I am using python and mitmproxy to listen to all incoming and outgoing traffic so that I can capture the URLs. I run the script and it tells me all URLs my computer is trying to connect to.
I need to implement the same using Go but have not got a clue on how to start or what package to use. Can anyone guide me in the right direction please?
Thanks
You can either easily build a proxy with httputil - example here.
Or you might want to use gopacket as described here.
You would need a local intermediate proxy, in order to capture its traffic and display the URLs used.
See for example, in Go, sipt/shuttle, with its GUI web interface:
Related
I am trying to build a system using Socket.io and YARP. Yarp is functioning has a Reverse Proxy to all my Services.
When trying establish a connection to my socket.io service, through yarp, I am getting connection_error:
I noticed there are proper configurations used in other Reversed Proxy solutions that are well documented in Socket.io website:
https://socket.io/docs/v4/reverse-proxy/
However, I can't "translate" what they are doing to YARP. Does anyone know if this is possible?
Thanks in advance
I guess stackoverflow was my rubberduck this time...
I checked in postman the request that was being made through my Yarp Server and turns out it wasn't even hitting the correct path. For yarp to connect to a socket.io server you have to use this kind of path in your configuration file:
It seems that a sokcetio request uses it's own path, so you have to make your reverse proxy match the beggining "socket.io/"
Let's say I have a Kubernetes Job that makes https requests to changing URLs and I want to allow specific URLs only and block all other requests. My idea is deploy an Https-Proxy-Pod and use NetworkPolicies to make sure the Job-Pod can only communicate with the Https-Proxy-Pod. See following sketch for better understanding:
sketch of https-proxy sidecar deployment
I know how to do that but have no idea what Https Proxy to use. As far as I understood envoy is not a suitable solution for what I want to do: https://github.com/envoyproxy/envoy/issues/1606
Does anyone has a better solution or can tell me which proxy to use?
Mitmproxy is an open source tool that you can use to filter HTTP and HTTPS requests transparently using the Python scripting language.
There's also a quite detailed tutorial on how to use it
i'm too beginner in squid. i want a way to remain anonymous over the net. i also want to be able to access the contents of the internet which are filtered. my Windows computer is beyond firewall (filtered). my server (CentOS 5) is not. for example, when i enter http://facebook.com in the browser url, it redirects to an intranet ip which tells me to avoid going to this site!
now i've installed squid on server and traffic is propagated through this server. but this redirection occurs. so still i can't open filtered sites.
what can i do? a friend of mine told that the only way is to use https. ie. the connection between browser (Firefox) and the server must use this protocol. is it right? and how can i do that?
what's your suggestion? i don't want necessarily to use squid. besides, https protocol gets banned or decreased in speed in my country sometimes. so i prefer the protocol remain http. i thought also about writing a code in client and server to transform, compress/decompress and packetize as hoax binary http packets to be sent as much speed and success as possible. but i'm not an expert in this context and now i prefer more straightforward ways.
i respect any help/info.
I assume you are located in Iran. I would suggest using TOR if you mainly access websites. The latest release works reasonably well in Iran. It also includes an option to obfuscate traffic so it is not easily detectable that you are using TOR.
See also this question: https://tor.stackexchange.com/questions/1639/using-tor-in-iran-for-the-first-time-user-guide
A easy way to get the TOR package is using the autoresponder: https://www.torproject.org/projects/gettor.html
In case the website is blocked, it works as follows:
Users can communicate with GetTor robot by sending messages via email.
Currently, the best known GetTor email address is gettor#torproject.org.
This should be the most current stable GetTor robot as
it is operated by Tor Project.
To ask for Tor Browser a user should send an email to GetTor robot
with one of the following options in the message body:
windows: If the user needs Tor Browser for Windows.
linux: If the user needs Tor Browser for Linux.
osx: If the user needs Tor Browser for Mac OSX.
I am learning Wireshark as part of a course. I would like to know how to use the wireshark display filters for filtering traffic of a particular application. I tried using the display filter reference for Skype present on the link below:
https://www.wireshark.org/docs/dfref/s/skype.html
However, I am not able to filter the Skype traffic from the capture I have. Can anybody please suggest an approach to filter Skype traffic?
I know how to filter traffic based on the source/destination IP address, protocols but I would like to know how to capture an application specific traffic eg for Skype.
Are there any other tools which would be better in filtering a particular application traffic from a complete packet capture?
I guess in your case there coud be helpfull rawcap.I used it to eavesdrop on my applications.Data captured by rawcap can be opened with wireshark.I was using it on loopback.You shoud be able to listen to skype as well.After you captured enought data close it with ctrl+c if i remember correctly and then open the file you saved all the informations in with wireshark
Skype uses a different protocol nowadays (if you're using a new Skype version). It looks like normal SSL (HTTPS) now. The old Skype dissector in Wireshark is therefore quite useless now.
Try loading the PCAP file into CapLoader and look at the long duration flows (probably to TCP port 443). Select those and export them to a new PCAP file.
I have a program that I'm trying to reverse engineer.
It gets a specific key by using HTTP GET on some URLs.
I need to figure out the details on how this works.
The good news is that there's the option to preform these requests over an HTTP proxy.
Would anybody know of a program to monitor a specific application's network traffic?
I've tried Wireshark, but its no giving me enough information (Headers, URL path).
After Wireshark, I tried FreeProxy. The problem with FreeProxy is that it only gives headers for around 1/3 of the requests and it doesn't give the full path either.
Could anyone suggest a better alternative for monitoring the internet activity of my application?
I thought Wireshark was able to capture the full packet with all its content? If so, how can it not give you enough information? Maybe you need to revise your traffic capture config?
It's been a while since I used Wireshark, but if you have trouble capturing full packets, what you can do is use tcpdump to capture and write to file, then view the capture file using Wireshark. tcpdump's -s option will allow you to set the packet size so as to capture full packets.
I use Fiddler for all my HTTP traffic monitoring. It is very powerful and displays data in the HTTP layer only. Wireshark will get all of your data, but it displays the details at a much lower layer. It even has capability to decrypt SSL traffic.
Fiddler installs itself as a proxy, and configures IE and FF automatically to use it when it is on. If you are having too much traffic mix in, then you can install Fiddler on a remote box, and point your proxy to that IP address.
I was recommemded another program called "mitmproxy" which worked perfectly for what I needed. Fiddler also worked, but SSL was giving me problems.