A ruby http/https proxy, with SSL MITM support to do 👿 things.
Add this line to your application's Gemfile:
gem 'evil-proxy'
And then execute:
$ bundle
Or install it yourself as:
$ gem install evil-proxy
MITMProxyServer
is a subclass of HTTPProxyServer
, so it also has the callback & plugin system, this proxy will embed a mini CA, which generates certificates on the fly, so you may need to import the CA certificate (./certs/CA/cacert.pem) into your browser.
require 'evil-proxy'
proxy = EvilProxy::MITMProxyServer.new Port: 8080
proxy.start
Without import the CA certificate
$ https_proxy=http://localhost:8080 curl https://github.com
# =>
# curl: (60) SSL certificate problem: Invalid certificate chain
# More details here: http://curl.haxx.se/docs/sslcerts.html
#
# curl performs SSL certificate verification by default, using a "bundle"
# of Certificate Authority (CA) public keys (CA certs). If the default
# bundle file isn't adequate, you can specify an alternate file
# using the --cacert option.
# If this HTTPS server uses a certificate signed by a CA represented in
# the bundle, the certificate verification probably failed due to a
# problem with the certificate (it might be expired, or the name might
# not match the domain name in the URL).
# If you'd like to turn off curl's verification of the certificate, use
# the -k (or --insecure) option.
$ https_proxy=http://localhost:8080 curl https://github.com --insecure
# =>
# <!DOCTYPE html>
# <html lang="en" class="">
# ...
So you can intercept and modify https traffic, ie: requests & responses.
require 'evil-proxy'
# EvilProxy::HTTPProxyServer is a subclass of Webrick::HTTPProxyServer;
# it takes the same parameters.
proxy = EvilProxy::HTTPProxyServer.new Port: 8080
proxy.before_request do |req|
# Do evil things
# Note that, different from Webrick::HTTPProxyServer,
# `req.body` is writable.
end
proxy.before_response do |req, res|
# Here `res.body` is also writable.
end
trap "INT" do proxy.shutdown end
trap "TERM" do proxy.shutdown end
proxy.start
Available hooks including when_initialize
, when_start
, when_shutdown
,
before_request
, before_response
, (before|after)_(get|head|post|options|connect)
.
If you want to save the network traffic, you can use store
plugin,
network traffic will be saved in store.yml
.
require 'evil-proxy'
require 'evil-proxy/store'
proxy = EvilProxy::HTTPProxyServer.new Port: 8080
proxy.store_filter do |req, res|
# Optional, if you don't set `store_filter`, evil-proxy
# will save all the network traffic.
res.unparsed_uri =~ /www.google.com/
end
...
Start the proxy server asnychronously, which means start server in a background thread;
with it, you can check the store
when runing the proxy server.
require 'evil-proxy'
require 'evil-proxy/async'
require 'evil-proxy/store'
require 'yaml'
proxy = EvilProxy::HTTPProxyServer.new Port: 8080
proxy.start
loop do
# Do something with `proxy.store`
puts proxy.store.to_yaml
proxy.clean_store # if needed
sleep 10
end
...
Use proxy.selenium_proxy
to create a instance of Selenium::WebDriver::Proxy
.
require 'evil-proxy'
require 'evil-proxy/selenium'
require 'selenium/webdriver'
proxy = EvilProxy::HTTPProxyServer.new Port: 8080
proxy.start
driver = Selenium::WebDriver.for :chrome, proxy: proxy.selenium_proxy
...
- Fork it ( https://github.com/bbtfr/evil-proxy/fork )
- Create your feature branch (
git checkout -b my-new-feature
) - Commit your changes (
git commit -am 'Add some feature'
) - Push to the branch (
git push origin my-new-feature
) - Create a new Pull Request