AnyProxy抓包实践
邵宏达
本质是中间人攻击(man-in-the-middle attack)
文档:
https://github.com/alibaba/anyproxy/blob/master/docs/cn/src_doc.md
安装
npm install -g anyproxy
启动
anyproxy
编写处理规则
rule.js
module.exports = {
// 模块介绍
summary: 'my customized rule for AnyProxy',
// 发送请求前拦截处理
*beforeSendRequest(requestDetail) { /* ... */ },
// 发送响应前处理
*beforeSendResponse(requestDetail, responseDetail) { /* ... */ },
// 是否处理https请求
*beforeDealHttpsRequest(requestDetail) { /* ... */ },
// 请求出错的事件
*onError(requestDetail, error) { /* ... */ },
// https连接服务器出错
*onConnectError(requestDetail, error) { /* ... */ }
};
demo
// file: sample.js
module.exports = {
summary: 'a rule to hack response',
*beforeSendResponse(requestDetail, responseDetail) {
if (requestDetail.url === 'http://httpbin.org/user-agent') {
const newResponse = responseDetail.response;
newResponse.body += '- AnyProxy Hacked!';
return { response: newResponse };
}
},
};
使用rule规则
anyproxy --rule ./sample.js
测试
curl https://github.com --proxy http://127.0.0.1:8001
类似资料: