UNPKG

catproxy

Version:

a node proxy or host change tools

github.com/jianxcao/catproxy

jianxcao/catproxy

340 lines (336 loc) 9.42 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
import url from 'url'; import Promise from 'promise'; import {Buffer} from 'buffer'; import log from './log'; import net from 'net'; import getServer from './serverManager'; import {STATUS, LIMIT_SIZE} from './config/defCfg'; import * as config from './config/config'; import http from 'http'; import https from 'https'; import changeHost from './changeHost'; import {getCert} from './cert/cert.js'; import responseService from './responseService'; let headerWsTest = /upgrade\s*:\s*websocket\s*\n/i; import {pipeRequest} from './evt'; let rep = /^\/|\/$/g; // 升级到 ws wss let upgradeToWebSocket = function(req, cltSocket, head) { var com = this; // 不是upgrade websocket请求 直接放弃 if (req.headers.upgrade.toLowerCase() !== 'websocket') { cltSocket.destroy(); return; } // 禁止超时 cltSocket.setTimeout(0); // 禁止纳格(Nagle)算法。默认情况下TCP连接使用纳格算法,这些连接在发送数据之前对数据进行缓冲处理。 将noDelay设成true会在每次socket.write()被调用时立刻发送数据。noDelay默认为true。 cltSocket.setNoDelay(true); // 启用长连接 cltSocket.setKeepAlive(true, 0); let isSecure = req.connection.encrypted || req.connection.pai; let url = req.url; let hostname = req.headers.host.split(':'); let port = hostname[1] ? hostname[1] : isSecure ? 443 : 80; hostname = hostname[0]; let options = { port, path: url, method: req.method, headers: req.headers }; if(isSecure) { let {privateKey: key, cert} = getCert(hostname); options.key = key; options.cert = cert; options.rejectUnauthorized = false; } let {port: p, httpsPort: hp} = config.get(); let isServerPort = +port === +p; if (isSecure) { isServerPort = +hp === +port; } changeHost(hostname, isServerPort).then(ip => { options.hostname = ip; var proxyReq = (isSecure ? https : http) .request(options, (proxyRes) => { if (!proxyRes.upgrade) { proxyRes.end && proxyRes.end(); } }); proxyReq.on('upgrade', (proxyRes, proxySocket, proxyHead) => { let result = {}; Object.defineProperties(result, { host: { value: req.headers.host, enumerable: true }, port : { value: port, enumerable: true }, headers: req.headers, protocol: { value: isSecure ? "wss" : "ws", enumerable: true } }); pipeRequest.call(com, result); proxySocket.on('error', (err)=> log.error(err)); proxySocket.on('end', function () { cltSocket.end(); }); proxySocket.setTimeout(0); proxySocket.setNoDelay(true); proxySocket.setKeepAlive(true, 0); cltSocket.on('error', (err) => { proxySocket.end(); log.error(err); }); if (proxyHead && proxyHead.length) { proxySocket.unshift(proxyHead); } let headers = Object.keys(proxyRes.headers) .reduce(function (head, key) { var value = proxyRes.headers[key]; if (!Array.isArray(value)) { head.push(key + ': ' + value); return head; } for (var i = 0; i < value.length; i++) { head.push(key + ': ' + value[i]); } return head; }, ['HTTP/1.1 101 Switching Protocols']) .join('\r\n') + '\r\n\r\n'; // 写入头文件 cltSocket.write(headers); proxySocket.pipe(cltSocket).pipe(proxySocket); }); proxyReq.on('error', (err) => { log.error(err); cltSocket.end(); }); req.pipe(proxyReq); }, (error) => { log.error(error); cltSocket.end(); }); }; // 请求到后的解析 export let requestHandler = function(req, res) { var com = this; let isSecure = req.connection.encrypted || req.connection.pai, headers = req.headers, method = req.method, host = headers.host, protocol = !!isSecure ? "https" : 'http', fullUrl = /^http.*/.test(req.url) ? req.url : (protocol + '://' + host + req.url), urlObject = url.parse(fullUrl), port = urlObject.port || (protocol === "http" ? '80' : '443'), pathStr = urlObject.path, pathname = urlObject.pathname, visitUrl = protocol + "://" + host + pathname; log.verbose("request url: " + fullUrl); // 请求信息 let reqInfo = { headers, host, method, protocol, port, path: pathStr }; Object.defineProperties(reqInfo, { req: { writable: false, value: req, enumerable: true }, originalFullUrl: { writable: false, value: fullUrl, enumerable: true }, originalUrl: { writable: false, value: visitUrl, enumerable: true }, startTime:{ writable: false, value: new Date().getTime(), enumerable: true } }); // 响应信息 let resInfo = {headers: {}}; Object.defineProperties(resInfo, { res: { writable: false, value: res, enumerable: true }, originalFullUrl: { writable: false, value: fullUrl, enumerable: true }, originalUrl: { writable: false, value: visitUrl, enumerable: true } }); // 调用相应模块 responseService.call(com, reqInfo, resInfo); let reqBodyData = []; let l = 0; let end = () => { req.emit('reqBodyDataReady', null, Buffer.concat(reqBodyData)); }; let data = (buffer)=> { l = l + buffer.length; reqBodyData.push(buffer); // 超过长度了 if (l > LIMIT_SIZE) { req.pause(); req.removeListener('data', data); req.removeListener('end', end); req.emit('reqBodyDataReady', { message: '请求数据头过大,无法显示', status: STATUS.LIMIT_ERROR }, Buffer.concat(reqBodyData)); } }; req .on('data', data) .on('end', end) .on('error', err => { log.error('error req', err); }); }; /** * connect转发请求处理 * @param req * @param cltSocket * @param head */ export let requestConnectHandler = function(req, cltSocket, head) { var com = this; return new Promise(function(resolve, reject) { if (!head || head.length === 0) { cltSocket.once('data', (chunk) => { resolve(chunk); }); } else { resolve(head); } cltSocket.write('HTTP/' + req.httpVersion +' 200 Connection Established\r\n' + 'Proxy-agent: Node-CatProxy\r\n' ); // if (req.headers['proxy-connection'] === 'keep-alive') { // cltSocket.write('Proxy-Connection: keep-alive\r\n'); // cltSocket.write('Connection: keep-alive\r\n'); // } cltSocket.write('\r\n'); }) .then(first => { cltSocket.pause(); // log.debug("first data", first[0]); let opt = config.get(); let reqUrl = `http://${req.url}`; let srvUrl = url.parse(reqUrl); let crackHttps; if (typeof opt.breakHttps === 'boolean') { crackHttps = opt.breakHttps; } else if (typeof opt.breakHttps === 'object' && opt.breakHttps.length) { crackHttps = opt.breakHttps.some((current) => new RegExp(current.replace(rep, "")).test(srvUrl.hostname)); } // 如果当前状态是 破解状态 并且有排除列表 if (crackHttps && typeof opt.excludeHttps === 'object' && opt.excludeHttps) { crackHttps = !opt.excludeHttps.some((current) => new RegExp(current.replace(rep, "")).test(srvUrl.hostname)); } // * - an incoming connection using SSLv3/TLSv1 records should start with 0x16 // * - an incoming connection using SSLv2 records should start with the record size // * and as the first record should not be very big we can expect 0x80 or 0x00 (the MSB is a flag) // 如果需要捕获https的请求 // 访问地址直接是ip,跳过不代理 if (crackHttps && (first[0] == 0x16 || first[0] == 0x80 || first[0] == 0x00)) { log.verbose(`crack https ${reqUrl}`); getServer(opt.sni === 1 ? "" : srvUrl.hostname) .then(({ port, server }) => { // 与服务器绑定 server.catProxy = com.catProxy; let srvSocket = net.connect(port, "localhost", () => { srvSocket.pipe(cltSocket).pipe(srvSocket); cltSocket.emit('data', first); cltSocket.resume(); }); srvSocket.on('error', (err) => { cltSocket.end(); log.error(`crack https-srv:${reqUrl}请求出现错误: ${err}${err.stack}`); }); cltSocket.on('error', err => { log.error(`crack https-clt:${reqUrl}请求出现错误: ${err}${err.stack}`); srvSocket.end(); }); }); } else { // 不认识的协议或者 不破解的https直接连接对应的服务器 log.verbose(`pipe request ${reqUrl}`); let result = {}; Object.defineProperties(result, { host: { value: srvUrl.host, enumerable: true }, headers: req.headers, port : { value: srvUrl.port, enumerable: true }, protocol: { value: headerWsTest.test(first.toString()) ? "ws" : "http", enumerable: true } }); pipeRequest.call(com, result); let srvSocket = net.connect(srvUrl.port, srvUrl.hostname, () => { srvSocket.pipe(cltSocket).pipe(srvSocket); cltSocket.emit('data', first); cltSocket.resume(); }); cltSocket.on('error', err => { log.error(`转发请求出现错误: ${err}`); srvSocket.end(); }); srvSocket.on('error', (err) => { cltSocket.end(); log.error(`转发请求出现错误: ${err}`); }); } }) .then(null, err => log.error(err)); }; /** * upgrade ws转发请求处理 * @param req * @param socket */ export let requestUpgradeHandler = function(req, cltSocket, head) { // 不是get 取不到 upgrade就放弃 if (req.method === 'GET' && req.headers.upgrade) { upgradeToWebSocket.call(this, req, cltSocket, head); } else { cltSocket.destroy(); } }; export default { requestHandler, requestConnectHandler, requestUpgradeHandler };