search

google / nogotofail

An on-path blackbox network traffic security testing tool
Apache License 2.0
2.94k stars 418 forks source link

Add reverse proxy mode #104

Closed joshcooper closed 8 years ago

joshcooper commented 8 years ago

Adds a reverse proxy mode whereby clients connect directly to the reverse proxy, and the proxy forwards the connection to a target host and port specified on the command line or config. For example:

$ python -m nogotofail.mitm -A invalidhostname \
  --mode reverse --port 443 --serverssl server.crt \
  --target_addr www.example.com --target_port 443

The reverse proxy mode makes it trivial to test a client that always connects to a specific server port, as it doesn't require socks or transparent proxy.

That said, the mode has some limitations. It cannot be used in cases where the client needs to connect to multiple servers/ports. Also, it doesn't rewrite HTTP headers, e.g. Host, so the values may be incorrect when received by the real server, and when responses are received by the client.

joshcooper commented 8 years ago

Hi, I was wondering if there's anything I can do to help move this forward? I assume using ValueError is sufficient?

chadbrubaker commented 8 years ago

Sorry for the delay

joshcooper commented 8 years ago

No worries, thanks @chadbrubaker!