Hudsucker is a MITM HTTP/S proxy written in Rust.

Overview

hudsucker

crates.io docs.rs Build

Hudsucker is a MITM HTTP/S proxy written in Rust.

Features

  • Modify HTTP/S requests
  • Modify HTTP/S responses
  • Modify websocket messages

Usage

For usage, refer to the provided examples.

Comments
  • CertificateUnknown error occured when running the log.rs

    CertificateUnknown error occured when running the log.rs

    Hi man, thank you for your project first.

    But I'm stucked when running the log.rs in your examples directory.

    I just copy src/example/log.rs to src/main.rs and src/example/ca to src/ca and add env_logger = "0.9" to [denpendencies] and then cargo run.

    After install the hudsucker.pem to my computer ( Trusted Root Certification Authorities ) and setting my web proxy to 127.0.0.1:3000 , I got the error log:

    thread 'tokio-runtime-worker' panicked at 'Failed to establish TLS connection with client: Custom { kind: InvalidData, error: AlertReceived(CertificateUnknown) }', C:\Users\forti\IdeaProjects\hudsucker\src\proxy.rs:137:30 [2021-11-03T05:46:55Z ERROR rustls::session] TLS alert received: Message { typ: Alert, version: TLSv1_3, payload: Alert( AlertMessagePayload { level: Fatal, description: CertificateUnknown, }, ), }

    Waiting for your response, thank you.

    opened by WaylonTian 10
  • How to modify response body?

    How to modify response body?

    Could you please tell me how to modify the response?

    I tried to get the specific content of the body in the closure and convert it to a string, but now I can't await it in the closure.

    opened by zu1k 10
  • Is there way to parse basic auth?

    Is there way to parse basic auth?

    Hello, your crate is amazing! Love it! I am providing user pass for the proxy i.e http://user:[email protected]:3000/some/random/path Is it possible to parse URI of the proxy /some/random/path and basic auth user:pass ? Stuck here, need some help to figure this out...

    opened by 0xFar5eer 8
  • fix: randomise serial number for OpenSSL generated certificates

    fix: randomise serial number for OpenSSL generated certificates

    Firefox seems to block certificates if they use an already seen serial number.

    This generates a random serial number for each certificate generated by OpenSSL.

    opened by glossiness 6
  • [Feature Request] Add context for Proxy

    [Feature Request] Add context for Proxy

    Sometimes we need to determine the request and then modify the response.

    In this case, there is a need to have a context to synchronize some data that is obtained from the request and then use them when modifying response.

    I think we can add a context struct to struct Proxy, and pass its borrow to both requestHandler and responseHandler closures along with the req or res.

    opened by zu1k 5
  • Im totally planning on using this!

    Im totally planning on using this!

    Hey there @omjadas, thank you for this! I'm totally planning on using this in a project of mine and will report back. Perhaps this is just useless noise, but IDK I often like to know if stuff I'm making out of the goodness of my heart is being used...so now you know! Just a hobby project mind you, but still. Super cool that you built/are building something like this!

    opened by alexkolson 3
  • [feature request] Use anonymous function as handler parameter

    [feature request] Use anonymous function as handler parameter

    Thanks for your crate

    My use case is that when I usewith_http_handler/with_incoming_message_handler/with_outgoing_message_handler, I want to store the request & response. In the current case, it looks like the only way to store it is to create global mutables using something like lazy_static. Switching to anonymous functions we can easily create Arc<Mutex<>> in any context to store the data. what do you think about this?

    opened by axxop 2
  • chore(deps): update hyper-tungstenite requirement from 0.5.0 to 0.6.0

    chore(deps): update hyper-tungstenite requirement from 0.5.0 to 0.6.0

    ⚠️ Dependabot is rebasing this PR ⚠️

    Rebasing might not happen immediately, so don't worry if this takes some time.

    Note: if you make any changes to this PR yourself, they will take precedence over the rebase.


    Updates the requirements on hyper-tungstenite to permit the latest version.

    Changelog

    Sourced from hyper-tungstenite's changelog.

    v0.6.0 - 2022-02-20

    • Update to tungstenite 0.17.

    v0.5.0 - 2021-11-19

    • Update to tungstenite 0.16.

    v0.4.2 - 2021-11-19

    • Fix link in documentation for re-exported tungstenite crate.

    v0.4.1 - 2021-10-17

    • Update the example to a full server application.

    v0.4.0 - 2021-08-28

    • Upgrade to tokio-tungstenite 0.15.

    v0.3.3 - 2021-06-11

    • Remove sha-1 and base64 dependency by using upstream derive_accept_key.

    v0.3.2 - 2021-04-11

    • Derive Debug for HyperWebsocket to facilitate debugging.

    v0.3.1 - 2021-04-03

    • Replace unsafe code with pin-project and tokio::pin!().

    v0.3.0 - 2021-03-02

    • Publicly re-export the hyper crate.
    • Upgrade to tokio-tungstenite 0.14 and tungstenite 0.13.

    v0.2.1 - 2021-02-12

    • Inspect all Connection and Upgrade headers in is_upgrade_request().
    • Inspect all comma separated values in Connection headers in is_upgrade_request() (this was already done for Upgrade headers).

    v0.2.0 - 2021-02-06

    • Rename upgrade_requested to is_upgrade_request.

    v0.1.1 - 2021-02-06

    • Fix category slug in Cargo manifest.

    v0.1.0 - 2021-02-06

    • Initial release.
    Commits

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies 
    opened by dependabot[bot] 2
  • [Feature] Use type Option for handler

    [Feature] Use type Option for handler

    In the current version, we need to pass three handlers to use hudsucker, including http_handler, incoming_message_handler and outgoing_message_handler.

    I think many times the user may not need to handle everything and can use Option type, the user only needs to use Some to specify what needs to be handled and just pass None for things that are not of concern.

    This would require the hudsucker to determine if the request or response is need to be handled by the user function, but I believe it would be more user friendly and flexible for crate users. And in this way, the example does not need an additional NoopHandler.

    opened by zu1k 2
  • [Feature] Selective MITM

    [Feature] Selective MITM

    When using the proxy provided by hudsucker, all https requests will use the certificate issued by hudsucker. However, usually most of our requests may not need to be processed through hudsucker, so I suggest adding some option for selective MITM.

    My idea is that the user of your crate could pre-provide a list of hosts and only mitm requests corresponding to the hosts in that list.

    Or a more flexible way, let the user provide some kind of judgment method closure, and pass in the req to determine if it should be forwarded directly or need to mitm.

    I believe that selective mitm will improve the overall performance when using hudsucker's proxy.

    opened by zu1k 2
  • chore(deps): update x509-parser requirement from 0.13.1 to 0.14.0

    chore(deps): update x509-parser requirement from 0.13.1 to 0.14.0

    Updates the requirements on x509-parser to permit the latest version.

    Changelog

    Sourced from x509-parser's changelog.

    0.14.0

    Added/Changed

    • Add support for parsing signature parameters and value (closes #94)

    • Change ASN1Time::to_rfc2822() to return a Result

    • ASN1Time: modify from_timestamp to return a Result

    • ASN1Time: implement Display

    • Upgrade versions of asn1-rs, oid-registry and der-parser

    • AlgorithmIdentifier: add const methods to create object/access fields

    • Globally: start using asn1-rs types, simplify parsers:

      • AlgorithmIdentifier: automatically derive struct, use type ANY
      • Merge old FromDer trait into asn1_rs::FromDer (using X509Error)
      • Replace BitStringObject with BitString
      • AttributeTypeAndValue: use Any instead of DerObject
      • Extensions: replace UnparsedObject with Any
      • X509Error: add methods to simplify conversions
      • CRI Attributes: rewrite and simplify parsers
      • Simplify parsers for multiple types and extensions

    Fixed

    • Fix ECDSA signature verification when CA and certificate use different curves

    Thanks

    0.13.2

    Fixed

    • Fix panic in ASN1Time::to_rfc2822() when year is less than 1900

    0.13.1

    Fixed

    • Fix regression with certificate verification for ECDSA signatures using the P-256 curve and SHA-384 (#118)
    • Set minimum version of time to 0.3.7 (#119)
    • Allow empty SEQUENCE when OPTIONAL, for ex in CRL extensions (#120)

    Thanks

    0.13.0

    Added/Changed/Fixed

    Crate:

    ... (truncated)

    Commits

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies rust 
    opened by dependabot[bot] 1
  • [Bug] Lack of appropriate CN in site's certificates signed with RCgen CA

    [Bug] Lack of appropriate CN in site's certificates signed with RCgen CA

    Hello! The issue is pretty simple. If certificate for a site created with OpensslAuthority, this authority sets CN to DNS name of site: https://github.com/omjadas/hudsucker/blob/main/src/certificate_authority/openssl_authority.rs#L74

    But RcgenAuthority does not do that, it places DNS name only in Alt Names: https://github.com/omjadas/hudsucker/blob/main/src/certificate_authority/rcgen_authority.rs#L85

    This issue leads to browsers reject certificates signed with RcgenAuthority, because there is no appropriate CN.

    I would like to request a fix for this, please. Probably, I could do a pull-request, but I have not enough free time :(

    opened by sinKettu 0
  • v0.18.0 not found on crates.io

    v0.18.0 not found on crates.io

    hi, i'm sorry but i'm very noob with rust so i think that this is a stupid question

    i'm trying to use hudsucker; i put hudsucker = "0.18.0" on my Cargo.toml, but running cargo build i get

    Updating crates.io index
    error: failed to select a version for the requirement `hudsucker = "^0.18.0"`
    candidate versions found which didn't match: 0.16.1, 0.16.0, 0.15.0, ...
    location searched: crates.io index
    

    it works using 0.16.1

    what am i doing wrong?

    thanks in advance

    opened by KrullBorg 6
Releases(v0.18.0)
A TCP proxy using HTTP - Reach SSH behind a Nginx reverse proxy

?? TCP over HTTP ?? The Questions ?? What does it do? You can proxy TCP traffic over HTTP. A basic setup would be: [Your TCP target] <--TCP-- [Exit No

Julian 182 Nov 2, 2022
Proxy sentry request to a sentry server using a tunnel/proxy endpoint

Sentry Tunnel This is a proxy that forwards tunneled sentry requests to the real sentry server. The implementation is based on the explanation provide

Paul FLORENCE 11 Oct 15, 2022
UDP proxy with Proxy Protocol and mmproxy support

udppp UDP proxy with Proxy Protocol and mmproxy support. Features Async Support Proxy Protocol V2 SOCKET preserve client IP addresses in L7 proxies(mm

b23r0 9 Nov 22, 2022
Web3-proxy: a fast caching and load balancing proxy for web3 (Ethereum or similar) JsonRPC servers.

web3-proxy Web3-proxy is a fast caching and load balancing proxy for web3 (Ethereum or similar) JsonRPC servers. Signed transactions (eth_sendRawTrans

null 49 Nov 14, 2022
A proxy implement with http / socks5 in-bound and vmess out-bound, written in Rust and tokio.rs

tokio-vmess an Asynchronous proxy implement with http / socks5 in-bound and vmess out-bound, written in Rust and tokio Run example first, Fill out the

irumeria 7 Oct 3, 2022
♻ A simple and efficient Gemini-to-HTTP proxy written in Rust.

September A simple and efficient Gemini-to-HTTP proxy written in Rust. Usage Docker $ docker run -d [ -e ROOT="gemini://fuwn.me" ] [ -e PORT="8080"] [

GemRest 10 Jul 2, 2022
Reverse proxy for HTTP microservices and STDIO. Openfass watchdog which can run webassembly with wasmer-gpu written in rust.

The of-watchdog implements an HTTP server listening on port 8080, and acts as a reverse proxy for running functions and microservices. It can be used independently, or as the entrypoint for a container with OpenFaaS.

yanghaku 7 Sep 15, 2022
A remote shell, TCP tunnel and HTTP proxy for Replit.

Autobahn A remote shell, TCP tunnel and HTTP proxy for Replit. Hybrid SSH/HTTP server for Replit. Based on leon332157/replish. Autobahn runs a WebSock

Patrick Winters 12 Sep 24, 2022
A fast and stable reverse proxy for NAT traversal, written in Rust

rathole A fast and stable reverse proxy for NAT traversal, written in Rust rathole, like frp, can help to expose the service on the device behind the

Yujia Qiao 4.4k Nov 30, 2022
RCProxy - a lightweight, fast but powerful Redis Cluster Proxy written in Rust

RCProxy - a lightweight, fast but powerful Redis Cluster Proxy written in Rust

Cris Liao 14 Nov 19, 2022
server security proxy write by Rust

server-security-proxy server security proxy write by Rust how to use config toml file

baoyachi. Aka Rust Hairy crabs 3 May 24, 2021
Simple and fast layer 4 proxy in Rust

Fourth 这一波在第四层。 English Fourth是一个Rust实现的Layer 4代理,用于监听指定端口TCP流量,并根据规则转发到指定目标。 功能 监听指定端口代理到本地或远端指定端口 监听指定端口,通过TLS ClientHello消息中的SNI进行分流 安装方法 为了确保获得您架构

Rui Li 17 Nov 8, 2022
A high performence Socks5 proxy server with bind/reverse support implementation by Rust.

rsocx A high performence Socks5 proxy server with bind/reverse support implementation by Rust Features Async-std No unsafe code Single executable Linu

b23r0 248 Nov 11, 2022
A lightweight Rust reverse proxy.

Brachyura A reverse proxy, which I am primarily using as a Rust / Hyper learning project. I utilize Nginx as part of my home lab providing reverse pro

William Howard 7 Nov 8, 2022
A minimal ngrok liked reverse proxy implemented in Rust.

rok A minimal ngrok implementation in Rust, for educational purpose. This work is largely based on rathole, especially the very first commit. Other ho

Kai 3 Jun 21, 2022
Easy per application transparent proxy built on cgroup.

cproxy can redirect TCP and UDP traffic made by a program to a proxy, without requiring the program supporting a proxy. Compared to many existi

Xiangru Lian 256 Nov 15, 2022
A tcp over http2 + tls proxy

mtunnel A tcp over http2 + tls proxy. Usage 1. get certificates, by following steps. 2. make your config client config: { "local_addr": "127.0.0.1

cssivision 9 Sep 5, 2022
A versatile and efficient proxy framework with nice features suitable for various use cases.

A versatile and efficient proxy framework with nice features suitable for various use cases.

null 1.6k Dec 1, 2022
Drop-in proxy for Discord gateway connections and sessions allowing for zero downtime deploys

gateway-proxy This is a very hacky project, so it might stop working if Discord changes their API core. This is unlikely, but keep that in mind while

Jens Reidel 38 Nov 10, 2022