search

intruxxer / zaproxy

Automatically exported from code.google.com/p/zaproxy
0 stars 0 forks source link

SOCKS proxy support #29

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago 
Due to some restrictions, I usually push all of my tool traffic through a 
server that everyone knows is 'safe'. I usually use SSH tunnels for this sort 
of thing (ssh -D $PORT $HOST), which creates a SOCKS5 proxy listening locally 
to $HOST. 

That way I can use proxychains to wrap anything I want through my proxy, but 
ZAP only accepts http proxies, so I have a polipo instance running acting as a 
liaison between my local SOCKS listener and ZAP. It'd be quite nice if ZAP 
could support SOCKS proxying!

Original issue reported on code.google.com by fitblip@gmail.com on 17 Dec 2010 at 7:07

GoogleCodeExporter commented 9 years ago

Original comment by psii...@gmail.com on 18 Dec 2010 at 10:17

GoogleCodeExporter commented 9 years ago 
I looked at this briefly this weekend: I need to familiarise myself with the 
code before I am able to add in SOCKS proxy support, but in the meantime I 
found that with Java 5 and above you should be able to add the following 
parameters to the java command line:

  -DsocksProxyHost=<proxyserver> -DsocksProxyPort=<proxyport>

This should work in Java 5 and above, and is documented at 
http://download.oracle.com/javase/6/docs/technotes/guides/net/proxies.html

I have tested this on Debian GNU/Linux 6.0 (“squeeze”) and Windows XP, and 
it mostly works, although I get zero‐sized responses from some sites serving 
HTTPS.

Original comment by si...@bleah.co.uk on 27 Apr 2011 at 12:32

GoogleCodeExporter commented 9 years ago 
Thanks for looking at this :)
Let us know if you need any pointers to where to find things in the code.

Psiinon

Original comment by psii...@gmail.com on 27 Apr 2011 at 1:05

GoogleCodeExporter commented 9 years ago 
You can also take a look at how OWASP Proxy has implemented this.

In fact, OWASP Proxy also has Socks server support, allowing you to get a 
completely "clean" request, un-polluted with the browser's additional handling 
for an HTTP proxy.

I have no problem making this available for incorporation into ZAP

Original comment by rogan.da...@gmail.com on 4 Jan 2012 at 7:08

GoogleCodeExporter commented 9 years ago 
Thanks for the offer of the OWASP proxy Rogan.
We've had some other issues with the HttpClient library modifying requests 
(Issue 257) which your proxy will probably fix.
Changing proxies probably wont be a simple job, but might well make ZAP cleaner 
and better.
Dont fancy doing this before 1.4 though ;)

Original comment by psii...@gmail.com on 4 Jan 2012 at 8:22

GoogleCodeExporter commented 9 years ago 
any plans of getting this feature in Release 2.0

Original comment by anant@anantshri.info on 14 Sep 2012 at 7:59

GoogleCodeExporter commented 9 years ago 
I'm not aware of anyone working on this I'm afraid.
Want to have a go at it yourself? ;)

Cheers,

Simon

Original comment by psii...@gmail.com on 17 Sep 2012 at 8:59

GoogleCodeExporter commented 9 years ago 
[deleted comment]
GoogleCodeExporter commented 9 years ago 
Here is a quick hack to the launcher if you want to go trough socks5 using tor 
bundle : 

if [[ "$1" "untor" ]]
then
echo "[+] Not going trough Tor"
exec java ${JMEM} -XX:PermSize256M -jar "${BASEDIR}/zap.jar" $*
else
echo "[+] Going through socks5 on localhost:9150"
exec java ${JMEM} -XX:PermSize256M -DsocksProxyHost127.0.0.1 
-DsocksProxyPort9150 -jar "${BASEDIR}/zap.jar" $*
fi 

Cheers,
Zack

Original comment by badz...@gmail.com on 18 Feb 2014 at 10:18

GoogleCodeExporter commented 9 years ago 
this hack does not work 
port is 9050
and even after these changes it connects without proxy , or with proxy as 
specified in 
options >> connections 
and in case of tor throws tor is not http error

Original comment by aloksaur...@gmail.com on 21 Jun 2014 at 12:30

GoogleCodeExporter commented 9 years ago 
Heard from anantshr_ on irc that
 -DsocksProxyHost=127.0.0.1 -DsocksProxyPort=8085
does the trick.
Should be easy to add this to the UI options and set in the code as per 
https://stackoverflow.com/questions/120797/how-do-i-set-the-proxy-to-be-used-by-
the-jvm

Original comment by psii...@gmail.com on 22 Oct 2014 at 7:54

GoogleCodeExporter commented 9 years ago 
just adding more to what i added over at IRC.

the setting worked from commandline however it has to be made sure that there 
is no configuration marked in Outbound proxy config inside the ZAP 
configuration.

Original comment by anant@anantshri.info on 25 Oct 2014 at 12:27

GoogleCodeExporter commented 9 years ago 
any plans of having this feature in next release or so running it from 
commandline always is a tiresome effort ( I know we can create a shell/desktop 
shortcut which i have right now) but internal feature would be nice.

Original comment by anant@anantshri.info on 14 Apr 2015 at 12:58