From aec945e44e84994120dd0552acbe3e655b895bfb Mon Sep 17 00:00:00 2001 From: Hatter Jiang Date: Sat, 30 Mar 2024 20:24:29 +0800 Subject: [PATCH] feat: v0.2.0-rc, optimize code --- README.md | 99 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 99 insertions(+) diff --git a/README.md b/README.md index 56e4db9..e4ef4cf 100644 --- a/README.md +++ b/README.md @@ -49,6 +49,105 @@ $ cargo r --example generate_self_signed_ca When generate success, cert and key will write to files `cert.pem`, `cert.key`, fail if any file is existed. +Proxy example: + +Edit `/etc/hosts` add: +```text +127.0.0.1 www.baidu.com +``` + +Send HTTP request via cURL: +```shell +$ curl https://www.baidu.com/not-found -v +* Trying 127.0.0.1... +* TCP_NODELAY set +* Connected to www.baidu.com (127.0.0.1) port 443 (#0) +* ALPN, offering h2 +* ALPN, offering http/1.1 +* successfully set certificate verify locations: +* CAfile: /etc/ssl/cert.pem + CApath: none +* TLSv1.2 (OUT), TLS handshake, Client hello (1): +* TLSv1.2 (IN), TLS handshake, Server hello (2): +* TLSv1.2 (IN), TLS handshake, Certificate (11): +* TLSv1.2 (IN), TLS handshake, Server key exchange (12): +* TLSv1.2 (IN), TLS handshake, Server finished (14): +* TLSv1.2 (OUT), TLS handshake, Client key exchange (16): +* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1): +* TLSv1.2 (OUT), TLS handshake, Finished (20): +* TLSv1.2 (IN), TLS change cipher, Change cipher spec (1): +* TLSv1.2 (IN), TLS handshake, Finished (20): +* SSL connection using TLSv1.2 / ECDHE-ECDSA-AES256-GCM-SHA384 +* ALPN, server did not agree to a protocol +* Server certificate: +* subject: CN=www.baidu.com +* start date: Mar 30 11:20:17 2024 GMT +* expire date: Jun 28 12:20:17 2024 GMT +* subjectAltName: host "www.baidu.com" matched cert's "www.baidu.com" +* issuer: CN=Hatter Test Intermediate EC CA Class 2 +* SSL certificate verify ok. +> GET /not-found HTTP/1.1 +> Host: www.baidu.com +> User-Agent: curl/7.64.1 +> Accept: */* +> +< HTTP/1.1 404 Not Found +< Content-Length: 207 +< Content-Type: text/html; charset=iso-8859-1 +< Date: Sat, 30 Mar 2024 12:20:22 GMT +< Server: Apache +< Connection: keep-alive +< + + +404 Not Found + +

Not Found

+

The requested URL /not-found was not found on this server.

+ +``` + +Log from proxy-inspector: +```text +[2024-03-30T12:21:28Z INFO proxy_inspector::service] SNI provided: www.baidu.com +[2024-03-30T12:21:28Z INFO proxy_inspector::cert] New certificate for: www.baidu.com -> 4f33ad6b50c67dd3356a04bf7885830c90cf0369 +[2024-03-30T12:21:28Z INFO proxy_inspector::app] Request: + GET /not-found HTTP/1.1 + host: www.baidu.com + user-agent: curl/7.64.1 + accept: */* + + +[2024-03-30T12:21:28Z INFO proxy_inspector::app] Find host header: www.baidu.com +[2024-03-30T12:21:28Z INFO proxy_inspector::app] DNS found www.baidu.com --> 180.101.50.188 +[2024-03-30T12:21:28Z INFO proxy_inspector::app] DNS peer: www.baidu.com --> 180.101.50.188:443 +[2024-03-30T12:21:28Z INFO proxy_inspector::app] Response: + HTTP/1.1 404 Not Found + content-length: 207 + content-type: text/html; charset=iso-8859-1 + date: Sat, 30 Mar 2024 12:21:28 GMT + server: Apache +[2024-03-30T12:21:28Z INFO proxy_inspector::app] Body true: [[[ + + + 404 Not Found + +

Not Found

+

The requested URL /not-found was not found on this server.

+ + + ]]] +``` + +proxy-inspector did the follow steps: +1. issue certificate for `www.baidu.com` +2. receive request `GET /not-found`, print request to log +3. send DNS query `www.baidu.com -> 180.101.40.188` +4. send HTTPS request to `180.101.50.188:443` +5. receive response header, print response header to log +6. receive response body, print response body to log + + Important * Intermediate certificate tested: