milliways-infosec/AikidoSec-safe-chain
7
0
Fork 0
mirror of https://github.com/AikidoSec/safe-chain.git synced 2026-05-26 12:10:49 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

WIP

Browse source
This commit is contained in:
Sander Declerck 2025-10-24 16:21:14 +02:00
parent 2e1ee0dfa4
commit d6dda73fb9
No known key found for this signature in database
3 changed files with 22 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

18
packages/safe-chain/src/registryProxy/mitmRequestHandler.js
View file

@ -1,11 +1,16 @@
import https from "https";
import { generateCertForHost } from "./certUtils.js";
import { HttpsProxyAgent } from "https-proxy-agent";
import { ui } from "../environment/userInteraction.js";
export function mitmConnect(req, clientSocket, isAllowed) {
ui.writeVerboseInformation(`Safe-chain: Set up MITM tunnel for ${req.url}`);
const { hostname } = new URL(`http://${req.url}`);
clientSocket.on("error", () => {
clientSocket.on("error", (err) => {
ui.writeVerboseInformation(
`Safe-chain: Client socket error for ${req.url}: ${err.message}`
);
// NO-OP
// This can happen if the client TCP socket sends RST instead of FIN.
// Not subscribing to 'close' event will cause node to throw and crash.
@ -28,6 +33,9 @@ function createHttpsServer(hostname, isAllowed) {
const targetUrl = `https://${hostname}${pathAndQuery}`;
if (!(await isAllowed(targetUrl))) {
ui.writeVerboseInformation(
`Safe-chain: Blocking request to ${targetUrl}`
);
res.writeHead(403, "Forbidden - blocked by safe-chain");
res.end("Blocked by safe-chain");
return;
@ -57,7 +65,10 @@ function getRequestPathAndQuery(url) {
function forwardRequest(req, hostname, res) {
const proxyReq = createProxyRequest(hostname, req, res);
proxyReq.on("error", () => {
proxyReq.on("error", (err) => {
ui.writeVerboseInformation(
`Safe-chain: Error occurred while proxying request: ${err.message}`
);
res.writeHead(502);
res.end("Bad Gateway");
});
@ -67,6 +78,9 @@ function forwardRequest(req, hostname, res) {
});
req.on("end", () => {
ui.writeVerboseInformation(
`Safe-chain: Finished proxying request to ${req.url} for ${hostname}`
);
proxyReq.end();
});
}

1
packages/safe-chain/src/registryProxy/registryProxy.js
View file

@ -109,6 +109,7 @@ function handleConnect(req, clientSocket, head) {
mitmConnect(req, clientSocket, isAllowedUrl);
} else {
// For other hosts, just tunnel the request to the destination tcp socket
ui.writeVerboseInformation(`Safe-chain: Tunneling request to ${req.url}`);
tunnelRequest(req, clientSocket, head);
}
}