[SOLVED] Problems with building a MITM proxy with Netty that handles both HTTP and HTTPS on the same port

Issue

This Content is from Stack Overflow. Question asked by ATom

I’m trying to write a custom proxy with HTTPS support.
It means that I need to react to HTTP CONNECT command, then open TCP/IP connection to desired server and lets browser use it.

I can open RAW socket as described here
https://ktor.io/docs/servers-raw-sockets.html#server_send
But I don’t want then manually handle HTTP decoding.

I want to detect if it is HTTP or not and then use embedded HTTP parsing.
I currently don’t need to do MITM, so I don’t need to decode the incoming SSL stream.
But this is also possible in the future.

Something like
https://github.com/ravindraranwala/NettyReverseProxy/blob/master/NettyRPDemo/src/main/java/org/wso2/netty/SecureProxyInitializer.java#L64
or
Problems with building a MITM proxy with Netty that handles both HTTP and HTTPS on the same port



Solution

actually you are writing into the pipeline with other handlers ahead of it. So if you add this piece of code in the InboundFrontHandler

log.info(context.pipeline().toMap());
context.writeAndFlush(CONNECT_RESPONSE).addListener(new ChannelFutureListener() {
        @Override
        public void operationComplete(ChannelFuture future) throws Exception {
               log.info("WriteandFlush : " + future.isSuccess());
        }
});

the output would be 
INFO  test.InboundFrontHandler  - {InboundFrontHandler#0=test.InboundFrontHandler@1f060469, HttpRequestDecoder#0=io.netty.handler.codec.http.HttpRequestDecoder@1c3c34f6, HttpResponseEncoder#0=io.netty.handler.codec.http.HttpResponseEncoder@7333cf2a, DEFLATER_HANDLER=io.netty.handler.codec.http.HttpContentCompressor@3d7fa45b}
INFO  test.InboundFrontHandler  - WriteandFlush : false

I suggest reading up on the examples : https://github.com/netty/netty/tree/master/example/src/main/java/io/netty/example

cos there are quite some mistakes regarding pipelines and how handlers are used and how writes are done. For example without flush the data wont be transferred.

Chrome sent another Connect request cos it did not receive the http 200 response. Another suggestion use curl to understand exactly what data is being sent across and received makes debugging a lot easier
Sample :
curl -x 127.0.0.1:1119 "https://www.google.com/" --trace -


 This Question was asked in  StackOverflow by  JBT and Answered by jknair It is licensed under the terms of 
CC BY-SA 2.5. - CC BY-SA 3.0. - CC BY-SA 4.0.
people found this article helpful. What about you?