Creating custom header variable using Fiddler proxy server - proxy

I understand that Fiddler proxy server supports custom HTTP header variables. I'm new at this, my goal is to simulate a passed custom variable the way an F5 appliance would pass an HTTP header variable (string) for a web app. The variable string is used to authenticate the user. I do not have access to a load balancing appliance and have to find a way to simualte or manually add it.
Will apreciate any input on how to accomplish this...

You can add your own header variables to the OnBeforeRequest function (or OnBeforeResponse) within CustomRules.js, such as the following:
oSession.oRequest["NewHeaderName"] = "New header value";
More info: http://fiddler2.com/documentation/KnowledgeBase/FiddlerScript/ModifyRequestOrResponse

Related

Create a multi-website proxy with `http-proxy`

I'm using node-http-proxy to run a proxy website. I would like to proxy any target website that the user chooses, similarly to what's done by https://www.proxysite.com/, https://www.croxyproxy.com/ or https://hide.me/en/proxy.
How would one achieve this with node-http-proxy?
Idea #1: use a ?target= query param.
My first naive idea was to add a query param to the proxy, so that the proxy can read it and redirect.
Code-wise, it would more or less look like (assuming we're deploy this to http://myproxy.com):
const BASE_URL = 'https://myproxy.com';
// handler is the unique handler of all routes.
async function handler(
req: NextApiRequest,
res: NextApiResponse
): Promise<void> {
try {
const url = new URL(req.url, BASE_URL); // For example: `https://myproxy.com?target=https://google.com`
const targetURLStr = url.searchParams.get('target'); // Get `?target=` query param.
return httpProxyMiddleware(req, res, {
changeOrigin: true,
target: targetURLStr,
});
} catch (err) {
res.status(500).json({ error: (err as Error).message });
}
}
Problem: If I deploy this code to myproxy.com, and load https://myproxy.com?target=https://google.com, then google.com is loaded, but:
if I click a link to google images, it loads https://myproxy.com/images instead of https://myproxy.com?target=https://google.com/images, also see URL as query param in proxy, how to navigate?
Idea #2: use cookies
Second idea is to read the ?target= query param like above, store its hostname in a cookie, and proxy all resources to the cookie's hostname.
So for example user wants to access https://google.com/a/b?c=d via the proxy. The flow is:
go to https://myproxy.com?target=${encodeURIComponent('https://google.com/a/b?c=d')}
proxy reads the ?target= query param, sets the hostname (https://google.com) in a cookie
proxy redirects to https://myproxy.com/a/b?c=d (307 redirect)
proxy sees a new request, and since the cookie is set, we proxy this request into node-http-proxy using cookie's target.
Code-wise, it would look like: https://gist.github.com/throwaway34241/de8a623c1925ce0acd9d75ff10746275
Problem: This works very well. But only for one proxy at a time. If I open one browser tab with https://myproxy.com?target=https://google.com, and another tab with https://myproxy.com?target=https://facebook.com, then:
first it'll set the cookie to https://google.com, and i can navigate in the 1st tab correctly
then I go to the 2nd tab (without closing the 1st one), it'll set the cookie to https://facebook.com, and I can navigate facebook on the 2nd tab correctly
but then if I go back to the first tab, it'll proxy google resources through facebook, because the cookie has been overwritten.
I'm a bit out of ideas, and am wondering how those generic proxy websites are doing. Ideally, I would not want to parse the HTML of the target website.
The idea of a Proxy is to intercept the client requests, either by ports or by backend APIs, extract the URLs of requested resources, modify them and make those requests by self from servers, and modify responses and send them back to the client.
your first approach does this except modify responses and send back modified responses.
one way to do this is to edit all links in resources return by proxy to have your web address in them, only then send them as responses back to the client.
another way is to wrap the target site in a frame, as most web proxy sites do, and have a script to crawl the page and replace all links.
there is a small problem though. javascript-based requests are mostly hardcoded in the script and it is not an easy job to replace them.
your seconds approach sounds as if it would work better, but just a sound, nothing concrete I can say. implement a tab activity checker so you can change the cookie to your active tab. please check how-to-tell-if-browser-tab-is-active discussion about that

ASP.NET Web API: How do you read server variables in a Web API controller?

How would you read the following server variables in an ASP.NET Web API controller?
HTTP_HOST
SERVER_NAME
REMOTE_HOST / REMOTE_ADDR
I see a System.Net.Http.HttpRequestMessage Request defined, but I don't see a collection containing these variables.
I'm running a website on a single IP with multiple host headers and I need to determine which site they used to get there.
EDIT:
It ended up being something like this:
((System.Web.HttpContextWrapper) Request.Properties["MS_HttpContext"])
.Request.ServerVariables["HTTP_HOST"]
The information you are looking for is dependent on the host you are using and Web API is designed to be host independent. So.... the information you are looking for will be buried in the httpRequestMessage.Properties collection and it will be different depending on your host.
If you move to using the Owin adapter then you will get a standardized Owin environment object.
I was able to all that information from the RequestUri within Request
Request.RequestUri.Scheme + Uri.SchemeDelimiter +
Request.RequestUri.Host + (Request.RequestUri.IsDefaultPort ? string.Empty : (string.Concat(":", Request.RequestUri.Port)))

Java and Sip Proxy

I was trying to implement sip redirection. To do this I'm using javax.servlet.sip.Proxy
SipFactory sipFactory = (SipFactory) getServletContext().getAttribute(SIP_FACTORY);
Proxy proxy = request.getProxy();
proxy.setParallel(false);
proxy.setRecordRoute(true);
ArrayList uris = new ArrayList();
SipURI uri2 = sipFactory.createSipURI("48505999666", "some_host");
uris.add(uri2);
proxy.proxyTo(uris);
But in From header i got additional prefix in phone number and on my phone i can't see who is calling. Is there any way to modify From header displayName ?
When you say an "additional prefix," do you mean that the proxy is changing the value of the From header? That sounds like incorrect proxy behavior. What is being sent by the UAC, and what is being sent by the proxy?
According to JSR-289, the From header is a system header and thus cannot be modified by a proxy. At the price of additional complexity, you could implement a back-to-back user agent (b2bua) instead.

How can I rewrite URLs in the Zeus web server for Mobile useragent?

I need to redirect anyone with a mobile user agent to a file called mobile.php.
My web hosting provider, Net Registry uses the Zeus web server.
Here's the script I've written from my research
RULE_1_START:
# get the document root
map path into SCRATCH:DOCROOT from /
match IN:User-Agent into $ with iPad|iPod|iPhone|Android|s+Mobile
if matched then
set OUT:Location = /mobile.php
endif
RULE_1_END:
I used the instructions on my host's site.
I pasted that into their console and it has worked to do redirects. Net registry have some odd console thing that you submit and it takes 10 minutes to update the zeus server config (annoying as hell).
Anyway my issue is that it redirects me to the wrong location:
So if you visit the site, with a user agent string that contains ipad|ipod|android|\s+mobile then you will trigger it ()
It takes me here:
http://example.com.au/mobile.php,%20catalog/index.php
I can't work out how to fix that, or why that happens because at the moment this file exists:
http://example.com.au/mobile.php
as does this one:
http://example.com.au/index.php. Contents of this file are:
<?php header("Location: catalog/index.php");
Any ideas on how I can make this work more like an apache .htaccess url Rewrite?
the official Zeus documentation
Fixed it by changing
set OUT:Location = /mobile.php
to
set URL = /mobile.php
From the manual...
Using Request Rewrite Scripts
To use the request rewriting functionality, create a script in the Zeus Request
Rewrite Scripting Language. The script contains instructions telling the
Virtual Server how to change the URL or headers of requests that match specified criteria.
The Virtual Server compiles the script, and (if the rewrite functionality is
enabled) uses it every time it receives a request. It runs the commands in the
script, changing the URL if it matches the specified criteria. Once the script is
finished, the Virtual Server continues processing the resulting URL.Zeus Web Server 4.3 User Guide
142 Configuring URL Handling
When changing the URL, the rewrite functionality can only change the local
part of it, that is, the part of the URL after the host name. For example, if a
user requests http://www.myhost.com/sales/uk.html, the rewrite
functionality can only make changes to /sales/uk.html. This means that
you cannot use the rewrite functionality to change the request to refer to a
file on another Virtual Server.
For example, the following script illustrates how to change requests for any
HTML files in the /sales directory so that the user receives them from the
/newsales directory instead:
match URL into $ with ^/sales/(.).html
if matched set URL=/newsales/$1.html
The rewrite functionality can also change the HTTP headers that were received
with a request, and create new HTTP headers to be returned to the user. For
example, the following script changes the HTTP host header, so that a request
for www.mysite.com/subserver is redirected to the Subserver
www.subserver.mysite.com:
match URL into $ with ^/([^/]+)/(.)$
if matched then
set IN:Host = www.$1.mysite.com
set URL = /$2
endif

HTTP request with custom headers fields using Windows Scripts

Is it possible to perform a HTTP Request with specific header fields (like 'referer', 'cookies' or 'User-Agent') using Windows Script Host or any other Windows scripting technology??
Thanks.
Yes (VBScript) :-
Dim oWinHTTP
Set oWinHTTP = CreateObject("WinHttp.WinHttpRequest.5.1")
oWinHTTP.Open "GET", "http://remoteserver/thing.ext", False
oWinHTTP.SetRequestHeader "User-Agent", "My Agent String"
oWinHTTP.Send
Using WinHttp gives you the greatest level of control, you can use MSXML2.ServerXMLHTTP.3.0 if you want more effeciently access any XML DOM sent. Using the standard MSXML2.XMLHTTP.3.0 component goes throught WinINet at gives you the users proxy settings and cookie store etc, but reduces your control over the conversation.
Can we set the request header like Cache-control : 'max-age =10000' using jsp / java?
Actually I want to see the previous page with old data on click of browser's back button only if user comes back to this page with in a specified time , say 10 minutes.
Thanks,
Anurag

Resources