Foreword
AnyProxy can not capture, intercepts the request and may further modify the response server, implements the interface mock function.
When the interview often ask how to test such a payment to a third party, if the third party did not provide docking test environment, we need to set up a mock server to simulate a variety of payment situation returned interface.
rule module
AnyProxy provides the ability secondary development, you can write your own rules js module (rule), processing logic from the definition of network requests.
Note: Before quoting rules, make sure the files from trustworthy sources, in order to avoid security problems
- Intercept and modify requests being sent
The content may include a request header (request header), the request body (request body), and even the target address of the request, etc.
- Intercept and modify the server response
Modifiable include http status code (status code), the first response (response header), in response to content
- Intercept https request to make changes to the content
Essentially middle attack (man-in-the-middle attack), the client needs to trust CA AnyProxy generated in advance
Development Samples
For chestnut: the need to write a rule module, the GET http://httpbin.org/user-agent return value in plus test information, and a delay of 5 seconds to return
Step 1, write the following rules, save for the sample.js file, you can put a computer anywhere
// file: sample.js
module.exports = {
summary: 'a rule to hack response',
*beforeSendResponse(requestDetail, responseDetail) {
if (requestDetail.url === 'http://httpbin.org/user-agent') { const newResponse = responseDetail.response; newResponse.body += '- AnyProxy Hacked!'; return new Promise((resolve, reject) => { setTimeout(() => { // delay resolve({ response: newResponse }); }, 5000); }); } }, };
Step 2, starting AnyProxy, loading rules
anyproxy -i --rule sample.js
When you see appears: Active rule is: a rule to hack response that is loaded success
Step 3, test rules
With a curl test
curl http://httpbin.org/user-agent --proxy http://127.0.0.1:8001
You can also use a browser to test, configure your browser to http proxy 127.0.0.1:8001, access http://httpbin.org/user-agent , after a proxy server, the expected return is as follows
{
"user-agent": "curl/7.43.0"
}
- AnyProxy Hacked!
Step 4, viewing request information. Browser to access http://127.0.0.1:8002, the interface can see just request information
Process flow
When the http request through the proxy, the specific process is:
- collection request all request parameters, including method, header, body, etc.
- AnyProxy beforeSendRequest method call rules module, the module are processed, return a new parameter request, or return the response content
- If beforeSendRequest return the contents of the response, this response is immediately returned to the client (rather than sent to the real server), the process ends.
- Depending on the request, a request to the server, the server receives the response.
- BeforeSendResponse method call rules module, processed by the module in response to the content
- The response information back to the client
When the proxy server receives a request https, AnyProxy can replace the certificate, the request made expressly resolved.
- Call Rules module beforeDealHttpsRequest method, if it returns true, will expressly resolve the request, other requests are not processed
- After being parsed plaintext https requests, process flow consistent with http. Not expressly resolve the request will not re-enter the rules module for processing.
How to Cite
Several schemes can be used as reference rules module:
Use local paths
anyproxy --rule ./rule.js
Use the online address
anyproxy --rule https://sample.com/rule.js
Use npm package, AnyProxy use require () to load the local rules, you can pass a local npm package path parameters in, or a global installation package npm
anyproxy --rule ./myRulePkg/ #本地包 npm i -g myRulePkg && anyproxy --rule myRulePkg #全局包
rule接口文档
规则模块应该符合cmd规范,一个典型的规则模块代码结构如下。模块中所有方法都是可选的,只需实现业务感兴趣的部分即可。
module.exports = {
// 模块介绍
summary: 'my customized rule for AnyProxy',
// 发送请求前拦截处理
*beforeSendRequest(requestDetail) { /* ... */ }, // 发送响应前处理 *beforeSendResponse(requestDetail, responseDetail) { /* ... */ }, // 是否处理https请求 *beforeDealHttpsRequest(requestDetail) { /* ... */ }, // 请求出错的事件 *onError(requestDetail, error) { /* ... */ }, // https连接服务器出错 *onConnectError(requestDetail, error) { /* ... */ } };
更多资料参考anyproxy 官方文档https://github.com/alibaba/anyproxy/blob/master/docs/cn/src_doc.md