I am using SwiftNIO with the Connect Proxy based on the official example (swift-nio-examples/connect-proxy at main · apple/swift-nio-examples · GitHub ).
I was able to create proxy server and its working. but I'm not able to print the https url params and its body.
I don't know how i will be able to print that out.
I have tried to look into the source code but I don't have a lot of experience with these frameworks and wasn't exactly sure where to look.
Thanks very much!
i have tried the above but unable to log url params. and my ConnectHandler is the same as mentioned in example.
if i search https://jsonplaceholder.typicode.com/todos/1
then mentioned code print jsonplaceholder.typicode.com:443 not the full url.
That is expected. The URI for CONNECT requests only includes the host and port of the target but nothing else.
If you run
curl with a proxy configured and in verbose mode you can see the headers that it sends:
% curl -v --proxy "[::1]:8888" https://example.com/path/to/resource
* Trying [::1]:8888...
* Connected to (nil) (::1) port 8888 (#0)
* allocate connect buffer
* Establish HTTP proxy tunnel to example.com:443
> CONNECT example.com:443 HTTP/1.1
> Host: example.com:443
> User-Agent: curl/7.86.0
> Proxy-Connection: Keep-Alive
You can see here that it only send
CONNECT example.com:443 HTTP/1.1 but
/path/to/resource is not included.
there will be something that we can do to find the
/path/to/resource when we try
In the context of HTTPS you would need a man-in-the-middle proxy to get to the actual HTTP content. I.e. decode the TLS, read the HTTP, re-send to the https target server.
I don't think the NIO example is demonstrating on how to do this, it is just relaying the encrypted HTTPS stream.
Now your next question is probably how to do the man-in-the-middle. Not sure whether there is a FOSS example for that (but many apps like Proxyman or Charles do this). You'd need to inject an own root cert and maybe use SwiftNIO TLS to do the decoding. Quite a bit of work and non-trivial to get right.
do connect proxy example use in mitm?
and Where do we add mitm in connect proxy example or do i need to create new setup?
can you explain abit how can i add mitm in connect proxy to
decode the TLS, read the HTTP, re-send to the https target server.