Added proxy functionality via command line parameter -proxyurl
This commit is contained in:
certrik
parent
6d5e2395a1
commit
8eef525e21
2
README
2
README
|
|
@ -98,6 +98,8 @@ COMMAND LINE FLAGS
|
||||||
documented at <https://www.certificate-transparency.org/known-logs>.
|
documented at <https://www.certificate-transparency.org/known-logs>.
|
||||||
Default: https://loglist.certspotter.org/monitor.json which includes the union
|
Default: https://loglist.certspotter.org/monitor.json which includes the union
|
||||||
of active logs recognized by Chrome and Apple.
|
of active logs recognized by Chrome and Apple.
|
||||||
|
-proxyurl
|
||||||
|
Proxy URL to use for http connections (eg. http://my.proxy.com:8080)
|
||||||
-state_dir PATH
|
-state_dir PATH
|
||||||
Directory for storing state. Default: ~/.certspotter
|
Directory for storing state. Default: ~/.certspotter
|
||||||
-verbose
|
-verbose
|
||||||
|
|
|
||||||
|
|
@ -15,6 +15,7 @@ import (
|
||||||
"flag"
|
"flag"
|
||||||
"fmt"
|
"fmt"
|
||||||
"log"
|
"log"
|
||||||
|
"net/url"
|
||||||
"os"
|
"os"
|
||||||
"os/user"
|
"os/user"
|
||||||
"path/filepath"
|
"path/filepath"
|
||||||
|
|
@ -35,6 +36,7 @@ var noSave = flag.Bool("no_save", false, "Do not save a copy of matching certifi
|
||||||
var verbose = flag.Bool("verbose", false, "Be verbose")
|
var verbose = flag.Bool("verbose", false, "Be verbose")
|
||||||
var startAtEnd = flag.Bool("start_at_end", false, "Start monitoring logs from the end rather than the beginning")
|
var startAtEnd = flag.Bool("start_at_end", false, "Start monitoring logs from the end rather than the beginning")
|
||||||
var allTime = flag.Bool("all_time", false, "Scan certs from all time, not just since last scan")
|
var allTime = flag.Bool("all_time", false, "Scan certs from all time, not just since last scan")
|
||||||
|
var proxy = flag.String("proxyurl", "", "Proxy URL to use for http connections (eg. http://my.proxy.com:8080)")
|
||||||
var state *State
|
var state *State
|
||||||
|
|
||||||
var printMutex sync.Mutex
|
var printMutex sync.Mutex
|
||||||
|
|
@ -106,10 +108,17 @@ func makeLogHandle(logInfo *loglist.Log) (*logHandle, error) {
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, fmt.Errorf("Bad public key: %s", err)
|
return nil, fmt.Errorf("Bad public key: %s", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
proxyURL, err := url.Parse(*proxy)
|
||||||
|
if *proxy == "" {
|
||||||
|
proxyURL = nil
|
||||||
|
}
|
||||||
|
|
||||||
ctlog.scanner = certspotter.NewScanner(logInfo.URL, logInfo.LogID, logKey, &certspotter.ScannerOptions{
|
ctlog.scanner = certspotter.NewScanner(logInfo.URL, logInfo.LogID, logKey, &certspotter.ScannerOptions{
|
||||||
BatchSize: *batchSize,
|
BatchSize: *batchSize,
|
||||||
NumWorkers: *numWorkers,
|
NumWorkers: *numWorkers,
|
||||||
Quiet: !*verbose,
|
Quiet: !*verbose,
|
||||||
|
ProxyURL: proxyURL,
|
||||||
})
|
})
|
||||||
|
|
||||||
ctlog.state, err = state.OpenLogState(logInfo)
|
ctlog.state, err = state.OpenLogState(logInfo)
|
||||||
|
|
|
||||||
|
|
@ -86,7 +86,7 @@ type addChainResponse struct {
|
||||||
// New constructs a new LogClient instance.
|
// New constructs a new LogClient instance.
|
||||||
// |uri| is the base URI of the CT log instance to interact with, e.g.
|
// |uri| is the base URI of the CT log instance to interact with, e.g.
|
||||||
// http://ct.googleapis.com/pilot
|
// http://ct.googleapis.com/pilot
|
||||||
func New(uri string) *LogClient {
|
func New(uri string, proxyURL *url.URL) *LogClient {
|
||||||
var c LogClient
|
var c LogClient
|
||||||
c.uri = uri
|
c.uri = uri
|
||||||
transport := &httpclient.Transport{
|
transport := &httpclient.Transport{
|
||||||
|
|
@ -106,6 +106,9 @@ func New(uri string) *LogClient {
|
||||||
InsecureSkipVerify: true,
|
InsecureSkipVerify: true,
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
if proxyURL != nil {
|
||||||
|
transport.Proxy = http.ProxyURL(proxyURL)
|
||||||
|
}
|
||||||
c.httpClient = &http.Client{Transport: transport}
|
c.httpClient = &http.Client{Transport: transport}
|
||||||
return &c
|
return &c
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -19,6 +19,7 @@ import (
|
||||||
"errors"
|
"errors"
|
||||||
"fmt"
|
"fmt"
|
||||||
"log"
|
"log"
|
||||||
|
"net/url"
|
||||||
"strings"
|
"strings"
|
||||||
"sync"
|
"sync"
|
||||||
"sync/atomic"
|
"sync/atomic"
|
||||||
|
|
@ -45,6 +46,9 @@ type ScannerOptions struct {
|
||||||
|
|
||||||
// Don't print any status messages to stdout
|
// Don't print any status messages to stdout
|
||||||
Quiet bool
|
Quiet bool
|
||||||
|
|
||||||
|
// Proxy stuff
|
||||||
|
ProxyURL *url.URL
|
||||||
}
|
}
|
||||||
|
|
||||||
// Creates a new ScannerOptions struct with sensible defaults
|
// Creates a new ScannerOptions struct with sensible defaults
|
||||||
|
|
@ -53,6 +57,7 @@ func DefaultScannerOptions() *ScannerOptions {
|
||||||
BatchSize: 1000,
|
BatchSize: 1000,
|
||||||
NumWorkers: 1,
|
NumWorkers: 1,
|
||||||
Quiet: false,
|
Quiet: false,
|
||||||
|
ProxyURL: nil,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -316,7 +321,7 @@ func NewScanner(logUri string, logId []byte, publicKey crypto.PublicKey, opts *S
|
||||||
scanner.LogUri = logUri
|
scanner.LogUri = logUri
|
||||||
scanner.LogId = logId
|
scanner.LogId = logId
|
||||||
scanner.publicKey = publicKey
|
scanner.publicKey = publicKey
|
||||||
scanner.logClient = client.New(strings.TrimRight(logUri, "/"))
|
scanner.logClient = client.New(strings.TrimRight(logUri, "/"), opts.ProxyURL)
|
||||||
scanner.opts = *opts
|
scanner.opts = *opts
|
||||||
return &scanner
|
return &scanner
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue