AnyProxy抓包實踐

本質是中間人攻擊（man-in-the-middle attack）

文檔：

https://github.com/alibaba/anyproxy/blob/master/docs/cn/src_doc.md 安裝

npm install -g anyproxy      

啟動

anyproxy      

編寫處理規則

rule.js

module.exports = {
    // 子產品介紹
    summary: 'my customized rule for AnyProxy',

    // 發送請求前攔截處理
    *beforeSendRequest(requestDetail) { /* ... */ },

    // 發送響應前處理
    *beforeSendResponse(requestDetail, responseDetail) { /* ... */ },

    // 是否處理https請求
    *beforeDealHttpsRequest(requestDetail) { /* ... */ },

    // 請求出錯的事件
    *onError(requestDetail, error) { /* ... */ },

    // https連接配接伺服器出錯
    *onConnectError(requestDetail, error) { /* ... */ }
};      

demo

// file: sample.js

module.exports = {
  summary: 'a rule to hack response',

  *beforeSendResponse(requestDetail, responseDetail) {
    if (requestDetail.url === 'http://httpbin.org/user-agent') {
      const newResponse = responseDetail.response;
      newResponse.body += '- AnyProxy Hacked!';

      return { response: newResponse };
        
    }
  },
};      

使用rule規則

anyproxy --rule ./sample.js      

測試

curl https://github.com --proxy http://127.0.0.1:8001