Skip to content

Add HTTP proxy support with -H option #30

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
bmansvk wants to merge 4 commits into
base: master
Choose a base branch
from
Open

Add HTTP proxy support with -H option #30

bmansvk wants to merge 4 commits into from

Conversation

@bmansvk
Copy link

@bmansvk bmansvk commented Oct 21, 2025

This commit adds HTTP proxy functionality to ocproxy, allowing users to create an HTTP proxy server that supports both HTTP and HTTPS connections through the CONNECT method.

Features:

  • New -H/--httpproxy option to spawn HTTP proxy on specified port
  • Support for CONNECT method for HTTPS tunneling
  • HTTP request parsing and validation
  • DNS resolution for hostnames in CONNECT requests
  • Error handling with proper HTTP status codes
  • Can be used alongside existing -D (SOCKS) and -L (port forward) options

The HTTP proxy works by:

  1. Accepting HTTP CONNECT requests from browsers/clients
  2. Parsing the target hostname and port
  3. Resolving DNS if needed (supports both IPs and hostnames)
  4. Creating a TCP tunnel through the VPN to the destination
  5. Returning "200 Connection established" on success

Usage example:
openconnect --script-tun --script "./ocproxy -H 8080" vpn.example.com

Then configure your browser to use HTTP proxy at 127.0.0.1:8080

Connection limits:

  • Shares the same connection pool (MAX_CONN=1024) with SOCKS/port forwarding
  • Can handle up to 1024 concurrent connections across all proxy types

🤖 Generated with Claude Code

@bmansvk @claude
Add HTTP proxy support with -H option
c36115b 
This commit adds HTTP proxy functionality to ocproxy, allowing users
to create an HTTP proxy server that supports both HTTP and HTTPS
connections through the CONNECT method.

Features:
- New -H/--httpproxy option to spawn HTTP proxy on specified port
- Support for CONNECT method for HTTPS tunneling
- HTTP request parsing and validation
- DNS resolution for hostnames in CONNECT requests
- Error handling with proper HTTP status codes
- Can be used alongside existing -D (SOCKS) and -L (port forward) options

The HTTP proxy works by:
1. Accepting HTTP CONNECT requests from browsers/clients
2. Parsing the target hostname and port
3. Resolving DNS if needed (supports both IPs and hostnames)
4. Creating a TCP tunnel through the VPN to the destination
5. Returning "200 Connection established" on success

Usage example:
  openconnect --script-tun --script "./ocproxy -H 8080" vpn.example.com

Then configure your browser to use HTTP proxy at 127.0.0.1:8080

Connection limits:
- Shares the same connection pool (MAX_CONN=1024) with SOCKS/port forwarding
- Can handle up to 1024 concurrent connections across all proxy types

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
@bmansvk
Copy link
Author

bmansvk commented Oct 21, 2025

Tested on macOS Tahoe and it works.

@mhostinskyo2
Implement full HTTP proxy support and fix compilation warnings
8318e5b 
- Add complete HTTP proxy implementation for all methods (GET, POST, PUT, DELETE, etc.)
- Previously only CONNECT method (HTTPS tunneling) was supported
- Add HTTP relay mode to forward requests and responses bidirectionally
- Add new states: STATE_HTTP_HEADERS, STATE_HTTP_RELAY
- Add HTTP request parsing for both absolute and relative URLs
- Add proper memory management for HTTP request buffers
- Add portable strcasestr() implementation for non-glibc systems

Compilation fixes:
- Fix format-nonliteral warnings with function attributes
- Remove unused variable 'header_line'
- Fix lwIP pthread function cast warning using union
- Update autoconf macros: replace AC_TRY_COMPILE with AC_COMPILE_IFELSE
- Remove obsolete AC_GNU_SOURCE and AC_PROG_CC_C99 macros
- Create m4 directory to silence aclocal warning

Documentation:
- Add macOS build instructions with Homebrew dependencies
- Document full HTTP/HTTPS proxy feature set
- Add CPPFLAGS/LDFLAGS configuration for Intel and Apple Silicon Macs
@mhostinskyo2
Add comprehensive logging functionality for all proxy connections
13ee808 
- Log SOCKS5 connections as domain:port
- Log HTTP/HTTPS connections with full URL including path and query parameters
- Add -l/--logfile option to specify log file path
- Include timestamps in ISO 8601 format for all log entries
- Distinguish between HTTPS CONNECT tunnels and regular HTTP requests
- Log port forwarding connections
@mhostinskyo2
Add -h/--help option to display usage information
4ea90e2 
- Add comprehensive help text showing all command line options
- Include descriptions of environment variables
- Provide usage examples for common scenarios
- Check for help flag early before initialization to avoid VPNFD requirement
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@bmansvk @mhostinskyo2