package main import ( "crypto/rand" "crypto/rsa" "crypto/tls" "crypto/x509" "crypto/x509/pkix" "encoding/pem" "flag" "io" "log" "math/big" "net" "net/http" "os" "time" "fmt" ) func exists(path string) bool { _, err := os.Stat(path) return err == nil } func generateCert(host string) (string, string) { var err error dir := "/tmp/https-certs/" + host + "/" certPath := dir + "cert.pem" keyPath := dir + "key.pem" if exists(certPath) && exists(keyPath) { return certPath, keyPath } log.Println("Generating new certificates...") priv, err := rsa.GenerateKey(rand.Reader, 2048) if err != nil { log.Fatalf("failed to generate private key: %s", err) } notBefore := time.Now() notAfter := notBefore.Add(365 * 24 * time.Hour) serialNumberLimit := new(big.Int).Lsh(big.NewInt(1), 128) serialNumber, err := rand.Int(rand.Reader, serialNumberLimit) if err != nil { log.Fatalf("failed to generate serial number: %s", err) } template := x509.Certificate{ IsCA: true, SerialNumber: serialNumber, Subject: pkix.Name{ Organization: []string{"Acme Co"}, }, NotBefore: notBefore, NotAfter: notAfter, KeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign, ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth}, BasicConstraintsValid: true, } if ip := net.ParseIP(host); ip != nil { template.IPAddresses = append(template.IPAddresses, ip) } else { template.DNSNames = append(template.DNSNames, host) } derBytes, err := x509.CreateCertificate(rand.Reader, &template, &template, &priv.PublicKey, priv) if err != nil { log.Fatalf("Failed to create certificate: %s", err) } err = os.MkdirAll(dir, 0700) if err != nil { log.Fatalf("Failed to write certificates: %s", err) } certOut, err := os.Create(certPath) if err != nil { log.Fatalf("failed to open cert.pem for writing: %s", err) } pem.Encode(certOut, &pem.Block{Type: "CERTIFICATE", Bytes: derBytes}) certOut.Close() keyOut, err := os.OpenFile(keyPath, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600) if err != nil { log.Fatalf("failed to open key.pem for writing: %s", err) } pem.Encode(keyOut, &pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(priv)}) keyOut.Close() return certPath, keyPath } func handleTunneling(w http.ResponseWriter, r *http.Request) { //conf:=&tls.Config{InsecureSkipVerify:true} tcpAddr, err := net.ResolveTCPAddr("tcp", r.Host) if err != nil { println("ResolveTCPAddr failed:", err.Error()) return } //investigate why net.Dial keeps failing while DialTCP works dest_conn, err := net.DialTCP("tcp", nil, tcpAddr) if err != nil { fmt.Println("Connection failed to dest server") http.Error(w, "Cant connect to dest", http.StatusServiceUnavailable) return } //respond the server w.WriteHeader(http.StatusOK) //Investigate why cant create client with http.Transport with proxy //transport := http.Transport{ // Proxy: http.ProxyURL(proxyURL), // TLSClientConfig: &tls.Config{}, //} //Just use http.Hijacker hijacker, ok := w.(http.Hijacker) if !ok { http.Error(w, "Hijacking not supported", http.StatusInternalServerError) return } client_conn, _, err := hijacker.Hijack() if err != nil { fmt.Println("Client ERROR") http.Error(w, err.Error(), http.StatusServiceUnavailable) } //Let the proxy begin go transfer(dest_conn, client_conn) go transfer(client_conn, dest_conn) } func transfer(destination io.WriteCloser, source io.ReadCloser) { defer destination.Close() defer source.Close() //Copy the data io.Copy(destination, source) } //Regular HTTP PRoxy func handleHTTP(w http.ResponseWriter, req *http.Request) { resp, err := http.DefaultTransport.RoundTrip(req) if err != nil { http.Error(w, err.Error(), http.StatusServiceUnavailable) return } defer resp.Body.Close() copyHeader(w.Header(), resp.Header) w.WriteHeader(resp.StatusCode) io.Copy(w, resp.Body) } func copyHeader(dst, src http.Header) { for k, vv := range src { for _, v := range vv { dst.Add(k, v) } } } func main() { var proto string flag.StringVar(&proto, "proto", "http", "Proxy protocol (http or https)") flag.Parse() if proto != "http" && proto != "https" { log.Fatal("Protocol must be either http or https") } host := "165.227.74.36" cert, key := generateCert(host) server := &http.Server{ Addr: ":9000", Handler: http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { if r.Method == http.MethodConnect { handleTunneling(w, r) } else { handleHTTP(w, r) } }), // Disable HTTP/2. TLSNextProto: make(map[string]func(*http.Server, *tls.Conn, http.Handler)), } if proto == "http" { log.Fatal(server.ListenAndServe()) } else { log.Fatal(server.ListenAndServeTLS(cert, key)) } }