diff --git a/.gitignore b/.gitignore index bb3b816..5e4f618 100644 --- a/.gitignore +++ b/.gitignore @@ -1,4 +1,13 @@ /target +**/target/** **/node_modules/** .idea/ +# Java artifacts +*.class +*.jar +!crates/phantom-java-agent/src/**/*.java +!tests/apps/java-http-clients/src/**/*.java +**/out/ +manifest.txt + diff --git a/CLAUDE.md b/CLAUDE.md new file mode 120000 index 0000000..47dc3e3 --- /dev/null +++ b/CLAUDE.md @@ -0,0 +1 @@ +AGENTS.md \ No newline at end of file diff --git a/Cargo.toml b/Cargo.toml index 4afa1c9..72526db 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -11,6 +11,7 @@ resolver = "3" [workspace.package] version = "0.1.0" edition = "2024" +license = "MIT OR Apache-2.0" [workspace.dependencies] phantom-core = { path = "crates/phantom-core" } @@ -27,6 +28,7 @@ tracing = "0.1" name = "phantom" version.workspace = true edition.workspace = true +license.workspace = true [dependencies] phantom-core = { workspace = true } diff --git a/LICENSE-APACHE b/LICENSE-APACHE new file mode 100644 index 0000000..6b80b35 --- /dev/null +++ b/LICENSE-APACHE @@ -0,0 +1,201 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright Phantom Contributors + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/LICENSE-MIT b/LICENSE-MIT new file mode 100644 index 0000000..303a8f4 --- /dev/null +++ b/LICENSE-MIT @@ -0,0 +1,21 @@ +MIT License + +Copyright (c) Phantom Contributors + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/build.rs b/build.rs new file mode 100644 index 0000000..8f381a1 --- /dev/null +++ b/build.rs @@ -0,0 +1,65 @@ +use std::fs; +use std::path::Path; +use std::process::Command; + +fn main() { + let agent_dir = Path::new("crates/phantom-java-agent"); + let src_file = agent_dir.join("src/com/example/phantom/Agent.java"); + let out_dir = agent_dir.join("out"); + let jar_file = agent_dir.join("phantom-java-agent.jar"); + let manifest_file = agent_dir.join("manifest.txt"); + + // Tell Cargo to rerun this script if the Java source changes + println!("cargo:rerun-if-changed={}", src_file.display()); + + // 1. Check for javac and jar + if Command::new("javac").arg("-version").output().is_err() { + println!("cargo:warning=javac not found. Skipping Java Agent build."); + return; + } + + // 2. Prepare output directory + if out_dir.exists() { + fs::remove_dir_all(&out_dir).unwrap(); + } + fs::create_dir_all(&out_dir).unwrap(); + + // 3. Compile Java source + let status = Command::new("javac") + .args(["-d", "out"]) + .arg("src/com/example/phantom/Agent.java") + .current_dir(agent_dir) + .status() + .expect("failed to execute javac"); + + if !status.success() { + panic!("Java compilation failed"); + } + + // 4. Create manifest + fs::write(&manifest_file, "Premain-Class: com.example.phantom.Agent\n").unwrap(); + + // 5. Create JAR + let status = Command::new("jar") + .args([ + "cvfm", + "phantom-java-agent.jar", + "manifest.txt", + "-C", + "out", + ".", + ]) + .current_dir(agent_dir) + .status() + .expect("failed to execute jar"); + + if !status.success() { + panic!("Failed to create JAR file"); + } + + // 6. Cleanup + let _ = fs::remove_dir_all(&out_dir); + let _ = fs::remove_file(&manifest_file); + + println!("cargo:warning=Successfully built {}", jar_file.display()); +} diff --git a/crates/phantom-agent/Cargo.toml b/crates/phantom-agent/Cargo.toml index e689e8b..7bbaaaa 100644 --- a/crates/phantom-agent/Cargo.toml +++ b/crates/phantom-agent/Cargo.toml @@ -2,6 +2,7 @@ name = "phantom-agent" version.workspace = true edition.workspace = true +license.workspace = true description = "LD_PRELOAD agent for zero-instrumentation HTTP capture (Linux only)" [lib] diff --git a/crates/phantom-capture/Cargo.toml b/crates/phantom-capture/Cargo.toml index 9ddab6c..7e0cf3b 100644 --- a/crates/phantom-capture/Cargo.toml +++ b/crates/phantom-capture/Cargo.toml @@ -2,6 +2,7 @@ name = "phantom-capture" version.workspace = true edition.workspace = true +license.workspace = true [dependencies] phantom-core = { workspace = true } diff --git a/crates/phantom-core/Cargo.toml b/crates/phantom-core/Cargo.toml index 8385a6a..c020d3c 100644 --- a/crates/phantom-core/Cargo.toml +++ b/crates/phantom-core/Cargo.toml @@ -2,6 +2,7 @@ name = "phantom-core" version.workspace = true edition.workspace = true +license.workspace = true [dependencies] serde = { workspace = true } diff --git a/crates/phantom-java-agent/src/com/example/phantom/Agent.java b/crates/phantom-java-agent/src/com/example/phantom/Agent.java new file mode 100644 index 0000000..26c10fb --- /dev/null +++ b/crates/phantom-java-agent/src/com/example/phantom/Agent.java @@ -0,0 +1,61 @@ +package com.example.phantom; + +import java.lang.instrument.Instrumentation; +import java.net.*; +import java.util.Collections; +import java.util.List; +import java.io.IOException; +import javax.net.ssl.*; +import java.security.SecureRandom; +import java.security.Security; +import java.security.cert.X509Certificate; + +public class Agent { + public static void premain(String agentArgs, Instrumentation inst) { + String proxyHost = System.getProperty("http.proxyHost", "127.0.0.1"); + int proxyPort = Integer.getInteger("http.proxyPort", 8080); + + System.err.println("phantom-agent: Initializing Java Agent..."); + System.err.println("phantom-agent: Forcing proxy -> " + proxyHost + ":" + proxyPort); + + // 1. Force global ProxySelector + final Proxy phantomProxy = new Proxy(Proxy.Type.HTTP, new InetSocketAddress(proxyHost, proxyPort)); + ProxySelector.setDefault(new ProxySelector() { + @Override + public List select(URI uri) { + return Collections.singletonList(phantomProxy); + } + @Override + public void connectFailed(URI uri, SocketAddress sa, IOException ioe) {} + }); + + System.setProperty("http.nonProxyHosts", ""); + System.setProperty("https.nonProxyHosts", ""); + + // 2. Disable SSL Verification (Trust All) + try { + TrustManager[] trustAllCerts = new TrustManager[]{ + new X509TrustManager() { + public X509Certificate[] getAcceptedIssuers() { return new X509Certificate[0]; } + public void checkClientTrusted(X509Certificate[] certs, String authType) {} + public void checkServerTrusted(X509Certificate[] certs, String authType) {} + } + }; + + SSLContext sc = SSLContext.getInstance("TLS"); + sc.init(null, trustAllCerts, new SecureRandom()); + SSLContext.setDefault(sc); + HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory()); + HttpsURLConnection.setDefaultHostnameVerifier((hostname, session) -> true); + + // For Netty/Jetty/etc. - Try to influence the default TrustManager + // Note: This is a bit of a hack without bytecode manipulation + System.setProperty("com.sun.net.ssl.checkRevocation", "false"); + System.setProperty("jdk.tls.allowUnsafeServerCertificates", "true"); + + System.err.println("phantom-agent: SSL verification disabled (trust-all)."); + } catch (Exception e) { + System.err.println("phantom-agent: Failed to disable SSL verification: " + e.getMessage()); + } + } +} diff --git a/crates/phantom-storage/Cargo.toml b/crates/phantom-storage/Cargo.toml index 849207e..9f8b327 100644 --- a/crates/phantom-storage/Cargo.toml +++ b/crates/phantom-storage/Cargo.toml @@ -2,6 +2,7 @@ name = "phantom-storage" version.workspace = true edition.workspace = true +license.workspace = true [dependencies] phantom-core = { workspace = true } diff --git a/crates/phantom-tui/Cargo.toml b/crates/phantom-tui/Cargo.toml index 023f77f..c67f3d5 100644 --- a/crates/phantom-tui/Cargo.toml +++ b/crates/phantom-tui/Cargo.toml @@ -2,6 +2,7 @@ name = "phantom-tui" version.workspace = true edition.workspace = true +license.workspace = true [dependencies] phantom-core = { workspace = true } diff --git a/docs/how-to-use.ja.md b/docs/how-to-use.ja.md index f2d66c9..a717708 100644 --- a/docs/how-to-use.ja.md +++ b/docs/how-to-use.ja.md @@ -37,18 +37,25 @@ Phantom は **ゼロ計装の HTTP/HTTPS 観測ツール**です。アプリケ ## ビルド -**前提条件**: Rust 1.75 以降(stable) +**前提条件**: +- Rust 1.75 以降(stable) +- **(Java 連携用)**: JDK 11 以降 ```bash # リポジトリを取得 git clone cd phantom -# ビルド +# 本体 (Rust) のビルド cargo build --release -# バイナリは target/release/phantom に生成されます。 -# パスを通すか、以下の例では `phantom` コマンドとして説明します。 +# Java Agent のビルド (Java アプリを追跡する場合に必要) +# ※ 詳細は crates/phantom-java-agent 参照 +cd crates/phantom-java-agent +javac -d out src/com/example/phantom/Agent.java +echo "Premain-Class: com.example.phantom.Agent" > manifest.txt +jar cvfm phantom-java-agent.jar manifest.txt -C out . +cd ../.. ``` --- @@ -57,14 +64,18 @@ cargo build --release **30 秒で体験:** -### 1. Node.js アプリをトレース (HTTP/HTTPS 両対応) -Node.js の場合、Phantom は自動的に `proxy-preload.js` を注入するため、アプリ側でプロキシ設定を意識する必要はありません。 - +### 1. Node.js アプリをトレース ```bash phantom -- node app.js ``` -### 2. 一般的なコマンドをトレース (HTTP のみ) +### 2. Java アプリをトレース (HTTP/HTTPS 両対応) +Phantom は自動的に Java Agent を注入し、プロキシ設定と SSL 検証の無効化(MITM 対応)を強制します。 +```bash +phantom -- java -jar my-app.jar +``` + +### 3. 一般的なコマンドをトレース (HTTP のみ) ```bash phantom -- curl http://httpbin.org/get ``` @@ -85,6 +96,14 @@ MITM(中間者)プロキシとして動作します。クロスプラット #### Node.js の自動連携 `phantom -- node app.js` のように実行すると、Phantom は `--require` 引数を用いて透過的にプロキシ設定を注入します。これにより、**axios, undici, fetch() などを用いた HTTPS 通信もコード変更なしでキャプチャ可能**です。 +#### Java の自動連携 +`phantom -- java ...` のように実行すると、Phantom は環境変数 `JAVA_TOOL_OPTIONS` を介して **Phantom Java Agent** を注入します。 + +- **SSL 検証の自動回避**: Phantom が生成する自己署名証明書を自動的に信頼させるため、`SSLHandshakeException` を回避できます。 +- **プロキシの強制適用**: アプリ側でプロキシ設定が書かれていなくても、通信を強制的に Phantom へ誘導します。 +- **対応ライブラリ**: JDK 標準の `HttpClient`、`Apache HttpClient`、`OkHttp` など。 + - ※ `Netty` や `Jetty` など独自のネットワークスタックを持つライブラリは、ライブラリ側の設定で「システムプロキシを使用する」オプションを有効にしてください。 + #### その他のアプリケーション 環境変数 `HTTP_PROXY` を自動設定します。 ```bash diff --git a/src/main.rs b/src/main.rs index 7ec1c75..913e224 100644 --- a/src/main.rs +++ b/src/main.rs @@ -18,6 +18,10 @@ use serde::Serialize; /// Written to a temp file when tracing Node.js processes via `phantom -- node …`. const NODE_PROXY_PRELOAD: &str = include_str!("../tests/apps/node-app/proxy-preload.js"); +/// The Java Agent JAR, embedded at compile time. +/// Written to a temp file when tracing Java processes via `phantom -- java …`. +const JAVA_AGENT_JAR: &[u8] = include_bytes!("../crates/phantom-java-agent/phantom-java-agent.jar"); + // ───────────────────────────────────────────────────────────────────────────── // CLI // ───────────────────────────────────────────────────────────────────────────── @@ -372,12 +376,23 @@ fn is_node_command(exe: &str) -> bool { base == "node" || base == "nodejs" } +/// Returns `true` if `exe` (path or bare name) resolves to `java` or `javaw`. +fn is_java_command(exe: &str) -> bool { + let base = Path::new(exe) + .file_name() + .and_then(|n| n.to_str()) + .unwrap_or(exe); + base == "java" || base == "javaw" +} + /// Spawns `command` as a child process routed through the phantom proxy. /// /// * `HTTP_PROXY` / `http_proxy` are set so plain HTTP is captured. /// * For Node.js executables the embedded proxy-preload script is written to a /// temp file and prepended as `--require ` so HTTPS is also captured /// without touching the application source. +/// * For Java executables, the phantom-java-agent.jar is injected via -javaagent +/// to force proxy settings and bypass SSL verification globally. /// /// Returns `(child, Option)`. The `TempScript` must be kept alive /// until after the child exits so the file is not deleted prematurely. @@ -388,13 +403,16 @@ fn spawn_proxy_child( let exe = &command[0]; let proxy_url = format!("http://127.0.0.1:{proxy_port}"); - let (actual_args, temp_script): (Vec, Option) = if is_node_command(exe) { + let mut temp_script: Option = None; + let mut actual_args = command[1..].to_vec(); + + if is_node_command(exe) { // Write the embedded preload script to a temp file. let script_path = std::env::temp_dir().join(format!("phantom-preload-{}.js", std::process::id())); std::fs::write(&script_path, NODE_PROXY_PRELOAD) .map_err(|e| anyhow::anyhow!("failed to write proxy preload script: {e}"))?; - let ts = TempScript(script_path.clone()); + temp_script = Some(TempScript(script_path.clone())); // Prepend --require