fix: domains whitelist and blacklist (#80)

* WhiteBlackList

* Readme

* bump up version

Author: P-Courteille

README.md

@@ -30,6 +30,20 @@ If you need to use a custom certificate, it can be done by passing `certdirector
 
 Please keep the same directory structure as the existing certificate folder.
 
+## Whitelist/Blacklist
+
+If you need to limit the calls going through the proxy, it can be done by passing `whitelisteddomains` and `blacklisteddomains` as an argument of the plugin:
+
+Example of `whitelisteddomains`: only the calls for the domain `*.mydomain.com` got through the proxy.
+
+`appium server -ka 800 --use-plugins=appium-interceptor --plugin-appium-interceptor-whitelisteddomains='["*.mydomain.com"]' -pa /wd/hub`
+
+Example of `blacklisteddomains`: all the calls go through the proxy, except the calls for `*.otherdomain.com`.
+
+`appium server -ka 800 --use-plugins=appium-interceptor --plugin-appium-interceptor-blacklisteddomains='["*.otherdomain.com"]' -pa /wd/hub`
+
+Note: `whitelisteddomains` and `blacklisteddomains` are two different approach and are not supposed to be used together. If both are present, `blacklisteddomains` will be ignored.
+
 ## what does this plugin do?
 
 For every appium session, interceptor plugin will start a proxy server and updates the device proxy settings to pass all network traffic to proxy server. Mocking is disabled by default and can be enabled from the test by passing `appium:intercept : true` in the desired capability while creating a new appium session.

package-lock.json

@@ -78,6 +78,12 @@
       "properties": {
         "certdirectory": {
           "type": "string"
+        },
+        "whitelisteddomains": {
+          "type": "string"
+        },
+        "blacklisteddomains": {
+          "type": "string"
         }
       },
       "title": "Appium interceptor plugin",

package.json

@@ -2,8 +2,12 @@ import path from 'path';
 
 export interface IPluginArgs {
   certdirectory: string;
+  whitelisteddomains: string[] | string;
+  blacklisteddomains: string[] | string;
 }
 
 export const DefaultPluginArgs: IPluginArgs = {
   certdirectory: path.join(__dirname, '..', 'certificate'),
+  whitelisteddomains: [],
+  blacklisteddomains: [],
 };

src/interfaces.ts

@@ -19,7 +19,7 @@ import {
   getAdbReverseTunnels,
   removeReverseTunnel,
 } from './utils/adb';
-import { cleanUpProxyServer, sanitizeMockConfig, setupProxyServer } from './utils/proxy';
+import { cleanUpProxyServer, parseJson, sanitizeMockConfig, setupProxyServer } from './utils/proxy';
 import proxyCache from './proxy-cache';
 import logger from './logger';
 import log from './logger';
@@ -112,6 +112,19 @@ export class AppiumInterceptorPlugin extends BasePlugin {
     const interceptFlag = mergedCaps['appium:intercept'];
     const { deviceUDID, platformName } = response.value[1];
     const certDirectory = this.pluginArgs.certdirectory;
+    const whitelistedDomains =
+      ((domains) =>
+        Array.isArray(domains) ? domains : typeof domains === 'string' ? [domains] : [])(
+        typeof this.pluginArgs.whitelisteddomains === 'string'
+          ? parseJson(this.pluginArgs.whitelisteddomains)
+          : this.pluginArgs.whitelisteddomains
+      );
+    const blacklistedDomains =
+      ((domains) => (Array.isArray(domains) ? domains : typeof domains === 'string' ? [domains] : []))(
+        typeof this.pluginArgs.blacklisteddomains === 'string'
+          ? parseJson(this.pluginArgs.blacklisteddomains)
+          : this.pluginArgs.blacklisteddomains
+      );
     const sessionId = response.value[0];
     const adb = driver.sessions[sessionId]?.adb;
 
@@ -130,6 +143,8 @@ export class AppiumInterceptorPlugin extends BasePlugin {
         realDevice,
         certDirectory,
         currentWifiProxyConfig,
+        whitelistedDomains,
+        blacklistedDomains
       );
       await configureWifiProxy(adb, deviceUDID, realDevice, proxy.options);
       proxyCache.add(sessionId, proxy);

src/plugin.ts

@@ -1,5 +1,6 @@
 import { MockConfig, RecordConfig, RequestInfo, SniffConfig } from './types';
 import { Proxy as HttpProxy, IContext, IProxyOptions } from 'http-mitm-proxy';
+import * as net from 'net';
 import { ProxyAgent } from 'proxy-agent';
 import { v4 as uuid } from 'uuid';
 import {
@@ -30,6 +31,8 @@ export interface ProxyOptions {
   port: number;
   ip: string;
   previousConfig?: ProxyOptions;
+  whitelistedDomains?: string[];
+  blacklistedDomains?: string[];
 }
 
 export class Proxy {
@@ -103,6 +106,56 @@ export class Proxy {
       log.info('Routing traffic via proxy-chain upstream agent');
     }
 
+    this.httpProxy.onConnect((req, clientToProxySocket, head, callback) => {
+      const [hostname, port] = req.url!.split(':');
+      const whitelistedDomains = this.options.whitelistedDomains ?? [];
+      const blacklistedDomains = this.options.blacklistedDomains ?? [];
+
+      let shouldIntercept = true;
+      if (whitelistedDomains.length > 0) {
+        shouldIntercept = whitelistedDomains.some((domain) => doesUrlMatch(domain, hostname));
+      } else if (blacklistedDomains.length > 0) {
+        shouldIntercept = !blacklistedDomains.some((domain) => doesUrlMatch(domain, hostname));
+      }
+      if (shouldIntercept) {
+        return callback();
+      } else {
+        clientToProxySocket.on('error', (err) => {
+          log.error(`Client socket error for ${hostname}: ${err.message}`);
+        });
+
+        const proxyToServerSocket = net.connect(
+          {
+            host: hostname,
+            port: Number(port || 80),
+          },
+          () => {
+            clientToProxySocket.write('HTTP/1.1 200 Connection Established\r\n\r\n');
+            if (head && head.length > 0) {
+              proxyToServerSocket.write(head);
+            }
+            proxyToServerSocket.pipe(clientToProxySocket);
+            clientToProxySocket.pipe(proxyToServerSocket);
+          }
+        );
+
+        proxyToServerSocket.on('close', () => {
+          clientToProxySocket.end();
+        });
+
+        clientToProxySocket.on('close', () => {
+          proxyToServerSocket.end();
+        });
+
+        proxyToServerSocket.on('error', (err) => {
+          log.error(`[Tunnel] Server socket error for ${hostname}: ${err.message}`);
+          clientToProxySocket.end();
+        });
+
+        return;
+      }
+    });
+
     this.httpProxy.onRequest(
       RequestInterceptor((requestData: any) => {
         for (const sniffer of this.sniffers.values()) {

src/proxy.ts

@@ -113,12 +113,14 @@ export async function setupProxyServer(
   deviceUDID: string,
   isRealDevice: boolean,
   certDirectory: string,
-  currentWifiProxyConfig?: ProxyOptions
+  currentWifiProxyConfig?: ProxyOptions,
+  whitelistedDomains?: string[],
+  blacklistedDomains?: string[]
 ) {
   const certificatePath = prepareCertificate(sessionId, certDirectory);
   const port = await getPort();
   const _ip = isRealDevice ? 'localhost' : ip.address('public', 'ipv4');
-  const proxy = new Proxy({ deviceUDID, sessionId, certificatePath, port, ip: _ip, previousConfig: currentWifiProxyConfig });
+  const proxy = new Proxy({ deviceUDID, sessionId, certificatePath, port, ip: _ip, previousConfig: currentWifiProxyConfig, whitelistedDomains, blacklistedDomains});
   await proxy.start();
   if (!proxy.isStarted()) {
     throw new Error('Unable to start the proxy server');