Wscats
diff --git a/‎WechatAutoReply/.DS_Store‎
0 Bytes b/‎WechatAutoReply/.DS_Store‎
0 Bytes
diff --git a/‎WechatAutoReply/1000phone/.DS_Store‎
6 KB b/‎WechatAutoReply/1000phone/.DS_Store‎
6 KB
diff --git a/‎WechatAutoReply/1000phone/static/.DS_Store‎
6 KB b/‎WechatAutoReply/1000phone/static/.DS_Store‎
6 KB
diff --git a/‎middlewareAgent/CA/cert/my.crt‎
Lines changed: 13 additions & 13 deletions b/‎middlewareAgent/CA/cert/my.crt‎
Lines changed: 13 additions & 13 deletions
diff --git a/‎middlewareAgent/CA/cert/my.key.pem‎
Lines changed: 13 additions & 13 deletions b/‎middlewareAgent/CA/cert/my.key.pem‎
Lines changed: 13 additions & 13 deletions
diff --git a/‎middlewareAgent/browserAgent/.DS_Store‎
0 Bytes b/‎middlewareAgent/browserAgent/.DS_Store‎
0 Bytes
diff --git a/‎middlewareAgent/browserAgent/README.md‎
Lines changed: 62 additions & 11 deletions b/‎middlewareAgent/browserAgent/README.md‎
Lines changed: 62 additions & 11 deletions
diff --git a/‎middlewareAgent/browserAgent/assets/mac-proxy4.png‎
666 KB b/‎middlewareAgent/browserAgent/assets/mac-proxy4.png‎
666 KB
diff --git a/‎middlewareAgent/browserAgent/https/createFakeHttpsWebSite.js‎
Lines changed: 63 additions & 62 deletions b/‎middlewareAgent/browserAgent/https/createFakeHttpsWebSite.js‎
Lines changed: 63 additions & 62 deletions
diff --git a/‎middlewareAgent/browserAgent/https/https.js‎
Lines changed: 6 additions & 2 deletions b/‎middlewareAgent/browserAgent/https/https.js‎
Lines changed: 6 additions & 2 deletions
@@ -1,21 +1,21 @@
 -----BEGIN CERTIFICATE-----
-MIIDeDCCAuGgAwIBAgIHAVUpYkKJczANBgkqhkiG9w0BAQsFADCBvzEiMCAGA1UE
+MIIDeDCCAuGgAwIBAgIHAVUwYjdQQjANBgkqhkiG9w0BAQsFADCBvzEiMCAGA1UE
 AxMZaHR0cHMtbWl0bS1wcm94eS1oYW5kYm9vazELMAkGA1UEBhMCQ04xEjAQBgNV
 BAgTCUd1YW5nRG9uZzERMA8GA1UEBxMIU2hlblpoZW4xIjAgBgNVBAoTGWh0dHBz
 LW1pdG0tcHJveHktaGFuZGJvb2sxQTA/BgNVBAsTOGh0dHBzOi8vZ2l0aHViLmNv
-bS93dWNoYW5nbWluZy9odHRwcy1taXRtLXByb3h5LWhhbmRib29rMB4XDTE4MDMx
-OTAyMjcwOFoXDTIwMDMxOTAyMjcwOFowgbExEzARBgNVBAMTCmdpdGh1Yi5jb20x
+bS93dWNoYW5nbWluZy9odHRwcy1taXRtLXByb3h5LWhhbmRib29rMB4XDTE4MDMy
+MDA2MTI1NVoXDTIwMDMyMDA2MTI1NVowgbExEzARBgNVBAMTCmdpdGh1Yi5jb20x
 CzAJBgNVBAYTAkNOMRIwEAYDVQQIEwlHdWFuZ0RvbmcxEjAQBgNVBAcTCVNoZW5n
 WmhlbjEiMCAGA1UEChMZaHR0cHMtbWl0bS1wcm94eS1oYW5kYm9vazFBMD8GA1UE
 CxM4aHR0cHM6Ly9naXRodWIuY29tL3d1Y2hhbmdtaW5nL2h0dHBzLW1pdG0tcHJv
-eHktaGFuZGJvb2swgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANTLY5/uSFFD
-e94ZS7B685ba27mlfkRvAZgb0/POIcwxnyrNCIfz6PNRaGSwxxKSXhPhvoqH+KPv
-I5BmQJ0B7tpmjwfImq9cEZScoVUE0XI4K+6/HRVSiQpQwMdbnFAxzqqiy6vgnVyD
-CkV3sVviIZNSQSYsguttPL/gPELQk/XzAgMBAAGjgYkwgYYwDAYDVR0TAQH/BAIw
-ADAPBgNVHQ8BAf8EBQMDB7+AMB0GA1UdDgQWBBREDVp+5xCK4bbhlg9WZLjXSkJj
-hTA7BgNVHSUENDAyBggrBgEFBQcDAQYIKwYBBQUHAwIGCCsGAQUFBwMDBggrBgEF
-BQcDBAYIKwYBBQUHAwgwCQYDVR0jBAIwADANBgkqhkiG9w0BAQsFAAOBgQBgfAbs
-2X8YCBHKoP/xmWQw1ONNrJrRJciO0CZx94WC76dSmtNPvMZbishwCsUt66vPrBzG
-KDGZIg78hNQxAWWr0JnLzwytX9H41ZgF0Pj7iai+2WNl3MiDNQzRcAKRZs4f57Kn
-gZlGaWfm6oDTPnkwserV4zZiov3beje86jUu6g==
+eHktaGFuZGJvb2swgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALVQELtIusEk
+yQkLu8/UOxMh3AKidY3OubcZCslLtkS7PATii8oo6uUCU9rr1y2QFE394egT/4Xe
+mpPvJ4CNQXjIzkAU2VDnf+9HZJh/gka+NUUSbQGldfzzl212I54Qotay772uYIK/
+ELUxXu7iF05Qmbec9Dyt9ls/8qX2A9a5AgMBAAGjgYkwgYYwDAYDVR0TAQH/BAIw
+ADAPBgNVHQ8BAf8EBQMDB7+AMB0GA1UdDgQWBBTctQulm34JhovW0A/x4ohnxTDs
+njA7BgNVHSUENDAyBggrBgEFBQcDAQYIKwYBBQUHAwIGCCsGAQUFBwMDBggrBgEF
+BQcDBAYIKwYBBQUHAwgwCQYDVR0jBAIwADANBgkqhkiG9w0BAQsFAAOBgQAxR80b
+Hu2Otmw6X/H27SUPFjv5BMxbMxI91XAz6eHVNZNq0Y1Bas581+/HbsApzZ2VaJmV
+vrNbcrY111Ofk67eN5idRxJtQc695g8h+Pp5zGKK9J3DYS0DhUuajlORs9FWFQAG
+1aK6+U+dYoT48KhxOp97JXGp2cgON5qftyrOeA==
 -----END CERTIFICATE-----
@@ -1,15 +1,15 @@
 -----BEGIN RSA PRIVATE KEY-----
-MIICXgIBAAKBgQDUy2Of7khRQ3veGUuwevOW2tu5pX5EbwGYG9PzziHMMZ8qzQiH
-8+jzUWhksMcSkl4T4b6Kh/ij7yOQZkCdAe7aZo8HyJqvXBGUnKFVBNFyOCvuvx0V
-UokKUMDHW5xQMc6qosur4J1cgwpFd7Fb4iGTUkEmLILrbTy/4DxC0JP18wIDAQAB
-AoGBAKm6+WHtvD0laL3Ey3ye9YDUXQJ9IHQRXuInAC6tsoOe6OhI1o8qXBsISg5W
-etMzcFrHayYwQoDwFBvvk4YoroyNG/RtJK9H6J8FMN1o1xl4ZpvizXrbIRGiCrbO
-6gwsqDtmE069ZeDugzs99RH5J4XjSQk02Jl9X7I9uzQg0XThAkEA9ExUkTTerXci
-Vl+LGFCHmIPBVRAHxd6f9/iNdnEgpnN11UD6uJFyIxt9evaiYEQi+j4HcCPLJ05V
-riaWNf4vGQJBAN78v+yhabMFaHYTE11iGfGMeh5Dj61DJdacZrUBNfTSalafbE6f
-zT5swAI2eqKPyFgEeCQYxSybSli6E4tdyusCQQCkSNB19b/plzwYKZg4ea81+SSC
-N42CmvuonhVDmUADr5GGH3R7uhOvWEVB86muYyPCdQQ7fVaY0Cz+OCS7mnvBAkBE
-p6kn4CK9HcMl54Wk0NmQB2JqAv8vp2b1Br6QqEjGkipvdTJRmt4EhFMx2zgy6PYU
-M3wSERZUP5PKcbAmzr/1AkEA1YyAOUkSEqB64ccqeCwnndVFZtvZqNfAf+StqQU7
-borHEmqwnQEH749z9Hh0+ioo1y69KWgIOWuIuJ2l+VKesw==
+MIICXAIBAAKBgQC1UBC7SLrBJMkJC7vP1DsTIdwConWNzrm3GQrJS7ZEuzwE4ovK
+KOrlAlPa69ctkBRN/eHoE/+F3pqT7yeAjUF4yM5AFNlQ53/vR2SYf4JGvjVFEm0B
+pXX885dtdiOeEKLWsu+9rmCCvxC1MV7u4hdOUJm3nPQ8rfZbP/Kl9gPWuQIDAQAB
+AoGAJuA39jAt+uPMRyhA6Nr0n7GO3vG+it1cbKnt6iNVvX7364Q3vOzxEJFjMXmH
+9bkC4YYiPgSrsSR9uGJ68dFXzBWxosTVZ/TUX2ECbsh2ldwArRt34iWGcxrRlijP
+TH6Lt20kPLqljSmCo8IXOpQtUH8v7WSCHK70KqOuPJo4oEECQQDer7Za7fe5t4U2
++XJlqOOqYOVgdkTVzYW0HuTYZ7AbiOFuebqn/pjqj+7hRE1EPFKhpTx/6Vv9rthQ
+n1QzAW1FAkEA0G/a3GJ64MA/s0FASD5rHn7f3+2ZXp9YZl86rBA4COs2CQDfQ9hV
+jWIlLd9fwEDF96x4/gIJ14q+VBd8dN445QJAWiHIr1kuMW9EbhHc6aTIMUfyz25P
+QjJjcZoniie9sgdfJzYCBMkZ36bOS0M3+uxnjaGxsRwk7bL9PvSeQd7L+QJASUPH
+7kc/Ydixi1SYP8yQ4ns+PfvKORRRgkpe2TQqPhhPOgLwd2yHRdcFsoYdpfoem9wn
++0DELNs741sOCBZEcQJBAIjKXEWSSxScF7P3hVV43tmt/X38STD/ai7seVOTa2ri
+4aF9ofT/A7Vcn9z6ZMOd0Dlczi43DBGEoQYyKaOvdGE=
 -----END RSA PRIVATE KEY-----
@@ -63,6 +63,7 @@ httpMitmProxy.on('request', (req, res) => {
     })
 })
 ```
+具体源代码请看[这里](https://github.com/Wscats/node-tutorial/blob/master/middlewareAgent/browserAgent/http/http.js)
 
 # HTTPS代理实现
 
@@ -147,20 +148,25 @@ httpTunnel.on('connect', (req, cltSocket, head) => {
   });
 });
 ```
-不获取明文的代理，这种方式就是利用`http`得到请求信息然后借助`net`模块模拟客户端的`TCP`请求
+具体源代码请看[这里](https://github.com/Wscats/node-tutorial/blob/master/middlewareAgent/browserAgent/https/https.js)
+
+
+不获取明文的代理，这种方式就是利用`http`得到请求信息然后借助`net`模块模拟客户端的`TCP`请求，这个实现方式跟Node官方文档的[connect事件例子](http://nodejs.cn/api/http.html#http_event_connect)非常相似
 ```js
-// node.js 中基于express 实现简单http代理服务
 const url = require('url');
 const http = require('http');
 const net = require('net');
-const config = {
-    port: 6789
-};
 const {
     port
-} = config;
-
-const server = http.createServer();
+} = config = {
+    port: 6789
+};
+const server = http.createServer((req, res) => {
+    // 代理HTTP
+    const ip = res.socket.remoteAddress;
+    const port = res.socket.remotePort;
+    res.end(`您的 IP 地址是 ${ip}，您的源端口是 ${port}`);
+});
 
 // HTTP 隧道 代理HTTPS 流量 但由于加密 不能处理
 server.on('connect', (req, socket) => {
@@ -185,11 +191,9 @@ server.on('connect', (req, socket) => {
     socket.pipe(clientSocket);
 
 });
-
 // 开启server 监听指定端口
 server.listen(port, () => {
-    // 打印当前ip 地址和port
-    console.log(`address: ${server.address()}:${server.port}`);
+    console.log('server start');
 });
 server.on('error', (e) => {
     if (e.code == 'EADDRINUSE') {
@@ -202,6 +206,53 @@ server.on('error', (e) => {
     }
 });
 ```
+具体源代码请看[这里](https://github.com/Wscats/node-tutorial/blob/master/middlewareAgent/browserAgent/https/https4.js)
+
+# 生成CA证书
+
+## 根证书
+
+具体代码请看：[生成根证书](https://github.com/Wscats/node-tutorial/blob/master/middlewareAgent/CA/createRootCA.js)
+
+执行完`npm run createRootCA`后，CA根证书的公私钥会生成到项目根路径的rootCA文件夹下
+
+|||
+|-|-|
+|公钥文件|rootCA/rootCA.crt|
+|私钥文件|rootCA/rootCA.key.pem|
+
+## 安装CA根证书
+
+⚠️注意：
+
+- 1.必须要按照上面步骤先生成CA证书相关文件
+- 2.每一次生成的证书和密钥都是独一无二的。
+
+在MAC系统下找到**钥匙串访问**，然后双击打开证书文件`rootCA/rootCA.crt`完成安装，并且有可能需要在**信任-使用此证书时**里面设置**始终信任**。
+
+<img src="./assets/mac-proxy4.png">
+
+或者在项目根路径下执行下面命令，然后输入用户密码或者指纹后即可安装成功。
+
+```bash
+sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain rootCA/rootCA.crt
+```
+
+## 子证书
+
+执行完`npm run createCertByRootCA`后，CA子证书的公私钥会生成到项目根路径的cert文件夹下
+
+|||
+|-|-|
+|公钥文件|cert/my.crt|
+|私钥文件|cert/my.key.pem|
+
+另外和CA根证书最大的不同是，该子证书是用CA根证书的私钥签名，而CA根证书是用自己的私钥自签名。这也从代码的角度认识到了证书链的原理
+```js
+// 用CA根证书私钥签名
+cert.sign(caKey, forge.md.sha256.create());
+```
+配合HTTP隧道和证书实现HTTPS代理，具体源代码请看[https.js](https://github.com/Wscats/node-tutorial/blob/master/middlewareAgent/browserAgent/https/https.js)和[createFakeHttpsWebSite.js](https://github.com/Wscats/node-tutorial/blob/master/middlewareAgent/browserAgent/https/createFakeHttpsWebSite.js)
 
 # 设置代理
 
 
@@ -7,8 +7,6 @@ const http = require('http');
 const https = require('https');
 const fs = require('fs');
 
-
-
 const caCertPath = path.join(__dirname, '../../CA/rootCA/rootCA.crt');
 const caKeyPath = path.join(__dirname, '../../CA/rootCA/rootCA.key.pem');
 
@@ -36,12 +34,14 @@ const caKey = forge.pki.privateKeyFromPem(caKeyPem);
  * @return {[type]}            [description]
  */
 function createFakeHttpsWebSite(domain, successFun) {
-    const fakeCertObj = createFakeCertificateByDomain(caKey, caCert, domain)
+    // 针对域名生成公钥和私钥
+    const fakeCertObj = createFakeCertificateByDomain(caKey, caCert, domain);
+    // 构建一个https服务器
     var fakeServer = new https.Server({
-        key: fakeCertObj.key,
-        cert: fakeCertObj.cert,
+        key: pki.privateKeyToPem(fakeCertObj.key),
+        cert: pki.certificateToPem(fakeCertObj.cert),
         SNICallback: (hostname, done) => {
-            let certObj = createFakeCertificateByDomain(caKey, caCert, hostname)
+            let certObj = createFakeCertificateByDomain(caKey, caCert, hostname);
             done(null, tls.createSecureContext({
                 key: pki.privateKeyToPem(certObj.key),
                 cert: pki.certificateToPem(certObj.cert)
@@ -54,25 +54,25 @@ function createFakeHttpsWebSite(domain, successFun) {
         successFun(address.port);
     });
     fakeServer.on('request', (req, res) => {
-
         // 解析客户端请求
         var urlObject = url.parse(req.url);
-        let options =  {
+        let options = {
             protocol: 'https:',
             hostname: req.headers.host.split(':')[0],
             method: req.method,
             port: req.headers.host.split(':')[1] || 80,
             path: urlObject.path,
             headers: req.headers
         };
-        res.writeHead(200, { 'Content-Type': 'text/html;charset=utf-8'});
-        res.write(`<html><body>我是伪造的: ${options.protocol}//${options.hostname} 站点</body></html>`)
+        res.writeHead(200, {
+            'Content-Type': 'text/html;charset=utf-8'
+        });
+        res.write(`<html><body>我是伪造的: ${options.protocol}//${options.hostname} 站点</body></html>`);
         res.end();
     });
     fakeServer.on('error', (e) => {
         console.error(e);
     });
-
 }
 
 /**
@@ -87,73 +87,74 @@ function createFakeCertificateByDomain(caKey, caCert, domain) {
     var cert = pki.createCertificate();
     cert.publicKey = keys.publicKey;
 
-    cert.serialNumber = (new Date()).getTime()+'';
+    cert.serialNumber = (new Date()).getTime() + '';
     cert.validity.notBefore = new Date();
     cert.validity.notBefore.setFullYear(cert.validity.notBefore.getFullYear() - 1);
     cert.validity.notAfter = new Date();
     cert.validity.notAfter.setFullYear(cert.validity.notAfter.getFullYear() + 1);
     var attrs = [{
-      name: 'commonName',
-      value: domain
+        name: 'commonName',
+        value: domain
     }, {
-      name: 'countryName',
-      value: 'CN'
+        name: 'countryName',
+        value: 'CN'
     }, {
-      shortName: 'ST',
-      value: 'GuangDong'
+        shortName: 'ST',
+        value: 'GuangDong'
     }, {
-      name: 'localityName',
-      value: 'ShengZhen'
+        name: 'localityName',
+        value: 'ShengZhen'
     }, {
-      name: 'organizationName',
-      value: 'https-mitm-proxy-handbook'
+        name: 'organizationName',
+        value: 'https-mitm-proxy-handbook'
     }, {
-      shortName: 'OU',
-      value: 'https://github.com/wuchangming/https-mitm-proxy-handbook'
+        shortName: 'OU',
+        value: 'https://github.com/wuchangming/https-mitm-proxy-handbook'
     }];
 
     cert.setIssuer(caCert.subject.attributes);
     cert.setSubject(attrs);
 
     cert.setExtensions([{
-        name: 'basicConstraints',
-        critical: true,
-        cA: false
-    },
-    {
-        name: 'keyUsage',
-        critical: true,
-        digitalSignature: true,
-        contentCommitment: true,
-        keyEncipherment: true,
-        dataEncipherment: true,
-        keyAgreement: true,
-        keyCertSign: true,
-        cRLSign: true,
-        encipherOnly: true,
-        decipherOnly: true
-    },
-    {
-        name: 'subjectAltName',
-        altNames: [{
-          type: 2,
-          value: domain
-        }]
-    },
-    {
-        name: 'subjectKeyIdentifier'
-    },
-    {
-        name: 'extKeyUsage',
-        serverAuth: true,
-        clientAuth: true,
-        codeSigning: true,
-        emailProtection: true,
-        timeStamping: true
-    },
-    {
-        name:'authorityKeyIdentifier'
-    }]);
+            name: 'basicConstraints',
+            critical: true,
+            cA: false
+        },
+        {
+            name: 'keyUsage',
+            critical: true,
+            digitalSignature: true,
+            contentCommitment: true,
+            keyEncipherment: true,
+            dataEncipherment: true,
+            keyAgreement: true,
+            keyCertSign: true,
+            cRLSign: true,
+            encipherOnly: true,
+            decipherOnly: true
+        },
+        {
+            name: 'subjectAltName',
+            altNames: [{
+                type: 2,
+                value: domain
+            }]
+        },
+        {
+            name: 'subjectKeyIdentifier'
+        },
+        {
+            name: 'extKeyUsage',
+            serverAuth: true,
+            clientAuth: true,
+            codeSigning: true,
+            emailProtection: true,
+            timeStamping: true
+        },
+        {
+            name: 'authorityKeyIdentifier'
+        }
+    ]);
     cert.sign(caKey, forge.md.sha256.create());
 
     return {
 
@@ -28,14 +28,18 @@ httpTunnel.on('error', (e) => {
 httpTunnel.on('connect', (req, cltSocket, head) => {
     // connect to an origin server
     var srvUrl = url.parse(`http://${req.url}`);
-
     console.log(`CONNECT ${srvUrl.hostname}:${srvUrl.port}`);
-
     createFakeHttpsWebSite(srvUrl.hostname, (port) => {
         var srvSocket = net.connect(port, '127.0.0.1', () => {
             cltSocket.write('HTTP/1.1 200 Connection Established\r\n' +
                 'Proxy-agent: MITM-proxy\r\n' +
                 '\r\n');
+            cltSocket.on('error', (e) => {
+                console.error(e);
+            })
+            cltSocket.on('data', (data) => {
+                // console.log(data.toString());
+            });
             srvSocket.write(head);
             srvSocket.pipe(cltSocket);
             cltSocket.pipe(srvSocket);