From 9993d9a8efe60bfd90169ad65b0f6840a6cc5a74 Mon Sep 17 00:00:00 2001
From: Simon Vieille <simon.vieille@trinaps.com>
Date: Thu, 3 Aug 2023 15:42:22 +0200
Subject: [PATCH] add option to skip TLS verification

---
 .gitignore   |  6 +-----
 CHANGELOG.md |  6 ++++++
 README.md    | 16 +++++++++-------
 config.go    |  5 +++++
 main.go      | 10 ++++++++--
 5 files changed, 29 insertions(+), 14 deletions(-)

diff --git a/.gitignore b/.gitignore
index b1ab026..796b96d 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,5 +1 @@
-.idea
-debug
-debug.test
-*.exe
-capture
+/build
diff --git a/CHANGELOG.md b/CHANGELOG.md
index a8dcd12..f09fbb9 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,11 @@
 ## [Unreleased]
 
+## v1.4.0
+### Added
+- add option to skil TLS verification
+### Changed
+- build binaries are nenamed
+
 ## v1.3.1
 ### Added
 - add makefile to manage build
diff --git a/README.md b/README.md
index 89957c7..909d932 100644
--- a/README.md
+++ b/README.md
@@ -19,13 +19,14 @@ docker run -p 9000:9000 -p 9001:9001 deblan/capture -url=https://example.com/ -p
 
 #### Settings
 
-| param          | description                                                   |
-| -------------- | -------------                                                 |
-| `-url`         | **Required.** Set the url you want to proxy                   |
-| `-port`        | Set the proxy port. Default: *9000*                           |
-| `-dashboard`   | Set the dashboard port. Default: *9001*                       |
-| `-captures`    | Set how many captures to show in the dashboard. Default: *16* |
-| `-config`      | Set the configuration file. Default: *.capture.ini*           |
+| param              | description                                                   |
+| --------------     | -------------                                                 |
+| `-url`             | **Required.** Set the url you want to proxy                   |
+| `-port`            | Set the proxy port. Default: *9000*                           |
+| `-dashboard`       | Set the dashboard port. Default: *9001*                       |
+| `-captures`        | Set how many captures to show in the dashboard. Default: *16* |
+| `-tls-skip-verify` | Skip TLS vertificaton. Default: *false*                       |
+| `-config`          | Set the configuration file. Default: *.capture.ini*           |
 
 You can create a file named `.capture.ini` and set the configuration inside:
 
@@ -34,6 +35,7 @@ url = https://example.com/
 port = 9000
 dashboard = 9001
 captures = 16
+tls_skip_verify = false
 ```
 
 ## Using
diff --git a/config.go b/config.go
index 4344540..1d6ebe3 100644
--- a/config.go
+++ b/config.go
@@ -12,6 +12,7 @@ type Config struct {
 	TargetURL     string
 	ProxyPort     string
 	DashboardPort string
+	TLSSkipVerify bool
 	MaxCaptures   int
 }
 
@@ -22,12 +23,14 @@ func ReadConfig() Config {
 	defaultDashboardPort := "9001"
 	defaultMaxCaptures := 16
 	defaultConfigFile := ".capture.ini"
+	defaultTLSSkipVerify := false
 
 	targetURL := flag.String("url", defaultTargetURL, "Required. Set the url you want to proxy")
 	configFile := flag.String("config", defaultConfigFile, "Set the configuration file")
 	proxyPort := flag.String("port", defaultProxyPort, "Set the proxy port")
 	dashboardPort := flag.String("dashboard", defaultDashboardPort, "Set the dashboard port")
 	maxCaptures := flag.Int("captures", defaultMaxCaptures, "Set how many captures to show in the dashboard")
+	TLSSkipVerify := flag.Bool("tls-skip-verify", defaultTLSSkipVerify, "Skip TLS vertification")
 
 	flag.Parse()
 
@@ -46,6 +49,7 @@ func ReadConfig() Config {
 			ProxyPort:     section.Key("port").MustString(*proxyPort),
 			MaxCaptures:   section.Key("captures").MustInt(*maxCaptures),
 			DashboardPort: section.Key("dashboard").MustString(*dashboardPort),
+			TLSSkipVerify: section.Key("tls_skip_verify").MustBool(*TLSSkipVerify),
 		}
 	}
 
@@ -54,5 +58,6 @@ func ReadConfig() Config {
 		ProxyPort:     *proxyPort,
 		MaxCaptures:   *maxCaptures,
 		DashboardPort: *dashboardPort,
+		TLSSkipVerify: *TLSSkipVerify,
 	}
 }
diff --git a/main.go b/main.go
index 520bce7..c2e27b2 100644
--- a/main.go
+++ b/main.go
@@ -3,6 +3,7 @@ package main
 import (
 	"bytes"
 	"compress/gzip"
+	"crypto/tls"
 	_ "embed"
 	"encoding/json"
 	"fmt"
@@ -36,7 +37,7 @@ func main() {
 	fmt.Println()
 
 	srv := NewCaptureService(cfg.MaxCaptures)
-	hdr := NewRecorderHandler(srv, NewPluginHandler(NewProxyHandler(cfg.TargetURL)))
+	hdr := NewRecorderHandler(srv, NewPluginHandler(NewProxyHandler(cfg.TargetURL, cfg.TLSSkipVerify)))
 
 	go func() {
 		fmt.Println(http.ListenAndServe(":"+cfg.DashboardPort, NewDashboardHandler(hdr, srv, cfg)))
@@ -230,9 +231,14 @@ func NewRecorderHandler(srv *CaptureService, next http.HandlerFunc) http.Handler
 }
 
 // NewProxyHandler is the reverse proxy handler.
-func NewProxyHandler(URL string) http.HandlerFunc {
+func NewProxyHandler(URL string, TLSSkipVerify bool) http.HandlerFunc {
 	url, _ := url.Parse(URL)
 	proxy := httputil.NewSingleHostReverseProxy(url)
+	insecureTransport := &http.Transport{
+		TLSClientConfig: &tls.Config{InsecureSkipVerify: TLSSkipVerify},
+	}
+	proxy.Transport = insecureTransport
+
 	proxy.ErrorHandler = func(rw http.ResponseWriter, req *http.Request, err error) {
 		fmt.Printf("Uh oh | %v | %s %s\n", err, req.Method, req.URL)
 		rw.WriteHeader(StatusInternalProxyError)