How Can I Print HTTPS URL Params and Body

podejo · December 21, 2022, 9:52am

I am using SwiftNIO with the Connect Proxy based on the official example (swift-nio-examples/connect-proxy at main · apple/swift-nio-examples · GitHub ).
I was able to create proxy server and its working. but I'm not able to print the https url params and its body.
I don't know how i will be able to print that out.

I have tried to look into the source code but I don't have a lot of experience with these frameworks and wasn't exactly sure where to look.

Thanks very much!

lukasa · December 22, 2022, 2:50pm

The parameters are available here: swift-nio-examples/ConnectHandler.swift at main · apple/swift-nio-examples · GitHub

podejo · December 23, 2022, 9:25am

i have tried the above but unable to log url params. and my ConnectHandler is the same as mentioned in example.
For example
if i search https://jsonplaceholder.typicode.com/todos/1
then mentioned code print jsonplaceholder.typicode.com:443 not the full url.

dnadoba · December 23, 2022, 11:44am

That is expected. The URI for CONNECT requests only includes the host and port of the target but nothing else.
If you run curl with a proxy configured and in verbose mode you can see the headers that it sends:

 % curl -v --proxy "[::1]:8888" https://example.com/path/to/resource
*   Trying [::1]:8888...
* Connected to (nil) (::1) port 8888 (#0)
* allocate connect buffer
* Establish HTTP proxy tunnel to example.com:443
> CONNECT example.com:443 HTTP/1.1
> Host: example.com:443
> User-Agent: curl/7.86.0
> Proxy-Connection: Keep-Alive

You can see here that it only send CONNECT example.com:443 HTTP/1.1 but /path/to/resource is not included.

podejo · December 23, 2022, 12:33pm

there will be something that we can do to find the /path/to/resource when we try https://example.com/path/to/resource

Helge_Hess1 · December 23, 2022, 12:39pm

In the context of HTTPS you would need a man-in-the-middle proxy to get to the actual HTTP content. I.e. decode the TLS, read the HTTP, re-send to the https target server.
I don't think the NIO example is demonstrating on how to do this, it is just relaying the encrypted HTTPS stream.

Now your next question is probably how to do the man-in-the-middle. Not sure whether there is a FOSS example for that (but many apps like Proxyman or Charles do this). You'd need to inject an own root cert and maybe use SwiftNIO TLS to do the decoding. Quite a bit of work and non-trivial to get right.

podejo · December 23, 2022, 1:36pm

do connect proxy example use in mitm?
and Where do we add mitm in connect proxy example or do i need to create new setup?
can you explain abit how can i add mitm in connect proxy to

decode the TLS, read the HTTP, re-send to the https target server.