Help recreating bug report in proxy library
Elazar Leibovich
elazarl at gmail.com
Fri Aug 2 15:17:37 IDT 2013
Hi,
I'm maintaining a small HTTP proxy library that allows you to eavesdrop
HTTP requests. Someone reported a bug which I cannot recreate, so I'm
trying my luck here. [repost from golang-nuts, where I didn't get an
answer].
It seems to work on my machine, but a user still complain.
https://github.com/elazarl/goproxy/issues/15
I could use two forms of help:
1) Test it on your environment and report the results.
$ mkdir ~/gopath2
$ GOPATH=~/gopath2 go get github.com/elazarl/goproxy/examples/eavesdropper
$ # add ~/gopath2/src/github.com/elazarl/goproxy/ca.cert as a root CA to
your browser
$ ~/gopath2/bin/eavesdropper
# use HTTP proxy at localhost:8080, browse to a https site, and see if you
get warnings
2) Generally speaking, I don't really know too much cryptography in
general, or TLS/SSL in particular. If you do, have a look at the code and
explain my mistakes.
Most of the logic is here:
https://github.com/elazarl/goproxy/blob/master/signer.go
The way it does that is:
1) goproxy have a builtin CA certificate, hard coded into a variable. It's
generated with http://golang.org/src/pkg/crypto/tls/generate_cert.go
2) Given a CONNECT foo.com:443 proxy request, it would:
3) Generate a certificate for foo.com and sign it with the builtin CA,
4) Submit this certificate with the certificate chain: [new_cert, CA],
using crypto/tls package.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.cs.huji.ac.il/pipermail/linux-il/attachments/20130802/ec66e240/attachment.html>
More information about the Linux-il
mailing list