/web-sniffer

A simple and clean web-traffic proxy sniffer written in typescript

Primary LanguageTypeScriptMIT LicenseMIT

Web Sniffer

A simple and clean web-traffic proxy sniffer written in typescript. Inspired by the no longer maintained Hoxy

Install

npm install --save web-proxy-sniffer

Contributing

Please see CONTRIBUTING.md to see how to help us maintain and evolve this project.

Examples

import * as Sniffer from 'web-proxy-sniffer'

const proxy = Sniffer.createServer()

proxy.intercept({
  // Intercept before the request is sent
  phase: 'request'
}, (request, response) => {
  // Redirects the request to google.com
  request.hostname = "www.google.com"

  return request
})

proxy.listen(8080)

Intercepting HTTPS requests

In order to support HTTPS requests intercept, it's required to provide a valid self-signed Certificate Authority when initializing the proxy. To create a new certificate run on your terminal:

# Create the key
openssl genrsa -out ~/.ssh/my-private-root-ca.key.pem 2048
# Create the cert
openssl req -x509 -new -nodes -key ~/.ssh/my-private-root-ca.key.pem -days 1024 -out ~/.ssh/my-private-root-ca.crt.pem -subj "/C=US/ST=Utah/L=Provo/O=ACME Signing Authority Inc/CN=example.com"

After that, you need to trust this certificate. How to do this varies depending on your environment. If your are using a browser, you must trust the certificate on the browser, if you are using the proxy on a OS level, you must trust the certificate on your machine.

After trusting the certificate, you must send this certificate and its key when initializing the proxy:

import * as fs from 'fs'
import * as Sniffer from 'web-proxy-sniffer'

const proxy = Sniffer.createServer({
  certAuthority: {
    key: fs.readFileSync(`src/resources/certificates/proxy-cert-key.key.pem`),
    cert: fs.readFileSync(`src/resources/certificates/proxy-cert.crt.pem`)
  }
})

Roadmap

Today the proxy only supports intercepting and changing HTTP and HTTPS requests before they are sent and responses before they are received. Based on that, we established the following Roadmap to the future releases of this library

  • Support reverse proxy
  • Filter intercepted content by type
  • Intercept requests after they are sent to its destination
  • Intercept responses before they are received by the client