The "Host" field in the request header is forcefully modified

[xsvlz]

Description

In my work, I have the following usage requirement:

I need to map the access of mobile devices to the production environment URL to the offline environment URL, for example:

xx.yy.com(production) -> 10.2.2.2:8100(offline)

At the same time, I need to set a specific value for the Host field in the request Header to access my specific business environment, for example:

Host: scene_biz.xx.yy.com

When sending requests using Proxyman, even if I manually set the Host field in the request Header to scene_biz.xx.yy.com, the actual request will still be modified to match the URL, i.e., 10.2.2.2:8100. Regardless of whether I use map remote, script, or no tools at all, simply constructing a request and sending it to Proxyman, the Host field in the Header will be tampered with.

Steps to Reproduce

1. Construct a request using Proxyman, where the URL is in the format of ip:port and the Host in the request header is different from the URL.
2. Send the request.
3. Examine the request result, where the Host field in the request header has been tampered with to match the content of the requested URL.

Based on my testing, it seems that the above-mentioned abnormal behavior only occurs when the URL contains a port number. e.g. The Host header won't be tampered with:

curl -H "Host: xx.yy.com" http://10.2.2.2

The Host header will be tampered with and changed to "10.2.2.2:8100":

curl -H "Host: xx.yy.com" http://10.2.2.2:8100

Current Behavior

The "Host" field in the request header is forcibly tampered with to match the content of the requested URL.

Expected Behavior

The Host field in the request header should not be tampered.

Environment

• App version: e.g Proxyman 5.0.0
• macOS version: e.g macOS Sonoma 14.2.1 (23C71)

[xsvlz]

To provide a more visual representation, I have captured screenshots of the two examples I mentioned earlier. After importing these two requests using curl, there are different outcomes.

• Normal Case：

• Exceptional Case：

[NghiaTranUIT]

I need to map the access of mobile devices to the production environment URL to the offline environment URL, for example:

xx.yy.com(production) -> 10.2.2.2:8100(offline)

Can you use the Map Remote with the option: Preserve the Host Header?

Map Remote is useful if you want to map between the Localhost <-> Production.

---

For other tools, Proxyman automatically construct the Host header again with a given URL.

[xsvlz]

Can you use the Map Remote with the option: Preserve the Host Header?

Map Remote is useful if you want to map between the Localhost <-> Production.

My use case is quite complex, as I need to forward requests from address A to address B while modifying the Host header to address C. In Charles, I would use two features: "Map Remote" and "Rewrite". However, I couldn't find the "Rewrite" feature in Proxyman, so I resorted to using "Scripting" to manually modify the request address and headers.

Please note that for regular URL requests (e.g., http://example.com), I can successfully modify the Host header using the aforementioned operations. However, for URL requests in the format of "ip:port" (e.g., http://10.123.123.123:8080), regardless of the tool I use to modify the headers, the Host header is always changed to 10.123.123.123:8080 when sending the request.

This is also why I believe there is a bug.

[NghiaTranUIT]

@xsvlz By default, the Scripting will automatically override the Host with the new URL.

You can use this one to preserve the Host Header in the Script:

async function onRequest(context, url, request) {

  request.headers["Host"] = "data.httpbin.org"
  request.preserveHostHeader = true

  // Done
  return request;
}

It's already supported on v5.0.0.

---

Linked ticket: https://github.com/ProxymanApp/Proxyman/issues/769#issuecomment-770147548