Add HTTP proxy support with -H option#30
Open
bmansvk wants to merge 4 commits intocernekee:masterfrom
Open
Conversation
This commit adds HTTP proxy functionality to ocproxy, allowing users to create an HTTP proxy server that supports both HTTP and HTTPS connections through the CONNECT method. Features: - New -H/--httpproxy option to spawn HTTP proxy on specified port - Support for CONNECT method for HTTPS tunneling - HTTP request parsing and validation - DNS resolution for hostnames in CONNECT requests - Error handling with proper HTTP status codes - Can be used alongside existing -D (SOCKS) and -L (port forward) options The HTTP proxy works by: 1. Accepting HTTP CONNECT requests from browsers/clients 2. Parsing the target hostname and port 3. Resolving DNS if needed (supports both IPs and hostnames) 4. Creating a TCP tunnel through the VPN to the destination 5. Returning "200 Connection established" on success Usage example: openconnect --script-tun --script "./ocproxy -H 8080" vpn.example.com Then configure your browser to use HTTP proxy at 127.0.0.1:8080 Connection limits: - Shares the same connection pool (MAX_CONN=1024) with SOCKS/port forwarding - Can handle up to 1024 concurrent connections across all proxy types 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
Author
|
Tested on macOS Tahoe and it works. |
- Add complete HTTP proxy implementation for all methods (GET, POST, PUT, DELETE, etc.) - Previously only CONNECT method (HTTPS tunneling) was supported - Add HTTP relay mode to forward requests and responses bidirectionally - Add new states: STATE_HTTP_HEADERS, STATE_HTTP_RELAY - Add HTTP request parsing for both absolute and relative URLs - Add proper memory management for HTTP request buffers - Add portable strcasestr() implementation for non-glibc systems Compilation fixes: - Fix format-nonliteral warnings with function attributes - Remove unused variable 'header_line' - Fix lwIP pthread function cast warning using union - Update autoconf macros: replace AC_TRY_COMPILE with AC_COMPILE_IFELSE - Remove obsolete AC_GNU_SOURCE and AC_PROG_CC_C99 macros - Create m4 directory to silence aclocal warning Documentation: - Add macOS build instructions with Homebrew dependencies - Document full HTTP/HTTPS proxy feature set - Add CPPFLAGS/LDFLAGS configuration for Intel and Apple Silicon Macs
- Log SOCKS5 connections as domain:port - Log HTTP/HTTPS connections with full URL including path and query parameters - Add -l/--logfile option to specify log file path - Include timestamps in ISO 8601 format for all log entries - Distinguish between HTTPS CONNECT tunnels and regular HTTP requests - Log port forwarding connections
- Add comprehensive help text showing all command line options - Include descriptions of environment variables - Provide usage examples for common scenarios - Check for help flag early before initialization to avoid VPNFD requirement
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This commit adds HTTP proxy functionality to ocproxy, allowing users to create an HTTP proxy server that supports both HTTP and HTTPS connections through the CONNECT method.
Features:
The HTTP proxy works by:
Usage example:
openconnect --script-tun --script "./ocproxy -H 8080" vpn.example.com
Then configure your browser to use HTTP proxy at 127.0.0.1:8080
Connection limits:
🤖 Generated with Claude Code