Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit26cad6d

Browse files
authored
Merge pull request#29 from cuisoap/master
add ssl bypass when is't impossible to accomplish MITM (such as ca pinning)
2 parents875b925 +9e3cd9a commit26cad6d

File tree

3 files changed

+47
-6
lines changed

3 files changed

+47
-6
lines changed

‎netbare-core/src/main/java/com/github/megatronking/netbare/http/HttpSniffInterceptor.java‎

Lines changed: 10 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -19,6 +19,7 @@
1919

2020
importcom.github.megatronking.netbare.NetBareLog;
2121
importcom.github.megatronking.netbare.ssl.SSLCodec;
22+
importcom.github.megatronking.netbare.ssl.SSLWhiteList;
2223

2324
importjava.io.IOException;
2425
importjava.nio.ByteBuffer;
@@ -36,6 +37,7 @@
3637
privatestaticfinalintTYPE_HTTP =1;
3738
privatestaticfinalintTYPE_HTTPS =2;
3839
privatestaticfinalintTYPE_INVALID =3;
40+
privatestaticfinalintTYPE_WHITELIST =4;
3941

4042
privatefinalHttpSessionmSession;
4143

@@ -49,12 +51,17 @@
4951
protectedvoidintercept(@NonNullHttpRequestChainchain,@NonNullByteBufferbuffer,
5052
intindex)throwsIOException {
5153
if (index ==0) {
52-
mType =chain.request().host() ==null ?TYPE_INVALID :verifyHttpType(buffer);
54+
if (SSLWhiteList.contains(chain.request().ip())) {
55+
mType =TYPE_WHITELIST;
56+
NetBareLog.i("detect whitelist ip " +chain.request().ip());
57+
}else {
58+
mType =chain.request().host() ==null ?TYPE_INVALID :verifyHttpType(buffer);
59+
}
5360
}
5461
if (mType ==TYPE_HTTPS) {
5562
mSession.isHttps =true;
5663
}
57-
if (mType ==TYPE_INVALID) {
64+
if ((mType ==TYPE_INVALID) || (mType ==TYPE_WHITELIST)) {
5865
chain.processFinal(buffer);
5966
return;
6067
}
@@ -64,7 +71,7 @@ protected void intercept(@NonNull HttpRequestChain chain, @NonNull ByteBuffer bu
6471
@Override
6572
protectedvoidintercept(@NonNullHttpResponseChainchain,@NonNullByteBufferbuffer,
6673
intindex)throwsIOException {
67-
if (mType ==TYPE_INVALID) {
74+
if ((mType ==TYPE_INVALID) || (mType ==TYPE_WHITELIST)) {
6875
chain.processFinal(buffer);
6976
return;
7077
}

‎netbare-core/src/main/java/com/github/megatronking/netbare/proxy/TcpProxyServer.java‎

Lines changed: 17 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -22,6 +22,7 @@
2222
importcom.github.megatronking.netbare.gateway.VirtualGateway;
2323
importcom.github.megatronking.netbare.net.Session;
2424
importcom.github.megatronking.netbare.net.SessionProvider;
25+
importcom.github.megatronking.netbare.ssl.SSLWhiteList;
2526
importcom.github.megatronking.netbare.tunnel.ConnectionShutdownException;
2627
importcom.github.megatronking.netbare.tunnel.NioCallback;
2728
importcom.github.megatronking.netbare.tunnel.NioTunnel;
@@ -33,6 +34,7 @@
3334
importjava.io.EOFException;
3435
importjava.io.IOException;
3536
importjava.net.ConnectException;
37+
importjava.net.InetAddress;
3638
importjava.net.InetSocketAddress;
3739
importjava.net.Socket;
3840
importjava.nio.channels.SelectionKey;
@@ -142,8 +144,13 @@ protected void process() throws IOException {
142144
}
143145
}catch (IOExceptione) {
144146
NioTunneltunnel =callback.getTunnel();
147+
Stringip =null;
148+
InetAddressaddress = ((Socket)tunnel.socket()).getInetAddress();
149+
if (address !=null) {
150+
ip =address.getHostAddress();
151+
}
145152
if (!tunnel.isClosed()) {
146-
handleException(e);
153+
handleException(e,ip);
147154
}
148155
callback.onClosed();
149156
}
@@ -192,13 +199,17 @@ private void onAccept() throws IOException {
192199
}
193200
}
194201

195-
privatevoidhandleException(IOExceptione) {
202+
privatevoidhandleException(IOExceptione,Stringip) {
196203
if (e ==null ||e.getMessage() ==null) {
197204
return;
198205
}
199206
if (einstanceofSSLHandshakeException) {
200207
// Client doesn't accept the MITM CA certificate.
201208
NetBareLog.e(e.getMessage());
209+
if (ip !=null) {
210+
NetBareLog.i("add %s to whitelist",ip);
211+
SSLWhiteList.add(ip);
212+
}
202213
}elseif (einstanceofConnectionShutdownException) {
203214
// Connection exception, do not mind this.
204215
NetBareLog.e(e.getMessage());
@@ -210,7 +221,10 @@ private void handleException(IOException e) {
210221
NetBareLog.e(e.getMessage());
211222
}else {
212223
NetBareLog.wtf(e);
224+
if (ip !=null) {
225+
NetBareLog.i("add %s to whitelist",ip);
226+
SSLWhiteList.add(ip);
227+
}
213228
}
214229
}
215-
216230
}
Lines changed: 20 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,20 @@
1+
packagecom.github.megatronking.netbare.ssl;
2+
3+
importjava.util.HashSet;
4+
5+
/**
6+
* ip whitelist for ssl bypass
7+
* @author cuisoap
8+
* @since 2019/08/01 10:00
9+
*/
10+
publicclassSSLWhiteList {
11+
privatestaticHashSet<String>whitelist =newHashSet<>();
12+
13+
publicstaticvoidadd(Stringip) {
14+
whitelist.add(ip);
15+
}
16+
17+
publicstaticbooleancontains(Stringip) {
18+
returnwhitelist.contains(ip);
19+
}
20+
}

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp