Skip to content
A ruby http/https proxy to do EVIL things. 👿
Ruby
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
bin
lib
spec
.gitignore
.rspec
Gemfile
LICENSE.txt
README.md
Rakefile
evil-proxy.gemspec

README.md

EvilProxy

A ruby http/https proxy, with SSL MITM support to do 👿 things.

Installation

Add this line to your application's Gemfile:

gem 'evil-proxy'

And then execute:

$ bundle

Or install it yourself as:

$ gem install evil-proxy

Usage

MITMProxyServer

MITMProxyServer is a subclass of HTTPProxyServer, so it also has the callback & plugin system, this proxy will embed a mini CA, which generates certificates on the fly, so you may need to import the CA certificate (./certs/CA/cacert.pem) into your browser.

require 'evil-proxy'

proxy = EvilProxy::MITMProxyServer.new Port: 8080
proxy.start

Without import the CA certificate

$ https_proxy=http://localhost:8080 curl https://github.com
# =>
# curl: (60) SSL certificate problem: Invalid certificate chain
# More details here: http://curl.haxx.se/docs/sslcerts.html
# 
# curl performs SSL certificate verification by default, using a "bundle"
#  of Certificate Authority (CA) public keys (CA certs). If the default
#  bundle file isn't adequate, you can specify an alternate file
#  using the --cacert option.
# If this HTTPS server uses a certificate signed by a CA represented in
#  the bundle, the certificate verification probably failed due to a
#  problem with the certificate (it might be expired, or the name might
#  not match the domain name in the URL).
# If you'd like to turn off curl's verification of the certificate, use
#  the -k (or --insecure) option.
$ https_proxy=http://localhost:8080 curl https://github.com --insecure
# =>
# <!DOCTYPE html>
# <html lang="en" class="">
# ...

So you can intercept and modify https traffic, ie: requests & responses.

Basic usage: hooks

require 'evil-proxy'

# EvilProxy::HTTPProxyServer is a subclass of Webrick::HTTPProxyServer;
#   it takes the same parameters.
proxy = EvilProxy::HTTPProxyServer.new Port: 8080

proxy.before_request do |req|
  # Do evil things
  # Note that, different from Webrick::HTTPProxyServer, 
  #   `req.body` is writable.
end

proxy.before_response do |req, res|
  # Here `res.body` is also writable.
end

trap "INT"  do proxy.shutdown end
trap "TERM" do proxy.shutdown end

proxy.start

Available hooks including when_initialize, when_start, when_shutdown, before_request, before_response, (before|after)_(get|head|post|options|connect).

Plugin: store

If you want to save the network traffic, you can use store plugin, network traffic will be saved in store.yml.

require 'evil-proxy'
require 'evil-proxy/store'

proxy = EvilProxy::HTTPProxyServer.new Port: 8080

proxy.store_filter do |req, res|
  # Optional, if you don't set `store_filter`, evil-proxy
  #   will save all the network traffic.
  res.unparsed_uri =~ /www.google.com/
end

...

Plugin: async

Start the proxy server asnychronously, which means start server in a background thread; with it, you can check the store when runing the proxy server.

require 'evil-proxy'
require 'evil-proxy/async'
require 'evil-proxy/store'
require 'yaml'

proxy = EvilProxy::HTTPProxyServer.new Port: 8080

proxy.start

loop do
  # Do something with `proxy.store`
  puts proxy.store.to_yaml
  proxy.clean_store # if needed
  sleep 10
end

...

Plugin: selenium

Use proxy.selenium_proxy to create a instance of Selenium::WebDriver::Proxy.

require 'evil-proxy'
require 'evil-proxy/selenium'
require 'selenium/webdriver'

proxy = EvilProxy::HTTPProxyServer.new Port: 8080
proxy.start

driver = Selenium::WebDriver.for :chrome, proxy: proxy.selenium_proxy

...

Contributing

  1. Fork it ( https://github.com/bbtfr/evil-proxy/fork )
  2. Create your feature branch (git checkout -b my-new-feature)
  3. Commit your changes (git commit -am 'Add some feature')
  4. Push to the branch (git push origin my-new-feature)
  5. Create a new Pull Request
You can’t perform that action at this time.