buger / goreplay

GoReplay is an open-source tool for capturing and replaying live HTTP traffic into a test environment in order to continuously test your system with real data. It can be used to increase confidence in code deployments, configuration changes and infrastructure changes.
https://goreplay.org
Other
18.67k stars 29 forks source link

HTTPS Traffic #85

Open sgalvez opened 10 years ago

sgalvez commented 10 years ago

Am I able somehow to replicate https traffic?, just did a simple test and could not replicate it.

Regards.

joekiller commented 10 years ago

the short answer is no. The longer answer is that gor is similar to Wireshark in that it is just reading TCP packets. because the packets are encrypted you cannot just capture and replay them. See this FAQ on Wireshark page for more details. http://wiki.wireshark.org/SSL

joekiller commented 10 years ago

you could set up a proxy which terminates the encrypted traffic and then passes it back to your application unencrypted. You can then sniff the unencrypted traffic and replay it via gor.

buger commented 10 years ago

Here at Granify we use Amazon ELB which do SSL termination for us, so all traffic comes un-encrypted. If you use nginx as proxy that does SSL termination, and have few upstreams, you can point Gor listen for upstream ports, for example:

nginx is on 9000 port with 3 upstreams on 9001, 9002 and 9003 ports, you can run Gor like this:

gor --input-raw :9001 --input-raw :9002 --input-raw:9003 --output-http "staging"
buger commented 10 years ago

Its impossible to catch SSL traffic using raw sockets, because it is encrypted. So closing.

ramnes commented 9 years ago

I feel like this is a real issue. Couldn't ssldump be used with an option?

buger commented 9 years ago

@ramnes ssldump is quite hacky tool, and did not updated for a while. If you really want to use it, its possible to build input plugin which will parse ssldump output, but i doubt it could work good enough.

Building input plugin should not be a problem, you can try to hack it if you want, and i provide feedback, but i do not have plans in near time for this functionality. I checked ssldump source, and it will be too much work to implement same in Gor.

ramnes commented 9 years ago

I've suggested ssldump quite randomly. Do you see anything else that could do the job in a less "hacky" way?

buger commented 9 years ago

Frankly not, SSL was made to protect from traffic capture, even if you have a private key, i guess thats why not so many alternatives to ssldump :)

ramnes commented 9 years ago

I ended up doing it with nginx by terminating SSL, doing a proxy_pass http://localhost:8800 and then using that 8800 socket.

buger commented 9 years ago

:+1:

lovewhll commented 9 years ago

@ramnes can you show the details of HTTPS Traffic solution?

Thanks

ramnes commented 9 years ago

@lovewhll, there you go:

# Force HTTPS
server {
  listen 80;
  server_name yourdomain.com;
  rewrite ^ https://$server_name$request_uri? permanent;
}

# SSL termination
server {
  listen 443 ssl;
  server_name yourdomain.com;

  access_log /var/log/nginx/access.log main;
  error_log /var/log/nginx/error.log error;

  ssl_certificate /etc/ssl/nginx/yourdomain.com.crt;
  ssl_certificate_key /etc/ssl/nginx/yourdomain.com.key;

  # ramnes: We use a socket on the port 8800 as a SSL terminated socket rather
  # than using the 443 socket directly. This is useful for us since we want to
  # to listen on that socket in clear HTTP to be able to clone packets.
  location / {
    proxy_set_header Host $host;
    proxy_pass http://localhost:8800;
  }
}

# Clear HTTP
# ramnes: here you implement your "real" nginx configuration
server {
  listen 8800;
  server_name yourdomain.com;

  root /var/www;

  location /index.html {
    if_modified_since off;
    etag off;
    expires -1;
  }

  location / {
    try_files $uri/ $uri /index.html;
  }
}

Then you can do something like sudo nohup ./gor --input-raw :8800 --output-http https://dev.yourdomain.com --output-http-header "Host: dev.yourdomain.com" &

lovewhll commented 9 years ago

@ramnes Thank you!

gmontard commented 9 years ago

Yep this is the right way to do it, reverse proxy works pretty fine.

Anyway I just submitted an issue that could improve this setup by having Gor listen directly to a Unix Socket as an input, which would be faster than TCP Socket #192

AbdullahMuhammad20 commented 3 years ago

@buger Hi, can I ask about how I can monitor the requests after redirecting to apply on another URL when I used output-HTTP? or how I can use the compare or Analytics? are we have any comments to show the differences or appear count of requests or dashboard or something like that?