Proposed changes

Previously, there were 3 different bool flags related to verbosity. Having many member variables for values that should be mutually exclusive led to a bug where contradicting flags could be set. This caused unexpected behavior with regards to logging.

This commit combines the bool flags into 1 enum flag. As a result, verbosity level is guaranteed to be mutually exclusive. This commit also adds validation of the verbosity flags and exits with an error msg.

This PR resolves #146.

Checklist

• [x] Pull request is created against the dev branch
• [ ] All checks passed (lint, unit/integration/regression tests etc.) with my changes
• [ ] I have added tests that prove my fix is effective or that my feature works
• [ ] I have added necessary documentation (if appropriate)

proxify -request-match-replace-dsl "replace(request,'curl','firefox')" -v -hp http://localhost:8080
curl google.com --proxy-insecure -x localhost:8888 -v -L

In the verbose output of proxify the value seems to be changed, but not the actual request.

Bumps github.com/projectdiscovery/fastdialer from 0.0.15 to 0.0.16.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

./proxify -request-dsl "contains(request,'firefox')" -v                                                                                                                                                           ✔

                       _ ___    
   ___  _______ __ __ (_) _/_ __
  / _ \/ __/ _ \\ \ // / _/ // /
 / .__/_/  \___/_\_\/_/_/ \_, / 
/_/                      /___/	v0.0.6

		projectdiscovery.io

Use with caution. You are responsible for your actions
Developers assume no liability and are not responsible for any misuse or damage.
HTTP Proxy Listening on 127.0.0.1:8888
Socks5 Proxy Listening on 127.0.0.1:10080
Saving traffic to logs
2022/05/04 19:32:26 [001] INFO: Got request / localhost:8081 GET http://localhost:8081/
GET http://localhost:8081/ HTTP/1.1
Connection: close
Accept: */*
Accept-Encoding: gzip
Accept-Language: en
Connection: close
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.124 Safari/537.36

2022/05/04 19:32:26 [001] INFO: Sending request GET http://localhost:8081/
2022/05/04 19:32:26 [001] INFO: Received response 200 OK
HTTP/1.0 200 OK
Connection: close
Content-Length: 1683
Content-Type: text/html; charset=utf-8
Date: Wed, 04 May 2022 16:32:26 GMT
Server: SimpleHTTP/0.6 Python/3.9.12

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>Directory listing for /</title>
</head>
<body>
<h1>Directory listing for /</h1>
<hr>
<ul>

Proposed changes

This PR implements the -vv flag as described in https://github.com/projectdiscovery/proxify/issues/139.

Currently there is only -v flag which shows the whole request and response body. The -vv flag is added and divides logging levels into two. The -v flag only shows request and response type, and the -vv flag also shows the response body. The -vv flag implicitly includes -v.

Checklist

• [x] Pull request is created against the dev branch
• [ ] All checks passed (lint, unit/integration/regression tests etc.) with my changes
• [ ] I have added tests that prove my fix is effective or that my feature works
• [x] I have added necessary documentation (if appropriate)

Problem: Currently Proxify cant handle multiple upstream proxies at once. For example, running proxify -http-proxy http://127.0.0.1:8080 -http-proxy http://127.0.0.1:8081 -addr 127.0.0.1:8888 curl https://google.com -x 127.0.0.1:8888

This will forward the request to last http-proxy provided via the command line. So in the above example, the curl would only use http://127.0.0.1:8081 as the upstream proxy.

Suggested result: Ideally when specifying multiple upstream proxies, Proxify should forward the request to both proxies and subsequently forward both responses back to the client.

Once this is implemented, another feature or cli argument can be created to specify how many requests to forward to one proxy, before switching to the other. The use case for this could be a proxy rotator that round-robins the requests based on a user provider integer. For example, adding a --count/-c argument.

In this hypothetical example, proxfiy would forward one http request to one proxy before switching to the next proxy (optionally it could read from a file of http-proxies).

proxify -http-proxy http://127.0.0.1:8080 -http-proxy http://127.0.0.1:8081 -addr 127.0.0.1:8888 -c 1 curl https://google.com -x 127.0.0.1:8888 >> forwards request to http://127.0.0.1:8081 curl https://google.com -x 127.0.0.1:8888 >> forwards request to http://127.0.0.1:8080 curl https://google.com -x 127.0.0.1:8888 >> forwards request to http://127.0.0.1:8081

and so on.

Bumps github.com/projectdiscovery/fastdialer from 0.0.15 to 0.0.17.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Proposed changes

Example:

$proxify -response-dsl "containss('response', 'test')" -v

                       _ ___    
   ___  _______ __ __ (_) _/_ __
  / _ \/ __/ _ \\ \ // / _/ // /
 / .__/_/  \___/_\_\/_/_/ \_, / 
/_/                      /___/  v0.0.7

                projectdiscovery.io

Use with caution. You are responsible for your actions
Developers assume no liability and are not responsible for any misuse or damage.
[INF] error parsing response DSL: Undefined function containss
[INF] The available custom DSL functions are:
        base64(arg1 interface{}) interface{}
        base64_decode(arg1 interface{}) interface{}
        base64_py(arg1 interface{}) interface{}
        contains(arg1, arg2 interface{}) interface{}
        contains_all(arg1, arg2 interface{}) interface{}
        contains_any(arg1, arg2 interface{}) interface{}
        equals_any(arg1, arg2 interface{}) interface{}
        hex_decode(arg1 interface{}) interface{}
        hex_encode(arg1 interface{}) interface{}
        html_escape(arg1 interface{}) interface{}
        html_unescape(arg1 interface{}) interface{}
        len(arg1 interface{}) interface{}
        md5(arg1 interface{}) interface{}
        mmh3(arg1 interface{}) interface{}
        rand_base(arg1, arg2, arg3 interface{}) interface{}
        rand_char(arg1, arg2 interface{}) interface{}
        rand_int(arg1, arg2 interface{}) interface{}
        rand_text_alpha(arg1, arg2 interface{}) interface{}
        rand_text_alphanumeric(arg1, arg2 interface{}) interface{}
        rand_text_numeric(arg1, arg2 interface{}) interface{}
        regex(arg1, arg2 interface{}) interface{}
        regex_all(arg1, arg2 interface{}) interface{}
        regex_any(arg1, arg2 interface{}) interface{}
        replace(arg1, arg2, arg3 interface{}) interface{}
        replace_regex(arg1, arg2, arg3 interface{}) interface{}
        reverse(arg1 interface{}) interface{}
        sha1(arg1 interface{}) interface{}
        sha256(arg1 interface{}) interface{}
        tolower(arg1 interface{}) interface{}
        toupper(arg1 interface{}) interface{}
        trim(arg1, arg2 interface{}) interface{}
        trimleft(arg1, arg2 interface{}) interface{}
        trimprefix(arg1, arg2 interface{}) interface{}
        trimright(arg1, arg2 interface{}) interface{}
        trimspace(arg1 interface{}) interface{}
        trimsuffix(arg1, arg2 interface{}) interface{}
        url_decode(arg1 interface{}) interface{}
        url_encode(arg1 interface{}) interface{}
        waitfor(arg1 interface{}) interface{}

[FTL] Could not run proxify: Undefined function containss
exit status 1

Checklist

• [x] Pull request is created against the dev branch
• [ ] All checks passed (lint, unit/integration/regression tests etc.) with my changes
• [ ] I have added tests that prove my fix is effective or that my feature works
• [ ] I have added necessary documentation (if appropriate)

Proposed changes

This PR fixes #136 by overriding the original request/response properties with the DSL evaluated ones. For some weird reason, go1.18 passing a pointer of type *http.Request by reference to a nested sequence of functions causes some stack confusion, causing the original instance to be immutable.

Checklist

• [x] Pull request is created against the dev branch
• [x] All checks passed (lint, unit/integration/regression tests etc.) with my changes
• [ ] I have added tests that prove my fix is effective or that my feature works
• [ ] I have added necessary documentation (if appropriate)

Example

Web Server

$ simplehttpserver -verbose
...
[2022-08-01 16:17:38]
Remote Address: 127.0.0.1:50012
GET / HTTP/1.1
Host: localhost:8000
Accept: */*
Accept-Encoding: gzip
User-Agent: firefox/7.79.1


HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Last-Modified: Fri, 17 Jun 2022 06:47:39 GMT

Proxify

$ proxify -request-match-replace-dsl "replace(request,'curl','firefox')" -v
...
HTTP Proxy Listening on 127.0.0.1:8888
Socks5 Proxy Listening on 127.0.0.1:10080
Saving traffic to logs
2022/08/01 16:17:22 [001] INFO: Got request / localhost:8888 GET /
2022/08/01 16:17:38 [002] INFO: Got request / localhost:8000 GET http://localhost:8000/
2022/08/01 16:17:38 [002] INFO: Sending request GET http://localhost:8000/
2022/08/01 16:17:38 [002] INFO: Received response 200 OK
2022/08/01 16:17:38 [002] INFO: Copying response to client 200 OK [200]
2022/08/01 16:17:38 [002] INFO: Copied 101 bytes to client error=<nil>

Curl

$ curl http://localhost:8000 -x http://localhost:8888
<pre>
<a href=".DS_Store">.DS_Store</a>
<a href="simplehttpserver.go">simplehttpserver.go</a>
</pre>

Proposed changes

This PR implements the -vv flag as described in https://github.com/projectdiscovery/proxify/issues/139.

Checklist

• [x] Pull request is created against the dev branch
• [ ] All checks passed (lint, unit/integration/regression tests etc.) with my changes
• [ ] I have added tests that prove my fix is effective or that my feature works
• [x] I have added necessary documentation (if appropriate)

Proposed changes

This PR adds snapcraft deploy support

Checklist

• [ ] Pull request is created against the dev branch
• [ ] All checks passed (lint, unit/integration/regression tests etc.) with my changes
• [ ] I have added tests that prove my fix is effective or that my feature works
• [ ] I have added necessary documentation (if appropriate)

Please describe your feature request:

Option is configure a list of domains to enable TLS pass through (no intercept). Ref Burp's option

Describe the use case of this feature:

When the client has an error connecting TLS, e.g. certificate pinning.

Discussed in https://github.com/projectdiscovery/proxify/discussions/196

Proposed changes

As initially discussed in https://github.com/projectdiscovery/proxify/discussions/196, it'd be nice to support multiple DSL matches on requests and responses. For consistency, I added the same behavior to the match-replace DSLs.

The updated code loops over the defined matches and will perform each of them. The match-replace items allow the replaces to be chained, so text in the first match-replace could be replaced by text in a subsequent match-replace. An example would look like:

response-match-replace-dsl:
  - "replace(response,'example.com,'test.com')"
  - "replace(response,'test','google')"

In the event that example.com was replaced in a response, the resultant text would be google.com. Users would need to be aware of overlapping replacements.

The MatchReplaceRequest and MatchReplaceResponse functions were not the simplest to switch over, so there may be a better solution.

The mitmrelay tool doesn't currenntly use goflags. To keep the scope of the PR small, I decided to insert the single match-replace DSLs into a string slice.

Checklist

• [x] Pull request is created against the dev branch
• [x] All checks passed (lint, unit/integration/regression tests etc.) with my changes
• [ ] I have added tests that prove my fix is effective or that my feature works
• [ ] I have added necessary documentation (if appropriate)

Proxify version:

This is actually for the replay tool but the current version of proxify is 0.0.8

Current Behavior:

replay -output logs -http-addr ":10080" is returning the error [FTL] Could not listen and serve: listen tcp :80: bind: permission denied

Expected Behavior:

replay -output logs -http-addr ":10080" should listen on port 10080

Steps To Reproduce:

1. Run replay -output logs -http-addr ":10080"
2. See error [FTL] Could not listen and serve: listen tcp :80: bind: permission denied

Anything else:

In https://github.com/projectdiscovery/proxify/blob/master/cmd/replay/replay.go#L88 the ":80" is hardcoded but options.HTTPListenerAddress should be used.

Proxify version:

0.0.8

Current Behavior:

╰─➤  proxify -socks5-proxy 'socks5://51.91.197.148:10002' -output "$(date +%Y%m%d)"                                                                                                                                                                                     130 ↵

                       _ ___
   ___  _______ __ __ (_) _/_ __
  / _ \/ __/ _ \\ \ // / _/ // /
 / .__/_/  \___/_\_\/_/_/ \_, /
/_/                      /___/  v0.0.8

                projectdiscovery.io

[INF] HTTP Proxy Listening on 127.0.0.1:8888
[INF] Socks5 Proxy Listening on 127.0.0.1:10080
[INF] Saving proxify traffic to 20221125
[INF] Using upstream SOCKS5 proxies: ["socks5://51.91.197.148:10002"]
2022/11/25 08:19:57 [002] WARN: Cannot read TLS response from mitm'd server socks connect tcp: dial tcp: address socks5://51.91.197.148:10002: too many colons in address
2022/11/25 08:19:57 [004] WARN: Cannot read TLS response from mitm'd server socks connect tcp: dial tcp: address socks5://51.91.197.148:10002: too many colons in address
2022/11/25 08:19:57 [006] WARN: Cannot read TLS response from mitm'd server socks connect tcp: dial tcp: address socks5://51.91.197.148:10002: too many colons in address
2022/11/25 08:19:57 [008] WARN: Cannot read TLS response from mitm'd server socks connect tcp: dial tcp: address socks5://51.91.197.148:10002: too many colons in address
2022/11/25 08:19:57 [010] WARN: Cannot read TLS response from mitm'd server socks connect tcp: dial tcp: address socks5://51.91.197.148:10002: too many colons in address
2022/11/25 08:19:58 [012] WARN: Cannot read TLS response from mitm'd server socks connect tcp: dial tcp: address socks5://51.91.197.148:10002: too many colons in address
2022/11/25 08:19:58 [014] WARN: Cannot read TLS response from mitm'd server socks connect tcp: dial tcp: address socks5://51.91.197.148:10002: too many colons in address
2022/11/25 08:19:58 [016] WARN: Cannot read TLS response from mitm'd server socks connect tcp: dial tcp: address socks5://51.91.197.148:10002: too many colons in address
2022/11/25 08:19:58 [018] WARN: Cannot read TLS response from mitm'd server socks connect tcp: dial tcp: address socks5://51.91.197.148:10002: too many colons in address
2022/11/25 08:19:58 [020] WARN: Cannot read TLS response from mitm'd server socks connect tcp: dial tcp: address socks5://51.91.197.148:10002: too many colons in address
2022/11/25 08:20:00 [024] WARN: Cannot read TLS response from mitm'd server socks connect tcp: dial tcp: address socks5://51.91.197.148:10002: too many colons in address
2022/11/25 08:20:00 [026] WARN: Cannot read TLS response from mitm'd server socks connect tcp: dial tcp: address socks5://51.91.197.148:10002: too many colons in address

Expected Behavior:

A colon should not be appended to the end of the address. As you see, I did not include it in my invocation.

Steps To Reproduce:

See command I ran

Anything else:

Thanks for making awesome tools :)