README
¶
Features • Installation • Usage • Running Proxify • Installing SSL Certificate • Applications of Proxify • Join Discord
Swiss Army Knife Proxy for rapid deployments. Supports multiple operations such as request/response dump, filtering and manipulation via DSL language, upstream HTTP/Socks5 proxy. Additionally, a replay utility allows to import the dumped traffic (request/responses with correct domain name) into BurpSuite or any other proxy by simply setting the upstream proxy to proxify.
Features
- Intercept / Manipulate HTTP/HTTPS & NON-HTTP traffic
- Invisible & Thick clients traffic proxy support
- TLS MITM support with client/server certificates
- HTTP and SOCKS5 support for upstream proxy
- Traffic Match/Filter and Replace DSL support
- Full traffic dump to file (request/responses)
- Native embedded DNS server
- Plugin Support to decode specific protocols (e.g XMPP/SMTP/FTP/SSH/)
- Proxify Traffic replay in Burp
Installation
Download the ready to run binary or install/build using GO
go install -v github.com/projectdiscovery/proxify/cmd/proxify@latest
Usage
proxify -h
This will display help for the tool. Here are all the switches it supports.
Usage:
./proxify [flags]
Flags:
OUTPUT:
-o, -output string Output Directory to store HTTP proxy logs (default "logs")
-dump-req Dump only HTTP requests to output file
-dump-resp Dump only HTTP responses to output file
FILTER:
-req-fd, -request-dsl string Request Filter DSL
-resp-fd, -response-dsl string Response Filter DSL
-req-mrd, -request-match-replace-dsl string Request Match-Replace DSL
-resp-mrd, -response-match-replace-dsl string Response Match-Replace DSL
NETWORK:
-ha, -http-addr string Listening HTTP IP and Port address (ip:port) (default "127.0.0.1:8888")
-sa, -socks-addr string Listening SOCKS IP and Port address (ip:port) (default "127.0.0.1:10080")
-da, -dns-addr string Listening DNS IP and Port address (ip:port)
-dm, -dns-mapping string Domain to IP DNS mapping (eg domain:ip,domain:ip,..)
-r, -resolver string Custom DNS resolvers to use (ip:port)
PROXY:
-hp, -http-proxy string Upstream HTTP Proxies (eg http://proxy-ip:proxy-port
-sp, -socks5-proxy string Upstream SOCKS5 Proxies (eg socks5://proxy-ip:proxy-port)
-c int Number of requests before switching to the next upstream proxy (default 1)
EXPORT:
-elastic-address string elasticsearch address (ip:port)
-elastic-ssl enable elasticsearch ssl
-elastic-ssl-verification enable elasticsearch ssl verification
-elastic-username string elasticsearch username
-elastic-password string elasticsearch password
-elastic-index string elasticsearch index name (default "proxify")
-kafka-address string address of kafka broker (ip:port)
-kafka-topic string kafka topic to publish messages on (default "proxify")
CONFIGURATION:
-config string Directory for storing program information (default "/Users/geekboy/.config/proxify")
-cert-cache-size int Number of certificates to cache (default 256)
-allow string Allowed list of IP/CIDR's to be proxied
-deny string Denied list of IP/CIDR's to be proxied
DEBUG:
-silent Silent
-nc, -no-color No Color (default true)
-version Version
-v, -verbose Verbose
Running Proxify
Runs an HTTP proxy on port 8888:
proxify
Runs an HTTP proxy on custom port 1111:
proxify -http-addr ":1111"
Proxify with upstream proxy
Runs an HTTP proxy on port 8888 and forward the traffic to burp on port 8080:
proxify -http-proxy http://127.0.0.1:8080
Runs an HTTP proxy on port 8888 and forward the traffic to the TOR network:
proxify -socks5-proxy socks5://127.0.0.1:9050
Dump all the HTTP/HTTPS traffic
Dump all the traffic into separate files with request followed by the response:
proxify -output logs
As default, proxied requests/responses are stored in the logs folder. Additionally, dump-req or dump-resp flag can be used for saving specific part of the request to the file.
Hostname mapping with Local DNS resolver
Proxify supports embedding DNS resolver to map hostnames to specific addresses and define an upstream dns server for any other domain name
Runs an HTTP proxy on port 8888 using an embedded dns server listening on port 53 and resolving www.google.it to 192.168.1.1 and all other fqdn are forwarded upstream to 1.1.1.1:
proxify -dns-addr ":53" -dns-mapping "www.google.it:192.168.1.1" -dns-resolver "1.1.1.1:53"
This feature is used for example by the replay utility to hijack the connections and simulate responses. It may be useful during internal assessments with private dns servers. Using * as domain name matches all dns requests.
Match/Filter traffic with DSL
If the request or response match the filters the dump is tagged with .match.txt suffix:
proxify -request-dsl "contains(request,'firefox')" -response-dsl "contains(response, md5('test'))"
Match and Replace on the fly
Proxify supports modifying Request and Responses on the fly with DSL language.
Here is an example to replace firefox word from request to chrome:
proxify -request-match-replace-dsl "replace(request,'firefox','chrome')"
Another example using regex based replacement of response:
proxify -response-match-replace-dsl "replace_regex(response, '^authentication failed$', 'authentication ok')"
Replay all traffic into burp
Replay all the dumped requests/responses into the destination URL (http://127.0.0.1:8080) if not specified. For this to work it's necessary to configure burp to use proxify as upstream proxy, as it will take care to hijack the dns resolutions and simulate the remote server with the dumped request. This allows to have in the burp history exactly all requests/responses as if they were originally sent through it, allowing for example to perform a remote interception on cloud, and merge all results locally within burp.
replay -output "logs/"
Installing SSL Certificate
A certificate authority is generated for proxify which is stored in the folder ~/.config/proxify/ as default, manually can be specified by -config flag. The generated certificate can be imported by visiting http://proxify/cacert.crt in a browser connected to proxify.
Installation steps for the Root Certificate is similar to other proxy tools which includes adding the cert to system trusted root store.
Applications of Proxify
Proxify can be used for multiple places, here are some common example where Proxify comes handy:
👉 Storing all the burp proxy history logs locally.
Runs an HTTP proxy on port 8888 and forward the traffic to burp on port 8080:
proxify -http-proxy http://127.0.0.1:8080
From BurpSuite, set the Upstream Proxy to forward all the traffic back to proxify:
User Options > Upstream Proxy > Proxy & Port > 127.0.0.1 & 8888
Now all the request/response history will be stored in logs folder that can be used later for post-processing.
👉 Store all your browse history locally.
While you browse the application, you can point the browser to proxify to store all the HTTP request / response to file.
Start proxify on default or any port you wish,
proxify -output chrome-logs
Start Chrome browser in macOS,
/Applications/Chromium.app/Contents/MacOS/Chromium --ignore-certificate-errors --proxy-server=http://127.0.0.1:8888 &
👉 Store all the response of while you fuzz as per you config at run time.
Start proxify on default or any port you wish:
proxify -output ffuf-logs
Run FFuF with proxy pointing to proxify:
ffuf -x http://127.0.0.1:8888 FFUF_CMD_HERE
Proxify is made with 🖤 by the projectdiscovery team. Community contributions have made the project what it is. See the Thanks.md file for more details.
Documentation
¶
Index ¶
- type OnConnectFunc
- type OnRequestFunc
- type OnResponseFunc
- type Options
- type Proxy
- func (p *Proxy) MatchReplaceRequest(req *http.Request) *http.Request
- func (p *Proxy) MatchReplaceResponse(resp *http.Response) *http.Response
- func (p *Proxy) OnConnectHTTP(host string, ctx *goproxy.ProxyCtx) (*goproxy.ConnectAction, string)
- func (p *Proxy) OnConnectHTTPS(host string, ctx *goproxy.ProxyCtx) (*goproxy.ConnectAction, string)
- func (p *Proxy) OnRequest(req *http.Request, ctx *goproxy.ProxyCtx) (*http.Request, *http.Response)
- func (p *Proxy) OnResponse(resp *http.Response, ctx *goproxy.ProxyCtx) *http.Response
- func (p *Proxy) Run() error
- func (p *Proxy) Stop()
- type SocketConn
- type SocketProxy
- type SocketProxyOptions
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type OnConnectFunc ¶
type OnRequestFunc ¶
type Options ¶
type Options struct {
DumpRequest bool
DumpResponse bool
Silent bool
Verbose bool
CertCacheSize int
Directory string
ListenAddrHTTP string
ListenAddrSocks5 string
OutputDirectory string
RequestDSL string
ResponseDSL string
UpstreamHTTPProxies []string
UpstreamSock5Proxies []string
ListenDNSAddr string
DNSMapping string
DNSFallbackResolver string
RequestMatchReplaceDSL string
ResponseMatchReplaceDSL string
OnConnectHTTPCallback OnConnectFunc
OnConnectHTTPSCallback OnConnectFunc
OnRequestCallback OnRequestFunc
OnResponseCallback OnResponseFunc
Deny []string
Allow []string
UpstreamProxyRequestsNumber int
Elastic *elastic.Options
Kafka *kafka.Options
}
type Proxy ¶
type Proxy struct {
Dialer *fastdialer.Dialer
// contains filtered or unexported fields
}
func (*Proxy) MatchReplaceRequest ¶
MatchReplaceRequest strings or regex
func (*Proxy) MatchReplaceResponse ¶
MatchReplaceRequest strings or regex
func (*Proxy) OnConnectHTTP ¶ added in v0.0.5
func (*Proxy) OnConnectHTTPS ¶ added in v0.0.5
func (*Proxy) OnResponse ¶
type SocketConn ¶ added in v0.0.4
type SocketConn struct {
HTTPServer string
Verbose bool
OutputHex bool
Timeout time.Duration
RequestMatchReplaceDSL string
ResponseMatchReplaceDSL string
OnRequest func([]byte) []byte
OnResponse func([]byte) []byte
// contains filtered or unexported fields
}
SocketConn represent the single full duplex pipe
type SocketProxy ¶ added in v0.0.4
SocketProxy - connect two sockets with TLS inspection
func NewSocketProxy ¶ added in v0.0.4
func NewSocketProxy(options *SocketProxyOptions) *SocketProxy
func (*SocketProxy) Run ¶ added in v0.0.4
func (p *SocketProxy) Run() error
type SocketProxyOptions ¶ added in v0.0.4
type SocketProxyOptions struct {
Protocol string
ListenAddress string
RemoteAddress string
HTTPProxy string
HTTPServer string
TLSClientConfig *tls.Config
TLSClient bool
TLSServerConfig *tls.Config
TLSServer bool
Verbose bool
OutputHex bool
Timeout time.Duration
RequestMatchReplaceDSL string
ResponseMatchReplaceDSL string
OnRequest func([]byte) []byte
OnResponse func([]byte) []byte
// contains filtered or unexported fields
}
func (*SocketProxyOptions) Clone ¶ added in v0.0.4
func (so *SocketProxyOptions) Clone() SocketProxyOptions
Source Files
Directories
¶
| Path | Synopsis |
|---|---|
|
cmd
|
|
|
internal
|
|
|
runner
Package runner contains the internal logic
|
Package runner contains the internal logic |
|
pkg
|
|
|
certs
Package certs implements a certificate signing authority implementation to sign MITM-ed hosts certificates using a self-signed authority.
|
Package certs implements a certificate signing authority implementation to sign MITM-ed hosts certificates using a self-signed authority. |