proxify

package module
v0.0.0-...-dfab029 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 30, 2023 License: MIT Imports: 32 Imported by: 0

README

proxify

FeaturesInstallationUsageRunning ProxifyInstalling SSL CertificateApplications of ProxifyJoin Discord

Swiss Army Knife Proxy for rapid deployments. Supports multiple operations such as request/response dump, filtering and manipulation via DSL language, upstream HTTP/Socks5 proxy. Additionally, a replay utility allows to import the dumped traffic (request/responses with correct domain name) into BurpSuite or any other proxy by simply setting the upstream proxy to proxify.

Features

proxify

  • Intercept / Manipulate HTTP/HTTPS & NON-HTTP traffic
  • Invisible & Thick clients traffic proxy support
  • TLS MITM support with client/server certificates
  • HTTP and SOCKS5 support for upstream proxy
  • Traffic Match/Filter and Replace DSL support
  • Full traffic dump to file (request/responses)
  • Native embedded DNS server
  • Plugin Support to decode specific protocols (e.g XMPP/SMTP/FTP/SSH/)
  • Proxify Traffic replay in Burp

Installation

Download the ready to run binary or install/build using GO

go install -v github.com/Kelfitas/proxify/cmd/proxify@latest

Usage

proxify -h

This will display help for the tool. Here are all the switches it supports.

Usage:
  ./proxify [flags]

Flags:
OUTPUT:
   -o, -output string    Output Directory to store HTTP proxy logs (default "logs")
   -dump-req             Dump only HTTP requests to output file
   -dump-resp            Dump only HTTP responses to output file
   -j, -jsonl            write output in JSONL(ines) format
   -oca, -out-ca string  Generate and Save CA File to filename

UPDATE:
   -up, -update                 update proxify to latest version
   -duc, -disable-update-check  disable automatic proxify update check

FILTER:
   -req-fd, -request-dsl string[]                   Request Filter DSL
   -resp-fd, -response-dsl string[]                 Response Filter DSL
   -req-mrd, -request-match-replace-dsl string[]    Request Match-Replace DSL
   -resp-mrd, -response-match-replace-dsl string[]  Response Match-Replace DSL

NETWORK:
   -ha, -http-addr string    Listening HTTP IP and Port address (ip:port) (default "127.0.0.1:8888")
   -sa, -socks-addr string   Listening SOCKS IP and Port address (ip:port) (default "127.0.0.1:10080")
   -da, -dns-addr string     Listening DNS IP and Port address (ip:port)
   -dm, -dns-mapping string  Domain to IP DNS mapping (eg domain:ip,domain:ip,..)
   -r, -resolver string      Custom DNS resolvers to use (ip:port)

PROXY:
   -hp, -http-proxy string[]    Upstream HTTP Proxies (eg http://proxy-ip:proxy-port)
   -sp, -socks5-proxy string[]  Upstream SOCKS5 Proxies (eg socks5://proxy-ip:proxy-port)
   -c int                       Number of requests before switching to the next upstream proxy (default 1)

EXPORT:
   -max-size int              Max export data size (request/responses will be truncated) (default 9223372036854775807)
   -elastic-address string    elasticsearch address (ip:port)
   -elastic-ssl               enable elasticsearch ssl
   -elastic-ssl-verification  enable elasticsearch ssl verification
   -elastic-username string   elasticsearch username
   -elastic-password string   elasticsearch password
   -elastic-index string      elasticsearch index name (default "proxify")
   -kafka-address string      address of kafka broker (ip:port)
   -kafka-topic string        kafka topic to publish messages on (default "proxify")

CONFIGURATION:
   -config string              path to the proxify configuration file
   -config-directory string    override the default config path ($home/.config/proxify) (default "$home/.config/proxify")
   -cert-cache-size int        Number of certificates to cache (default 256)
   -a, -allow string[]         Allowed list of IP/CIDR's to be proxied
   -d, -deny string[]          Denied list of IP/CIDR's to be proxied
   -pt, -passthrough string[]  List of passthrough domains

DEBUG:
   -nc, -no-color      No Color (default true)
   -version            Version
   -silent             Silent
   -v, -verbose        Verbose
   -vv, -very-verbose  Very Verbose
Running Proxify

Runs an HTTP proxy on port 8888:

proxify

Runs an HTTP proxy on custom port 1111:

proxify -http-addr ":1111"
TLS pass through

The -pt flag can be used pass through (skip) encrypted traffic without attempting to terminate the TLS connection.

proxify -pt '(.*\.)?google\.co.in.*'
Proxify with upstream proxy

Runs an HTTP proxy on port 8888 and forward the traffic to burp on port 8080:

proxify -http-proxy http://127.0.0.1:8080

Runs an HTTP proxy on port 8888 and forward the traffic to the TOR network:

proxify -socks5-proxy 127.0.0.1:9050
Dump all the HTTP/HTTPS traffic

Dump all the traffic into separate files with request followed by the response:

proxify -output logs

As default, proxied requests/responses are stored in the logs folder. Additionally, dump-req or dump-resp flag can be used for saving specific part of the request to the file.

Hostname mapping with Local DNS resolver

Proxify supports embedding DNS resolver to map hostnames to specific addresses and define an upstream dns server for any other domain name

Runs an HTTP proxy on port 8888 using an embedded dns server listening on port 53 and resolving www.google.it to 192.168.1.1 and all other fqdn are forwarded upstream to 1.1.1.1:

proxify -dns-addr ":53" -dns-mapping "www.google.it:192.168.1.1" -dns-resolver "1.1.1.1:53"

This feature is used for example by the replay utility to hijack the connections and simulate responses. It may be useful during internal assessments with private dns servers. Using * as domain name matches all dns requests.

Match/Filter traffic with DSL

If the request or response match the filters the dump is tagged with .match.txt suffix:

proxify -request-dsl "contains(request,'firefox')" -response-dsl "contains(response, md5('test'))"
Match and Replace on the fly

Proxify supports modifying Request and Responses on the fly with DSL language.

Here is an example to replace firefox word from request to chrome:

proxify -request-match-replace-dsl "replace(request,'firefox','chrome')"

Another example using regex based replacement of response:

proxify -response-match-replace-dsl "replace_regex(response, '^authentication failed$', 'authentication ok')"
Replay all traffic into burp

Replay all the dumped requests/responses into the destination URL (http://127.0.0.1:8080) if not specified. For this to work it's necessary to configure burp to use proxify as upstream proxy, as it will take care to hijack the dns resolutions and simulate the remote server with the dumped request. This allows to have in the burp history exactly all requests/responses as if they were originally sent through it, allowing for example to perform a remote interception on cloud, and merge all results locally within burp.

replay -output "logs/"
Installing SSL Certificate

A certificate authority is generated for proxify which is stored in the folder ~/.config/proxify/ as default, manually can be specified by -config flag. The generated certificate can be imported by visiting http://proxify/cacert.crt in a browser connected to proxify.

Installation steps for the Root Certificate is similar to other proxy tools which includes adding the cert to system trusted root store.

Applications of Proxify

Proxify can be used for multiple places, here are some common example where Proxify comes handy:

👉 Storing all the burp proxy history logs locally.

Runs an HTTP proxy on port 8888 and forward the traffic to burp on port 8080:

proxify -http-proxy http://127.0.0.1:8080

From BurpSuite, set the Upstream Proxy to forward all the traffic back to proxify:

User Options > Upstream Proxy > Proxy & Port > 127.0.0.1 & 8888

Now all the request/response history will be stored in logs folder that can be used later for post-processing.

👉 Store all your browse history locally.

While you browse the application, you can point the browser to proxify to store all the HTTP request / response to file.

Start proxify on default or any port you wish,

proxify -output chrome-logs

Start Chrome browser in macOS,

/Applications/Chromium.app/Contents/MacOS/Chromium --ignore-certificate-errors --proxy-server=http://127.0.0.1:8888 &
👉 Store all the response of while you fuzz as per you config at run time.

Start proxify on default or any port you wish:

proxify -output ffuf-logs

Run FFuF with proxy pointing to proxify:

ffuf -x http://127.0.0.1:8888 FFUF_CMD_HERE

Proxify is made with 🖤 by the projectdiscovery team. Community contributions have made the project what it is. See the Thanks.md file for more details.

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type OnRequestFunc

type OnRequestFunc func(req *http.Request, ctx *martian.Context) error

type OnResponseFunc

type OnResponseFunc func(resp *http.Response, ctx *martian.Context) error

type Options

type Options struct {
	DumpRequest                 bool
	DumpResponse                bool
	OutputJsonl                 bool
	MaxSize                     int
	Verbosity                   types.Verbosity
	CertCacheSize               int
	Directory                   string
	ListenAddrHTTP              string
	ListenAddrSocks5            string
	OutputDirectory             string
	RequestDSL                  []string
	ResponseDSL                 []string
	UpstreamHTTPProxies         []string
	UpstreamSock5Proxies        []string
	ListenDNSAddr               string
	DNSMapping                  string
	DNSFallbackResolver         string
	RequestMatchReplaceDSL      []string
	ResponseMatchReplaceDSL     []string
	OnRequestCallback           OnRequestFunc
	OnResponseCallback          OnResponseFunc
	Deny                        []string
	Allow                       []string
	PassThrough                 []string
	UpstreamProxyRequestsNumber int
	Elastic                     *elastic.Options
	Kafka                       *kafka.Options
}

type Proxy

type Proxy struct {
	Dialer *fastdialer.Dialer
	// contains filtered or unexported fields
}

func NewProxy

func NewProxy(options *Options) (*Proxy, error)

func (*Proxy) MatchReplaceRequest

func (p *Proxy) MatchReplaceRequest(req *http.Request) error

MatchReplaceRequest strings or regex

func (*Proxy) MatchReplaceResponse

func (p *Proxy) MatchReplaceResponse(resp *http.Response) error

MatchReplaceRequest strings or regex

func (*Proxy) ModifyRequest

func (p *Proxy) ModifyRequest(req *http.Request) error

ModifyRequest

func (*Proxy) ModifyResponse

func (p *Proxy) ModifyResponse(resp *http.Response) error

ModifyResponse

func (*Proxy) Run

func (p *Proxy) Run() error

func (*Proxy) Stop

func (p *Proxy) Stop()

type SocketConn

type SocketConn struct {
	HTTPServer string

	Verbosity               types.Verbosity
	OutputHex               bool
	Timeout                 time.Duration
	RequestMatchReplaceDSL  []string
	ResponseMatchReplaceDSL []string
	OnRequest               func([]byte) []byte
	OnResponse              func([]byte) []byte
	// contains filtered or unexported fields
}

SocketConn represent the single full duplex pipe

type SocketProxy

type SocketProxy struct {
	Listener net.Listener
	// contains filtered or unexported fields
}

SocketProxy - connect two sockets with TLS inspection

func NewSocketProxy

func NewSocketProxy(options *SocketProxyOptions) *SocketProxy

func (*SocketProxy) Proxy

func (p *SocketProxy) Proxy(conn net.Conn) error

func (*SocketProxy) Run

func (p *SocketProxy) Run() error

type SocketProxyOptions

type SocketProxyOptions struct {
	Protocol      string
	ListenAddress string
	RemoteAddress string
	HTTPProxy     string
	HTTPServer    string

	TLSClientConfig         *tls.Config
	TLSClient               bool
	TLSServerConfig         *tls.Config
	TLSServer               bool
	Verbosity               types.Verbosity
	OutputHex               bool
	Timeout                 time.Duration
	RequestMatchReplaceDSL  []string
	ResponseMatchReplaceDSL []string
	OnRequest               func([]byte) []byte
	OnResponse              func([]byte) []byte
	// contains filtered or unexported fields
}

func (*SocketProxyOptions) Clone

Directories

Path Synopsis
cmd
internal
runner
Package runner contains the internal logic
Package runner contains the internal logic
pkg

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL