Awesome initiative and well appreciated, It would be awesome to see

As the same way, try something like: <div class="highlight highlight-source-js not

TLS Support? about transparent-proxy HOT 6 CLOSED

gr3p1p3 commented on June 14, 2024

TLS Support?

from transparent-proxy.

Comments (6)

commented on June 14, 2024 1

I believe it would cover a lot more user needs that way :)

from transparent-proxy.

gr3p1p3 commented on June 14, 2024

Through the nature of transparent-proxy, data is up/downstreamed as it is (even encrypted).
You could try to implement an sslStrip-Mechanism by capturing/modifyng the session-data before certificates are exchanged.

Honestly, I am still undecided whether to add such a new feature. Any suggestions?

from transparent-proxy.

gr3p1p3 commented on June 14, 2024

I added the "isHttps"-Attribute to sessionInstance. Download version 1.6.5 and try something like this:

const server = new ProxyServer({
    verbose: true,
    injectResponse: (data,session) => {
        if(!session.isHttps) {
            console.log('SESSION-DATA', data.toString()) //you can spoof here
            return Buffer.from(data.toString().replace('something', 'replaced_'));
        }
        return data;
    }
});

I will provide this on README.

!!REMEMBER that replaced text should have same length of original!

from transparent-proxy.

commented on June 14, 2024

Awesome!!!

Can you also do an example of injectRequest before it reaches destination? 😅

from transparent-proxy.

gr3p1p3 commented on June 14, 2024

As the same way, try something like:

const uaToSwitch = 'curl/7.55.1';
const switchWith = 'My Super Fucking Spoofed UA!';

const server = new ProxyServer({
    verbose: false,
    injectData: (data, session) => {
        if (!session.isHttps) {
            // console.log('SESSION-DATA', data.toString()) //you can spoof here
            if (data.toString().match(uaToSwitch)) {
                const newData = Buffer.from(data.toString()
                    .replace(uaToSwitch, switchWith));

                // console.log('data', data.toString());
                // console.log('newData', newData.toString());
                return newData;
            }
        }
        return data;
    }
});

I added some new examples. Here is a working example of "injectData":
https://github.com/gr3p1p3/transparent-proxy/blob/master/examples/spoofRequest.js

I'm sure it can help to better understand! :)

from transparent-proxy.

gr3p1p3 commented on June 14, 2024

I add a new feature to intercept encrypted-data. The "intercept"-Attribute :) It will break secure-connection (obvious), but it allows to intercept & spoof data.

Here a new example: https://github.com/gr3p1p3/transparent-proxy/blob/master/examples/interceptRequest.js

You need to download @1.7.0 for this ^^

from transparent-proxy.

Recommend Projects