Creating a Java HTTPS Proxy in-order to record HTTP traffic

Question

I am implementing my own proxy in purpose to record HTTP traffic. From what I researched so far this is not trivial since the first request (CONNECT) is done without encryption over HTTP (on port 443 - using regular server socket) proceeding with tunneling to SSL over HTTP (HTTPS) which needs to be handled by a secured server socket (taken from SLServerSocketFactory).

In other words, I will need to switch implementations from non-secure to secure server socket after the first CONNECT request.

In addition to that, I am taking care of using a custom keystore and trustore which is based on the server cert (no problem with this step).

Appreciate your thoughts or any examples you might have.

Answer 1

It's extremely trivial.

1. Read a line from the accepted socket. That's the CONNECT. Get the target host.
2. Connect to the target. This is the 'upstream' connection, the other one is the 'downstream' connection.
3. If that failed, send back an appropriate HTTP response and close the socket.
4. Otherwise, start two threads, one to copy bytes from downstream to upstream, and one to copy bytes from upstream to downstream.
5. When you read EOS on a socket in one of those threads, shutdown the socket it writes to for output and exit the thread.
6. When you do that, check to see if the socket you're read from has been shutdown for output. If it has, close both sockets before exiting the thread.

So when EOS has been read in both directions, both sockets are closed and both threads have exited. This shutdown technique takes care of all possible keep-alive difficulties.

As you are copying bytes, you don't care in the slightest what's in them. The client will do all the SSL stuff with the upstream server. You don't need to know anything about it.