NotAfter: notAfter,
KeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign,
ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
BasicConstraintsValid: true,
}
if ip := net.ParseIP(host); ip != nil {
template.IPAddresses = append(template.IPAddresses, ip)
} else {
template.DNSNames = append(template.DNSNames, host)
}
derBytes, err := x509.CreateCertificate(rand.Reader, &template, &template, &priv.PublicKey, priv)
if err != nil {
log.Fatalf("Failed to create certificate: %s", err)
}
err = os.MkdirAll(dir, 0700)
if err != nil {
log.Fatalf("Failed to write certificates: %s", err)
}
certOut, err := os.Create(certPath)
if err != nil {
log.Fatalf("failed to open cert.pem for writing: %s", err)
}
pem.Encode(certOut, &pem.Block{Type: "CERTIFICATE", Bytes: derBytes})
certOut.Close()
keyOut, err := os.OpenFile(keyPath, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600)
if err != nil {
log.Fatalf("failed to open key.pem for writing: %s", err)
}
pem.Encode(keyOut, &pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(priv)})
keyOut.Close()
return certPath, keyPath
}
func handleTunneling(w http.ResponseWriter, r *http.Request) {
//conf:=&tls.Config{InsecureSkipVerify:true}
tcpAddr, err := net.ResolveTCPAddr("tcp", r.Host)
if err != nil {
println("ResolveTCPAddr failed:", err.Error())
return
}
//investigate why net.Dial keeps failing while DialTCP works
dest_conn, err := net.DialTCP("tcp", nil, tcpAddr)
if err != nil {
fmt.Println("Connection failed to dest server")
http.Error(w, "Cant connect to dest", http.StatusServiceUnavailable)
return
}
//respond the server
w.WriteHeader(http.StatusOK)
//Investigate why cant create client with http.Transport with proxy
//transport := http.Transport{
// Proxy: http.ProxyURL(proxyURL),
// TLSClientConfig: &tls.Config{},
//}
//Just use http.Hijacker
hijacker, ok := w.(http.Hijacker)
if !ok {
http.Error(w, "Hijacking not supported", http.StatusInternalServerError)
return
}
client_conn, _, err := hijacker.Hijack()
if err != nil {
fmt.Println("Client ERROR")
http.Error(w, err.Error(), http.StatusServiceUnavailable)
}
//Let the proxy begin
go transfer(dest_conn, client_conn)
go transfer(client_conn, dest_conn)
}
func transfer(destination io.WriteCloser, source io.ReadCloser) {
defer destination.Close()
defer source.Close()
//Copy the data
io.Copy(destination, source)
}
//Regular HTTP PRoxy
func handleHTTP(w http.ResponseWriter, req *http.Request) {
resp, err := http.DefaultTransport.RoundTrip(req)
if err != nil {
http.Error(w, err.Error(), http.StatusServiceUnavailable)
return
}
defer resp.Body.Close()
copyHeader(w.Header(), resp.Header)
w.WriteHeader(resp.StatusCode)
io.Copy(w, resp.Body)
}
func copyHeader(dst, src http.Header) {
for k, vv := range src {
for _, v := range vv {
dst.Add(k, v)
}
}
}
func main() {
var proto string
flag.StringVar(&proto, "proto", "http", "Proxy protocol (http or https)")
flag.Parse()
if proto != "http" && proto != "https" {
log.Fatal("Protocol must be either http or https")
}
host := "165.227.74.36"
cert, key := generateCert(host)
server := &http.Server{
Addr: ":9000",
Handler: http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
if r.Method == http.MethodConnect {
handleTunneling(w, r)
} else {
handleHTTP(w, r)
}
}),
// Disable HTTP/2.
TLSNextProto: make(map[string]func(*http.Server, *tls.Conn, http.Handler)),
}
if proto == "http" {
log.Fatal(server.ListenAndServe())
} else {
log.Fatal(server.ListenAndServeTLS(cert, key))
}
}