AnyProxy抓包实践

本质是中间人攻击（man-in-the-middle attack）

文档：

https://github.com/alibaba/anyproxy/blob/master/docs/cn/src_doc.md

安装

npm install -g anyproxy

启动

anyproxy

编写处理规则

rule.js

module.exports = {
    // 模块介绍
    summary: 'my customized rule for AnyProxy',

    // 发送请求前拦截处理
    *beforeSendRequest(requestDetail) { /* ... */ },

    // 发送响应前处理
    *beforeSendResponse(requestDetail, responseDetail) { /* ... */ },

    // 是否处理https请求
    *beforeDealHttpsRequest(requestDetail) { /* ... */ },

    // 请求出错的事件
    *onError(requestDetail, error) { /* ... */ },

    // https连接服务器出错
    *onConnectError(requestDetail, error) { /* ... */ }
};

demo

// file: sample.js

module.exports = {
  summary: 'a rule to hack response',

  *beforeSendResponse(requestDetail, responseDetail) {
    if (requestDetail.url === 'http://httpbin.org/user-agent') {
      const newResponse = responseDetail.response;
      newResponse.body += '- AnyProxy Hacked!';

      return { response: newResponse };

    }
  },
};

使用rule规则

anyproxy --rule ./sample.js

测试

curl https://github.com --proxy http://127.0.0.1:8001