search

mhils / HoneyProxy

This project is now part of @mitmproxy.
https://github.com/mitmproxy/mitmproxy/
MIT License
198 stars 43 forks source link

Clear traffic window #66

Open evilscheme opened 11 years ago

evilscheme commented 11 years ago

Is there a way to clear the traffic window? If not, that would be handy :)

mhils commented 11 years ago

Hey,

this sounds like a useful thing to do for some tasks. Thank you for the suggestion, I'm going to implement this. I will do that properly as soon as I have switched out the client-side traffic store, so it might take some time (blocked by https://github.com/mhils/HoneyProxy/issues/46).

As a dirty workaround, you can open your browser JS console and type $("#traffictable tbody").empty(). Alternatively, replace gui/HoneyProxy/views/templates/Sidebar.ejs with the content of this gist.

Thank you!

evilscheme commented 11 years ago

Awesome, thanks!

Just some context on why I want this: I've installed honeyproxy in AWS and plan to keep it running permanently and throwing random sandbox/honeypot traffic at it. Just to keep it from being a massive list of queries it would be nice to be able to reset the list in-between investigations.

mhils commented 11 years ago

Thank you for the context. Always love to hear what people are using it for. Depending on the stuff you're analyzing, you may be interested in the transparent mode. My personal setup is a VM with host-only networking and some iptables rules to redirect HTTP traffic transparently through HoneyProxy then.

FYI, the workaround posted above only hides the flows temporarily in your browser. So if you reload the page, they are obviously back. I will address this with the coming backend changes. Depending on the amount of traffic you are throwing in, you might also run into performance issues in your browser (>>1000 flows). I will address this with the backend changes as well.

evilscheme commented 11 years ago

I'm using a remote AWS instance for a couple of reasons: 1) it's a new IP address which is useful when dealing with TDS 2) I can collaborate on investigations with cow-orkers/friends

Since multiple people are sharing the same view, clearing the flows on the backend would be ideal.

Thanks!

mhils commented 11 years ago

I see. As a workaround for the backend, you can restart HoneyProxy dynamically. I don't have a machine to test it at currently, but this script should do the job for you: https://gist.github.com/mhils/5242278 Change line 8 for the auth secret and line 18 for the HoneyProxy parameters. You should be able to restart HoneyProxy by calling host:8000/restart/secret then. Let me know if you have any further issues!