This is a simple implementation of an HTTPS forward proxy using Go, which supports Basic Authentication. It includes handling both HTTP and HTTPS requests, and runs over TLS (SSL).

Functionality:

• Supports HTTPS CONNECT method (tunneling).
• Supports regular HTTP requests.
• Implements Basic Authentication for access control.
• Runs on port 8443 (configurable).
• Uses goroutines for bidirectional data transfer.

---

Code Implementation

Go Code for HTTPS Forward Proxy with Basic Authentication:

package main

import (
    "crypto/tls"
    "encoding/base64"
    "fmt"
    "io"
    "log"
    "net"
    "net/http"
    "strings"
)

// ProxyAuth configuration
type ProxyAuth struct {
    Username string
    Password string
}

// Check Basic authentication
func (p *ProxyAuth) checkAuth(r *http.Request) bool {
    auth := r.Header.Get("Proxy-Authorization")
    if auth == "" {
        return false
    }

    const prefix = "Basic "
    if !strings.HasPrefix(auth, prefix) {
        return false
    }

    encoded := strings.TrimPrefix(auth, prefix)
    decoded, err := base64.StdEncoding.DecodeString(encoded)
    if err != nil {
        return false
    }

    credentials := strings.SplitN(string(decoded), ":", 2)
    if len(credentials) != 2 {
        return false
    }

    return credentials[0] == p.Username && credentials[1] == p.Password
}

// Handle CONNECT requests (HTTPS)
func handleTunneling(w http.ResponseWriter, r *http.Request, auth *ProxyAuth) {
    if !auth.checkAuth(r) {
        w.Header().Set("Proxy-Authenticate", `Basic realm="Proxy"`)
        w.WriteHeader(http.StatusProxyAuthRequired)
        return
    }

    destConn, err := net.Dial("tcp", r.Host)
    if err != nil {
        http.Error(w, err.Error(), http.StatusServiceUnavailable)
        return
    }
    defer destConn.Close()

    w.WriteHeader(http.StatusOK)

    hijacker, ok := w.(http.Hijacker)
    if !ok {
        http.Error(w, "Hijacking not supported", http.StatusInternalServerError)
        return
    }

    clientConn, _, err := hijacker.Hijack()
    if err != nil {
        http.Error(w, err.Error(), http.StatusServiceUnavailable)
        return
    }
    defer clientConn.Close()

    // Bidirectional data transfer
    go func() {
        _, _ = io.Copy(destConn, clientConn)
    }()
    _, _ = io.Copy(clientConn, destConn)
}

// Handle regular HTTP requests
func handleHTTP(w http.ResponseWriter, r *http.Request, auth *ProxyAuth) {
    if !auth.checkAuth(r) {
        w.Header().Set("Proxy-Authenticate", `Basic realm="Proxy"`)
        w.WriteHeader(http.StatusProxyAuthRequired)
        return
    }

    client := &http.Client{}
    r.RequestURI = ""

    resp, err := client.Do(r)
    if err != nil {
        http.Error(w, err.Error(), http.StatusBadGateway)
        return
    }
    defer resp.Body.Close()

    // Copy response headers
    for k, vv := range resp.Header {
        for _, v := range vv {
            w.Header().Add(k, v)
        }
    }
    w.WriteHeader(resp.StatusCode)
    io.Copy(w, resp.Body)
}

func main() {
    // Configure proxy authentication
    proxyAuth := &ProxyAuth{
        Username: "admin",
        Password: "password123",
    }

    // Configure TLS
    cert, err := tls.LoadX509KeyPair("server.crt", "server.key")
    if err != nil {
        log.Fatalf("Failed to load certificate: %v", err)
    }

    tlsConfig := &tls.Config{
        Certificates: []tls.Certificate{cert},
    }

    server := &http.Server{
        Addr:      ":8443",
        TLSConfig: tlsConfig,
        Handler: http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
            if r.Method == http.MethodConnect {
                handleTunneling(w, r, proxyAuth)
            } else {
                handleHTTP(w, r, proxyAuth)
            }
        }),
    }

    fmt.Println("HTTPS Proxy Server starting on :8443")
    log.Fatal(server.ListenAndServeTLS("", ""))
}

---

Usage Instructions

1. Generate SSL Certificate:

Before running the server, generate a self-signed certificate using OpenSSL:

openssl req -x509 -newkey rsa:4096 -keyout server.key -out server.crt -days 365 -nodes

This will generate:

• server.crt (SSL certificate)
• server.key (SSL private key)

2. How to Use:

• Set the proxy address to https://admin:password123@localhost:8443 in your browser or client.
• Modify the authentication details in the code if needed.

3. Modify Authentication:

Update the Username and Password in the Go code:

proxyAuth := &ProxyAuth{
    Username: "your_username",
    Password: "your_password",
}

4. Compile and Run:

Run the proxy server with the following command:

go run proxy.go

The server will start and listen on https://localhost:8443.

---

Notes:

• For production, consider using a valid SSL certificate rather than a self-signed certificate.
• Add logging to improve debugging.
• Enhance error handling as needed.
• Consider adding concurrency limits to protect the server.

---

Features:

• Basic Authentication: Ensures that only authorized users can access the proxy.
• HTTPS CONNECT Method (Tunneling): Supports secure connections by tunneling HTTPS requests.
• Regular HTTP Requests: Proxies regular HTTP requests as well.
• TLS Configuration: Secures the proxy server with SSL/TLS encryption.

---

Code Structure:

• ProxyAuth struct stores authentication info.
• checkAuth method verifies Basic Authentication.
• handleTunneling handles HTTPS CONNECT method (tunneling).
• handleHTTP handles regular HTTP proxy requests.
• main function configures and starts the HTTPS proxy server.

---

This is a simple, extendable HTTPS forward proxy that supports Basic Authentication. You can enhance it further with features like logging, access control, rate limiting, or caching based on your needs.