379 lines
8.2 KiB
Go
379 lines
8.2 KiB
Go
package gost
|
|
|
|
import (
|
|
"bytes"
|
|
"crypto/rand"
|
|
"fmt"
|
|
"io/ioutil"
|
|
"net"
|
|
"net/http"
|
|
"net/http/httptest"
|
|
"net/url"
|
|
"testing"
|
|
)
|
|
|
|
var httpProxyTests = []struct {
|
|
cliUser *url.Userinfo
|
|
srvUsers []*url.Userinfo
|
|
errStr string
|
|
}{
|
|
{nil, nil, ""},
|
|
{nil, []*url.Userinfo{url.User("admin")}, "407 Proxy Authentication Required"},
|
|
{nil, []*url.Userinfo{url.UserPassword("", "123456")}, "407 Proxy Authentication Required"},
|
|
{url.User("admin"), []*url.Userinfo{url.User("test")}, "407 Proxy Authentication Required"},
|
|
{url.User("admin"), []*url.Userinfo{url.UserPassword("admin", "123456")}, "407 Proxy Authentication Required"},
|
|
{url.User("admin"), []*url.Userinfo{url.User("admin")}, ""},
|
|
{url.User("admin"), []*url.Userinfo{url.UserPassword("admin", "")}, ""},
|
|
{url.UserPassword("admin", "123456"), nil, ""},
|
|
{url.UserPassword("admin", "123456"), []*url.Userinfo{url.User("admin")}, ""},
|
|
{url.UserPassword("admin", "123456"), []*url.Userinfo{url.UserPassword("", "123456")}, "407 Proxy Authentication Required"},
|
|
{url.UserPassword("", "123456"), []*url.Userinfo{url.UserPassword("", "123456")}, ""},
|
|
{url.UserPassword("admin", "123456"), []*url.Userinfo{url.UserPassword("admin", "123456")}, ""},
|
|
{url.UserPassword("admin", "123456"), []*url.Userinfo{url.UserPassword("user", "pass"), url.UserPassword("admin", "123456")}, ""},
|
|
}
|
|
|
|
func httpProxyRoundtrip(targetURL string, data []byte, clientInfo *url.Userinfo, serverInfo []*url.Userinfo) error {
|
|
ln, err := TCPListener("")
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
client := &Client{
|
|
Connector: HTTPConnector(clientInfo),
|
|
Transporter: TCPTransporter(),
|
|
}
|
|
|
|
server := &Server{
|
|
Listener: ln,
|
|
Handler: HTTPHandler(
|
|
UsersHandlerOption(serverInfo...),
|
|
),
|
|
}
|
|
|
|
go server.Run()
|
|
defer server.Close()
|
|
|
|
return proxyRoundtrip(client, server, targetURL, data)
|
|
}
|
|
|
|
func TestHTTPProxyAuth(t *testing.T) {
|
|
httpSrv := httptest.NewServer(httpTestHandler)
|
|
defer httpSrv.Close()
|
|
|
|
sendData := make([]byte, 128)
|
|
rand.Read(sendData)
|
|
|
|
for i, tc := range httpProxyTests {
|
|
tc := tc
|
|
t.Run(fmt.Sprintf("#%d", i), func(t *testing.T) {
|
|
err := httpProxyRoundtrip(httpSrv.URL, sendData, tc.cliUser, tc.srvUsers)
|
|
if err == nil {
|
|
if tc.errStr != "" {
|
|
t.Errorf("#%d should failed with error %s", i, tc.errStr)
|
|
}
|
|
} else {
|
|
if tc.errStr == "" {
|
|
t.Errorf("#%d got error %v", i, err)
|
|
}
|
|
if err.Error() != tc.errStr {
|
|
t.Errorf("#%d got error %v, want %v", i, err, tc.errStr)
|
|
}
|
|
}
|
|
})
|
|
}
|
|
}
|
|
|
|
func TestHTTPProxyWithInvalidRequest(t *testing.T) {
|
|
httpSrv := httptest.NewServer(httpTestHandler)
|
|
defer httpSrv.Close()
|
|
|
|
sendData := make([]byte, 128)
|
|
rand.Read(sendData)
|
|
|
|
ln, err := TCPListener("")
|
|
if err != nil {
|
|
t.Error(err)
|
|
}
|
|
|
|
server := &Server{
|
|
Listener: ln,
|
|
Handler: HTTPHandler(),
|
|
}
|
|
go server.Run()
|
|
defer server.Close()
|
|
|
|
r, err := http.NewRequest("GET", "http://"+ln.Addr().String(), bytes.NewReader(sendData))
|
|
if err != nil {
|
|
t.Error(err)
|
|
}
|
|
resp, err := http.DefaultClient.Do(r)
|
|
if err != nil {
|
|
t.Error(err)
|
|
}
|
|
defer resp.Body.Close()
|
|
|
|
if resp.StatusCode != http.StatusBadRequest {
|
|
t.Error("got status:", resp.Status)
|
|
}
|
|
}
|
|
|
|
func BenchmarkHTTPProxy(b *testing.B) {
|
|
httpSrv := httptest.NewServer(httpTestHandler)
|
|
defer httpSrv.Close()
|
|
|
|
sendData := make([]byte, 128)
|
|
rand.Read(sendData)
|
|
|
|
ln, err := TCPListener("")
|
|
if err != nil {
|
|
b.Error(err)
|
|
}
|
|
|
|
client := &Client{
|
|
Connector: HTTPConnector(url.UserPassword("admin", "123456")),
|
|
Transporter: TCPTransporter(),
|
|
}
|
|
|
|
server := &Server{
|
|
Listener: ln,
|
|
Handler: HTTPHandler(
|
|
UsersHandlerOption(url.UserPassword("admin", "123456")),
|
|
),
|
|
}
|
|
go server.Run()
|
|
defer server.Close()
|
|
|
|
for i := 0; i < b.N; i++ {
|
|
if err := proxyRoundtrip(client, server, httpSrv.URL, sendData); err != nil {
|
|
b.Error(err)
|
|
}
|
|
}
|
|
}
|
|
|
|
func BenchmarkHTTPProxyParallel(b *testing.B) {
|
|
httpSrv := httptest.NewServer(httpTestHandler)
|
|
defer httpSrv.Close()
|
|
|
|
sendData := make([]byte, 128)
|
|
rand.Read(sendData)
|
|
|
|
ln, err := TCPListener("")
|
|
if err != nil {
|
|
b.Error(err)
|
|
}
|
|
|
|
client := &Client{
|
|
Connector: HTTPConnector(url.UserPassword("admin", "123456")),
|
|
Transporter: TCPTransporter(),
|
|
}
|
|
|
|
server := &Server{
|
|
Listener: ln,
|
|
Handler: HTTPHandler(
|
|
UsersHandlerOption(url.UserPassword("admin", "123456")),
|
|
),
|
|
}
|
|
go server.Run()
|
|
defer server.Close()
|
|
|
|
b.RunParallel(func(pb *testing.PB) {
|
|
for pb.Next() {
|
|
if err := proxyRoundtrip(client, server, httpSrv.URL, sendData); err != nil {
|
|
b.Error(err)
|
|
}
|
|
}
|
|
})
|
|
}
|
|
|
|
func TestHTTPProxyWithCodeProbeResist(t *testing.T) {
|
|
ln, err := TCPListener("")
|
|
if err != nil {
|
|
t.Error(err)
|
|
}
|
|
|
|
server := &Server{
|
|
Listener: ln,
|
|
Handler: HTTPHandler(
|
|
UsersHandlerOption(url.UserPassword("admin", "123456")),
|
|
ProbeResistHandlerOption("code:400"),
|
|
),
|
|
}
|
|
go server.Run()
|
|
defer server.Close()
|
|
|
|
resp, err := http.Get("http://" + ln.Addr().String())
|
|
if err != nil {
|
|
t.Error(err)
|
|
}
|
|
defer resp.Body.Close()
|
|
|
|
if resp.StatusCode != 400 {
|
|
t.Error("should failed with status code 400, got", resp.Status)
|
|
}
|
|
}
|
|
|
|
func TestHTTPProxyWithWebProbeResist(t *testing.T) {
|
|
httpSrv := httptest.NewServer(httpTestHandler)
|
|
defer httpSrv.Close()
|
|
|
|
ln, err := TCPListener("")
|
|
if err != nil {
|
|
t.Error(err)
|
|
}
|
|
|
|
u, err := url.Parse(httpSrv.URL)
|
|
if err != nil {
|
|
t.Error(err)
|
|
}
|
|
server := &Server{
|
|
Listener: ln,
|
|
Handler: HTTPHandler(
|
|
UsersHandlerOption(url.UserPassword("admin", "123456")),
|
|
ProbeResistHandlerOption("web:"+u.Host),
|
|
),
|
|
}
|
|
go server.Run()
|
|
defer server.Close()
|
|
|
|
r, err := http.NewRequest("GET", "http://"+ln.Addr().String(), nil)
|
|
if err != nil {
|
|
t.Error(err)
|
|
}
|
|
resp, err := http.DefaultClient.Do(r)
|
|
if err != nil {
|
|
t.Error(err)
|
|
}
|
|
defer resp.Body.Close()
|
|
|
|
if resp.StatusCode != 200 {
|
|
t.Error("got status:", resp.Status)
|
|
}
|
|
|
|
recv, _ := ioutil.ReadAll(resp.Body)
|
|
if !bytes.Equal(recv, []byte("Hello World!")) {
|
|
t.Error("data not equal")
|
|
}
|
|
}
|
|
|
|
func TestHTTPProxyWithHostProbeResist(t *testing.T) {
|
|
httpSrv := httptest.NewServer(httpTestHandler)
|
|
defer httpSrv.Close()
|
|
|
|
sendData := make([]byte, 128)
|
|
rand.Read(sendData)
|
|
|
|
ln, err := TCPListener("")
|
|
if err != nil {
|
|
t.Error(err)
|
|
}
|
|
|
|
u, err := url.Parse(httpSrv.URL)
|
|
if err != nil {
|
|
t.Error(err)
|
|
}
|
|
|
|
server := &Server{
|
|
Listener: ln,
|
|
Handler: HTTPHandler(
|
|
UsersHandlerOption(url.UserPassword("admin", "123456")),
|
|
ProbeResistHandlerOption("host:"+u.Host),
|
|
),
|
|
}
|
|
go server.Run()
|
|
defer server.Close()
|
|
|
|
r, err := http.NewRequest("GET", "http://"+ln.Addr().String(), bytes.NewReader(sendData))
|
|
if err != nil {
|
|
t.Error(err)
|
|
}
|
|
resp, err := http.DefaultClient.Do(r)
|
|
if err != nil {
|
|
t.Error(err)
|
|
}
|
|
defer resp.Body.Close()
|
|
|
|
if resp.StatusCode != 200 {
|
|
t.Error("got status:", resp.Status)
|
|
}
|
|
|
|
recv, _ := ioutil.ReadAll(resp.Body)
|
|
if !bytes.Equal(sendData, recv) {
|
|
t.Error("data not equal")
|
|
}
|
|
}
|
|
|
|
func TestHTTPProxyWithFileProbeResist(t *testing.T) {
|
|
ln, err := TCPListener("")
|
|
if err != nil {
|
|
t.Error(err)
|
|
}
|
|
|
|
server := &Server{
|
|
Listener: ln,
|
|
Handler: HTTPHandler(
|
|
UsersHandlerOption(url.UserPassword("admin", "123456")),
|
|
ProbeResistHandlerOption("file:.config/probe_resist.txt"),
|
|
),
|
|
}
|
|
go server.Run()
|
|
defer server.Close()
|
|
|
|
r, err := http.NewRequest("GET", "http://"+ln.Addr().String(), nil)
|
|
if err != nil {
|
|
t.Error(err)
|
|
}
|
|
resp, err := http.DefaultClient.Do(r)
|
|
if err != nil {
|
|
t.Error(err)
|
|
}
|
|
defer resp.Body.Close()
|
|
|
|
if resp.StatusCode != 200 {
|
|
t.Error("got status:", resp.Status)
|
|
}
|
|
|
|
recv, _ := ioutil.ReadAll(resp.Body)
|
|
if !bytes.Equal(recv, []byte("Hello World!")) {
|
|
t.Error("data not equal, got:", string(recv))
|
|
}
|
|
}
|
|
|
|
func TestHTTPProxyWithBypass(t *testing.T) {
|
|
httpSrv := httptest.NewServer(httpTestHandler)
|
|
defer httpSrv.Close()
|
|
|
|
sendData := make([]byte, 128)
|
|
rand.Read(sendData)
|
|
|
|
u, err := url.Parse(httpSrv.URL)
|
|
if err != nil {
|
|
t.Error(err)
|
|
}
|
|
ln, err := TCPListener("")
|
|
if err != nil {
|
|
t.Error(err)
|
|
}
|
|
|
|
client := &Client{
|
|
Connector: HTTPConnector(nil),
|
|
Transporter: TCPTransporter(),
|
|
}
|
|
|
|
host := u.Host
|
|
if h, _, _ := net.SplitHostPort(u.Host); h != "" {
|
|
host = h
|
|
}
|
|
server := &Server{
|
|
Listener: ln,
|
|
Handler: HTTPHandler(
|
|
BypassHandlerOption(NewBypassPatterns(false, host)),
|
|
),
|
|
}
|
|
go server.Run()
|
|
defer server.Close()
|
|
|
|
if err = proxyRoundtrip(client, server, httpSrv.URL, sendData); err == nil {
|
|
t.Error("should failed")
|
|
}
|
|
}
|