A CLI-based HTTP intercept and replay proxy

Related tags

Network glorp
Overview

GLORP

Glorp is an HTTP intercept proxy, allowing the inspection and replaying of HTTP requests. The layout and flow was designed to function similar to Portswigger's Burp Proxy and Repeater tabs. The proxy functionality is done using Google's Martian, UI is done with TView.

The idea is to provide a CLI based tool for when you wanna-look-at-this-thing-real-quick and not fire up yet another full-fat container/vm/whatever with Burp and so forth.

page switching

Install

Install can be done with git clone and go build/install, or by using one of the binaries available on the releases page.

Alternatively, to run under docker, clone this repository and:

docker build -tglorp .
docker run -p 8080:8080 --rm -it glorp

Command Line Flags

Usage of ./glorp:
  -addr string
    	The bind address, default 0.0.0.0
  -cert string
    	Path to a CA Certificate
  -help
    	Show help
  -key string
    	Path to the CA cert's private key
  -port uint
    	Listen port for the proxy, default 8080
  -v int
    	log level

Using a custom CA

You'll probably want to specify a CA file, so you can load this into your browser/mobile device/operating system/whatever. The easiest way to spin up your own CA for use in Glorp is as follows:

[email protected]:~/go/src/glorp$ openssl genrsa -out ca.key 2048
Generating RSA private key, 2048 bit long modulus (2 primes)
.....................+++++
...+++++
e is 65537 (0x010001)
[email protected]:~/go/src/glorp$ openssl req -x509 -new -nodes -key ca.key -sha256 -days 1825 -out ca.crt
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []:
Email Address []:

You can happily enter-enter-enter your way through the dialog above, then launch glorp:

[email protected]:~/go/src/glorp$ ./glorp -cert ca.crt -key ca.key

UI Usage

Key View Details
tab All Go to next element (window, button, etc) in the page
shift+tab All Go to previous element in the page
ctrl-c All Exit Glorp
ctrl-n All Go the next page
ctrl-p All Go to the previous page
ctrl-r Proxy/Replay Send item to the replayer
ctrl-s Proxy/Replay - highlighted request/response Save item to file
g Proxy Go to first entry in the proxy table
G Proxy Go to last entry in the proxy table
/ Proxy Enter a search-filter regex to filter proxy entries by URL
ctrl-e Proxy - highlighted request/response Open the request/response data in view
ctrl-b Replay Create a new blank replay item - useful for assembling requests from scratch
ctrl-e Replay - highlighted request/response Edit request in vi, responses will open with view
ctrl-x Replay Rename replay item
ctrl-g Replay Send the request

Ctrl-N and Ctrl-P cycle between the different pages, Tab/Shift+tab is used to cycle between each item within a page.

Proxy Page

The proxy page shows incoming requests. If you select the last item (bottom item), then the view will follow new requests.

Replay Page

In the proxy page, hit ctrl-r on an entry and it will be sent to the replay page, where you can modify the request and re-issue it. If you hit ctrl-r in the Replay page, it'll duplicated the current item.

Editing

Highlight the request text box and hit ctrl-e. This will open the request in VI and let you edit it.

Pro-tip for content length: If you highlight your modified request body in visual mode (v) and then hit g->ctrl+g it will show you how many bytes are selected, and you can update the content-length header accordingly.

Log Page

This is the general log info page and takes no user input. Glorp is set up such that any call to log.Println or similar will end up in this view.

Save/Load Page

This one should hopefully be self explanatory. Lets you save and load all the proxy entries and replay entries. Writes out to a JSON file or reads in a JSON file. WARNING: Loading will delete all existing proxy and replay entries, rather than append to them.

Transparent Proxying

Glorp does not support transparent proxying, but squid does :D Rather than build this logic into Glorp, I figure run a squid proxy and forward it through. The squid config should look like:

acl all src 0.0.0.0/0
http_access allow all

http_port 3128 
http_port 3080 intercept
https_port 3443 ssl-bump intercept \
  cert=<PATH TO KEY AND CERT IN ONE PEM> \
  generate-host-certificates=on dynamic_cert_mem_cache_size=4MB

sslcrtd_program /usr/local/squid/libexec/security_file_certgen -s /var/lib/ssl_db -M 4MB
acl step1 at_step SslBump1
ssl_bump peek step1
ssl_bump bump all

# forward to glorp
cache_peer 127.0.0.1 parent 8080 0 no-query default
never_direct allow all
sslproxy_cert_error allow all
sslproxy_flags DONT_VERIFY_PEER
sslproxy_cert_error allow all
sslproxy_flags DONT_VERIFY_PEER

Use iptables to hijack the connection:

iptables -t nat -A PREROUTING -i enp1s0 -p tcp --dport 80 -j REDIRECT --to-port 3080
iptables -t nat -A PREROUTING -i enp1s0 -p tcp --dport 443 -j REDIRECT --to-port 3443
iptables -t nat -A POSTROUTING -o enp1s0 -j MASQUERADE

Squid can be built with the following dockerfile:

# docker run --net=host -it --rm -v $PWD:/etc/squid sq1 /usr/local/squid/sbin/squid -N -f /etc/squid/squid.conf
# Net host saves some docker iptables headaches, should probably document how to do that properly...
FROM debian:latest

WORKDIR /opt/

RUN apt update 
RUN apt upgrade -y
RUN apt install -y automake libtool build-essential libssl-dev git ca-certificates

## clone and build squid
RUN git clone https://github.com/squid-cache/squid && cd squid && autoreconf -i
RUN cd /opt/squid && ./configure --prefix=/usr/local/squid --with-openssl --enable-ssl-crtd
RUN cd /opt/squid && make -j4 && make install

# sort the log file dir perms and create the ssl junk
RUN chown nobody /usr/local/squid/var/logs/
RUN /usr/local/squid/libexec/security_file_certgen -c -s /var/lib/ssl_db -M 4MB
Issues
  • Error in  create a new blank replay item

    Error in create a new blank replay item

    If you send a request via curl, then everything works as it should. If in the tab Replay -> Ctrl + b then it gives an error.

    2020/10/06 14:33:31 Logger started                                                                                                                     
    2020/10/06 14:33:44 [+] ReplayView - AddItem - Adding replay item with ID: new                                                                         
    2020/10/06 14:34:25 [+] Replay - SendRequest Host: example.com Port: 80 TLS:  false                                                                    
    2020/10/06 14:34:26 [+] Replay - sendTCP - Sent: 120                                                                                                   
    2020/10/06 14:34:56 [!] Replay sendTCP: read tcp 192.168.0.6:43484->93.184.216.34:80: i/o timeout 
    

    error

    opened by webmastak 5
  • Automatically replay modified request upon saving

    Automatically replay modified request upon saving

    In the Replay UI, when returning from ctrl-e, could we have the request automatically issued if anything was modified instead of having to switch focus to the Go button and hit Enter?

    Even better, do a vertical split upon entering the editor with ctrl-e, the request on the left and the response on the right, then automatically re-issue the request upon saving it in the editor via :w and refresh the response on the right panel of the vertical split. The CLI http proxy https://github.com/tweksteen/burst used to do this back in the good old python2 days :)

    opened by lanjelot 4
  • More meaningfull TLS negotiation errors

    More meaningfull TLS negotiation errors

    Current TLS negotiation errors (eg, when you dont have the glorp CA installed and set it as your proxy) are too opaque. These need to display the domain and IP that the negotiation failed for.

    opened by denandz 1
  • Null pointer dereference on json file load

    Null pointer dereference on json file load

    AddEntry in modifier.go does not contain any checks to make sure data exists. This leads to a null pointer dereference when loading a save file that has a proxy entry with a request object, but no corresponding response object.

    opened by denandz 1
  • Add github.com/denandz/ to imports

    Add github.com/denandz/ to imports

    Should make download and install a simple

    go get github.com/denandz/glorp
    go install github.com/denandz/glorp
    

    as it resolves the errors

    package glorp/proxy: unrecognized import path "glorp/proxy": import path does not begin with hostname
    package glorp/views: unrecognized import path "glorp/views": import path does not begin with hostname
    
    opened by magisterquis 1
  • Help me

    Help me

    I launch GLORP, go to the Replay tab, enter the host, port, use TLS, press the Go button and nothing happens ... I have not installed squid. GLORP won't work without it?

    opened by webmastak 1
  • HTTP2 Support

    HTTP2 Support

    Glorp does not support HTTP2. There is some support for HTTP2 in Martian now, so this should be a case of writing an additional proxy module and figuring out how to best display and replay H2 requests.

    opened by denandz 0
  • Decode gzip in Replay

    Decode gzip in Replay

    With Accept-Encoding: gzipheader: gzip

    I need to remove the Accept-Encoding: gzip header to see a normal response: gzip2

    It would be great if you could get the response in gzip but decrypt it in replay. 😉

    enhancement 
    opened by webmastak 2
Releases(v0.1.5)
HTTP API traffic recording and replay middleware based on GoReplay, can be used for migration and refactoring testing

gorc HTTP API traffic recording and replay middleware based on GoReplay, can be used for migration and refactoring testing. English | 中文 Requirements

Jioby 2 Feb 13, 2022
Record and replay a go net.Conn, mosting for testing.

fakeconn Record and replay a go net.Conn, mostly for testing and debugging. This package isn't finished, so you probably shouldn't use it. Recording f

null 0 Dec 5, 2021
Http-logging-proxy - A HTTP Logging Proxy For Golang

http-logging-proxy HTTP Logging Proxy Description This project builds a simple r

null 3 Aug 1, 2022
A simple tool to convert socket5 proxy protocol to http proxy protocol

Socket5 to HTTP 这是一个超简单的 Socket5 代理转换成 HTTP 代理的小工具。 如何安装? Golang 用户 # Required Go 1.17+ go install github.com/mritd/[email protected] Docker 用户 docker pull m

mritd 7 Jul 10, 2022
Go-http-sleep: Delayed response http server, useful for testing various timeout issue for application running behind proxy

delayed response http server, useful for testing various timeout issue for application running behind proxy

guessi 0 Jan 22, 2022
HTTP based Tree-shaped Peer2Peer blob transfer proxy, distributing images or blob data.

DadiP2P DadiP2P is an accelerator that uses P2P protocol to speed up HTTP file download, usually use for docker image layer download. The key features

null 8 May 1, 2022
An experimental Tor-Proxy serivce written in Go using Go-proxy and Go-libtor.

tor-proxy An experimental standalone tor-proxy service built with Go, using go-proxy, go-libtor and bine. This is a simple replacement to Tor's origin

Narasimha Prasanna HN 35 Jul 5, 2022
IP2Proxy Go package allows users to query an IP address to determine if it was being used as open proxy, web proxy, VPN anonymizer and TOR exits.

IP2Proxy Go Package This package allows user to query an IP address if it was being used as VPN anonymizer, open proxies, web proxies, Tor exits, data

IP2Location 12 Aug 3, 2022
Battlesnake-logging-proxy - A little proxy between the internet and your battlesnake

battlesnake-logging-proxy a little proxy between the internet and your battlesna

Penelope Phippen 3 Feb 11, 2022
mt-multiserver-proxy is a reverse proxy designed for linking multiple Minetest servers together

mt-multiserver-proxy mt-multiserver-proxy is a reverse proxy designed for linking multiple Minetest servers together. It is the successor to multiserv

null 11 Jul 31, 2022
Tcp-proxy - A dead simple reverse proxy server.

tcp-proxy A proxy that forwords from a host to another. Building go build -ldflags="-X 'main.Version=$(git describe --tags $(git rev-list --tags --max

Injamul Mohammad Mollah 0 Jan 2, 2022
Proxy - Minimalistic TCP relay proxy.

Proxy Minimalistic TCP relay proxy. Installation ensure you have go >= 1.17 installed clone the repo cd proxy go install main.go Examples Listen on po

null 1 May 22, 2022
Transparent TLS and HTTP proxy serve and operate on all 65535 ports, with domain regex whitelist and rest api control

goshkan Transparent TLS and HTTP proxy serve & operating on all 65535 ports, with domain regex whitelist and rest api control tls and http on same por

Sina Ghaderi 10 Aug 2, 2022
Smocker is a simple and efficient HTTP mock server and proxy.

Smocker (server mock) is a simple and efficient HTTP mock server. The documentation is available on smocker.dev. Table of contents Installation With D

Thibaut Rousseau 856 Jul 28, 2022
PlanB: a HTTP and websocket proxy backed by Redis and inspired by Hipache.

PlanB: a distributed HTTP and websocket proxy What Is It? PlanB is a HTTP and websocket proxy backed by Redis and inspired by Hipache. It aims to be f

vinay badhan 1 Mar 20, 2022
Go HTTP tunnel is a reverse tunnel based on HTTP/2.

Go HTTP tunnel is a reverse tunnel based on HTTP/2. It enables you to share your localhost when you don't have a public IP.

Michal Jan Matczuk 2.9k Jul 29, 2022
Open Source HTTP Reverse Proxy Cache and Time Series Dashboard Accelerator

Trickster is an HTTP reverse proxy/cache for http applications and a dashboard query accelerator for time series databases. Learn more below, and chec

null 1.7k Aug 7, 2022
HTTP proxy written in Go. COW can automatically identify blocked sites and use parent proxies to access.

COW (Climb Over the Wall) proxy COW 是一个简化穿墙的 HTTP 代理服务器。它能自动检测被墙网站,仅对这些网站使用二级代理。 English README. 当前版本:0.9.8 CHANGELOG 欢迎在 develop branch 进行开发并发送 pull

Chen Yufei 8.3k Aug 2, 2022