An HTTP/HTTPS intercept proxy written in Go.

Broxy

License status

Broxy is an open source intercept proxy written in Go. It makes use of goproxy as core proxy implementation and the interface is implemented with a Qt wrapper for Go.

DISCLAIMER: this is still an alpha software so bear with me.

intercept

Features

Broxy is currently a work in progress project. The current version provides the following features:

  • Interceptor
  • History with filters
  • Repeater
  • Persistent sessions

Installation

Grab a Binary

Grab a compiled version of Broxy here.

Compiling from Sources

To compile Broxy make sure you have the following installed and properly configured:

Once Go, Qt 5.13 and the Qt wrapper are ready, just do:

go get github.com/rhaidiz/broxy
cd $GOPATH/src/github.com/rhaidiz/broxy
make build

Once the compilation is finished, you'll have the binary inside the folder deploy ... 🤞 !

License

Broxy is released under the GPLv3 license.

Owner
Federico
Federico
https://github.com/rhaidiz/broxy
Comments
  • Panic while using broxy

    Panic while using broxy 

    $ ./broxy
panic: runtime error: index out of range [0] with length 0

goroutine 25 [running]:
github.com/rhaidiz/broxy/modules/coreproxy.(*Controller).onReq(0xc00024a800, 0xc00024a100, 0xc0002ba3c0, 0x15, 0xc000024201)
	github.com/rhaidiz/broxy@/modules/coreproxy/coreproxy_controller.go:520 +0xa98
github.com/rhaidiz/broxy/modules/coreproxy.(*Coreproxy).onReqDef(...)
	github.com/rhaidiz/broxy@/modules/coreproxy/coreproxy.go:119
github.com/elazarl/goproxy.FuncReqHandler.Handle(0xc0004601a0, 0xc00024a100, 0xc0002ba3c0, 0xc000024270, 0xc0001ee100)
	github.com/elazarl/[email protected]/actions.go:19 +0x3a
github.com/elazarl/goproxy.(*ReqProxyConds).Do.func1(0xc00024a100, 0xc0002ba3c0, 0x0, 0x0)
	github.com/elazarl/[email protected]/dispatcher.go:200 +0xcc
github.com/elazarl/goproxy.FuncReqHandler.Handle(0xc0003239e0, 0xc00024a100, 0xc0002ba3c0, 0xc000261d70, 0x3)
	github.com/elazarl/[email protected]/actions.go:19 +0x3a
github.com/elazarl/goproxy.(*ProxyHttpServer).filterRequest(0xc000188be0, 0xc00024a100, 0xc0002ba3c0, 0x0, 0x0)
	github.com/elazarl/[email protected]/proxy.go:61 +0x74
github.com/elazarl/goproxy.(*ProxyHttpServer).handleHttps.func2(0x11e1f20, 0xc0003fc018, 0xc00046a780, 0xc0002ba060, 0xc00036a000, 0xc000188be0, 0x11db100, 0xc0001d60e0)
	github.com/elazarl/[email protected]/https.go:210 +0x59d
created by github.com/elazarl/goproxy.(*ProxyHttpServer).handleHttps
	github.com/elazarl/[email protected]/https.go:180 +0x53c

    Borxy version: Broxy v1.0.0-alpha.3

  • Hardcoded CA Certificate

    Hardcoded CA Certificate

    The CA Cert in the coreproxy_settings.go file is static and not something that gets generated. Anyone who trusts the Cert in order to capture HTTPS traffic will be vulnerable to using unverified sites later.

    Example site signed with the hardcoded CA https://proxy.lf.lc/

  • Offer to help

    Offer to help

    Hey! So I love this project and it's something I've been toying with building myself. I'd love to help in anyway I can like taking a feature off your hands to build. I've built a handful of Go tools which you can see on my github for some reference. Let me know if you'd like the support!

  • Cannot write TLS reponse header

    Cannot write TLS reponse header

    I'm getting lots of cert errors. I've saved the CA from within broxy and imported it into firefox.

    Example error: 2020/07/04 14:07:20 [095] WARN: Cannot handshake client github.githubassets.com:443 EOF 2020/07/04 14:07:20 [081] WARN: Cannot write TLS response header from mitm'd client: write tcp 127.0.0.1:8080->127.0.0.1:44238: write: broken pipe

  • disable auto update of Content-Length

    disable auto update of Content-Length

    If we could disable the automatic update of the Content-Length header, this tool would be usable to test for HTTP Smuggling attacks: https://portswigger.net/web-security/request-smuggling

  • possible short-term features

    possible short-term features

    I am not very good at programming on golang yet, and I would like to contribute in some way to the project such as giving ideas or possible improvements and reporting errors. If possible, you could provide information to help with software development.

    to fix:

    • fix request/response format

    ex: curl -k https://www.google.cl -x http://127.0.0.1:8080

    Request:

    GET /www.google.cl:443/ HTTP/1.1
Host: www.google.cl
User-Agent: curl/7.58.0
Accept: */*

    Correct request:

    GET / HTTP/1.1
Host: www.google.cl:443
User-Agent: curl/7.58.0
Accept: */*
    • use unicode

    The possible improvements that can be added in the short term would be in my opinion:

    • Copy as curl, python-requests https://github.com/hrbrmstr/curlconverter
    • Add scope or option to remove junk traffic from the browser, for example firefox.
    • In the proxy and repeater history, detail the response timeout.
    • Add highlight to differentiate one request from another.
    • The request and response of the broxy do it with letter console. (more comfortable to read)
    • Decoder:     - urlencoder / urldecoder     - base64 encoder / decoder
    • Comparer

    Less important:

    • Export proxy history to csv, json, xml or pcap.
    • add highlight to the request and response.
    • add a crawler. https://github.com/PuerkitoBio/gocrawl.
    • have a history of requests made by the complete tool as logger++
    • Fuzzer (intruder) is not necessary something advanced, just to be able to put dictionaries and perform the attack is great // https://github.com/ffuf/ffuf // https://github.com/xmendez/wfuzz
Related tags
HTTP Clients go golang security proxy http-proxy hacking penetration-testing interceptor qt5-gui websecurity http-security http-interceptor qt-wrapper wapt penetration-testing-tools broxy
HTTP/HTTPS load testing and benchmarking tool

Introduction I wrote that code because: (the obvious reason::I love to write code in Go) We are working so hard to optimize our servers - why shouldn'

Dec 5, 2022
IceFireDB-Proxy - IceFireDB proxy, easier to use IceFireDB, support resp protocol
 IceFireDB-Proxy - IceFireDB proxy, easier to use IceFireDB, support resp protocol

IceFireDB-Proxy IceFireDB-Proxy is a high-performance, highly available, and use

Jun 8, 2022
An HTTP proxy library for Go

Introduction Package goproxy provides a customizable HTTP proxy library for Go (golang), It supports regular HTTP proxy, HTTPS through CONNECT, and "h

Jan 4, 2023
Tiny-HTTPS protocol implementation (experiment purpose.)

thttps Basic TLS implementation in Go, written as a learning project. Most components are forked from Go version 1.7 tiny-HTTPS is not suitable for re

Mar 7, 2022
Custom domain args exposing https settings for c#

xyz Pulumi Component Provider (TypeScript) This repo is a boilerplate showing how to create a Pulumi component provider written in TypeScript. You can

Nov 30, 2021
Fast HTTP package for Go. Tuned for high performance. Zero memory allocations in hot paths. Up to 10x faster than net/http
 Fast HTTP package for Go. Tuned for high performance. Zero memory allocations in hot paths. Up to 10x faster than net/http

fasthttp Fast HTTP implementation for Go. Currently fasthttp is successfully used by VertaMedia in a production serving up to 200K rps from more than

Jan 2, 2023
Speak HTTP like a local. (the simple, intuitive HTTP console, golang version)

http-gonsole This is the Go port of the http-console. Speak HTTP like a local Talking to an HTTP server with curl can be fun, but most of the time it'

Jul 14, 2021
Http client call for golang http api calls

httpclient-call-go This library is used to make http calls to different API services Install Package go get

Oct 7, 2022
fhttp is a fork of net/http that provides an array of features pertaining to the fingerprint of the golang http client.

fhttp The f stands for flex. fhttp is a fork of net/http that provides an array of features pertaining to the fingerprint of the golang http client. T

Jan 1, 2023
NATS HTTP Round Tripper - This is a Golang http.RoundTripper that uses NATS as a transport.

This is a Golang http.RoundTripper that uses NATS as a transport. Included is a http.RoundTripper for clients, a server that uses normal HTTP Handlers and any existing http handler mux and a Caddy Server transport.

Dec 6, 2022
Simple HTTP package that wraps net/http

Simple HTTP package that wraps net/http

Jan 17, 2022
Http-conection - A simple example of how to establish a HTTP connection using Golang

A simple example of how to establish a HTTP connection using Golang

Feb 1, 2022
An HTTP performance testing tool written in GoLang

Gonce A HTTP API performance testing tool written in GoLang Description Installation Usage Description A performance testing tool written in GoLang. S

Jan 28, 2022
httpreq is an http request library written with Golang to make requests and handle responses easily.

httpreq is an http request library written with Golang to make requests and handle responses easily. Install go get github.com/binalyze/http

Feb 10, 2022
Full-featured, plugin-driven, extensible HTTP client toolkit for Go

gentleman Full-featured, plugin-driven, middleware-oriented toolkit to easily create rich, versatile and composable HTTP clients in Go. gentleman embr

Dec 23, 2022
An enhanced http client for Golang
 An enhanced http client for Golang

go-http-client An enhanced http client for Golang Documentation on go.dev ?? This package provides you a http client package for your http requests. Y

Dec 23, 2022
An enhanced HTTP client for Go
 An enhanced HTTP client for Go

Heimdall Description Installation Usage Making a simple GET request Creating a hystrix-like circuit breaker Creating a hystrix-like circuit breaker wi

Jan 9, 2023
Enriches the standard go http client with retry functionality.

httpRetry Enriches the standard go http client with retry functionality using a wrapper around the Roundtripper interface. The advantage of this libra

Dec 10, 2022
Go (golang) http calls with retries and backoff

pester pester wraps Go's standard lib http client to provide several options to increase resiliency in your request. If you experience poor network co

Dec 28, 2022