Is it possible to replay https traffic via goreplay?

[jacoblukose]

No description provided.

[onestraw]

Probably not
#85

[jacoblukose]

yup , not possible @onestraw 👎

[seboss666]

Hello,
It's not that hard to slightly modify web installation to have intermediary TLS termination and capture/replicate backend trafic. The real question is : is it possible to send captured trafic to an https destination to be sure we are in the same base setup ?

[buger]

I would say so, it is not possible to capture HTTPS traffic by its nature (without putting proxy behind it which terminate the traffic), but you feel free to replay captured traffic to https endpoint. No special configuration needed.

[baiduguoyun]

hello,in latest version v0.16.1,there is a feature "Add support for TLS connections between --input-tcp and --output-tcp.",Could you give me an example to use TLS connections?
and I am confused about why gor support tls，but it can not capture HTTPS traffic? @buger

[buger]

--input-tcp and --output-tcp is a special plugins used only for GoReplay master-slave setup, e.g. so GoReplay instances can communicate with each other. Its not about intercepting TCP traffic (which yes, can be a bit confusing from its name).

[baiduguoyun]

Thanks for your reply,but I'm still confused about this question.
It is my purpose to capture HTTPS traffic. I tried in the following way,which is use GoReplay master-slave setup.
In master side,goreplay --input-tcp localhost:28020 --input-tcp-secure --input-tcp-certificate "/etc/httpd/server.pem" --input-tcp-certificate-key "/etc/httpd/server.key" --output-stdout
In slave side,goreplay --input-raw :443 --output-tcp localhost:28020 --output-tcp-secure
and then ,I got this error prompt
In master side,"Unexpected error in input tcp connection: remote error: tls: bad certificate"
In slave side,"Can't connect to aggregator instance, reconnecting in 1 second. Retries: 1"
I'm so confused. Why I put the right certificate and key in master side,but they can' establish connection between each other.
Is that a wrong way I use TLS connections（-input-tcp-secure --input-tcp-certificate --output-tcp-secure）？Could you give me an example to let me know how to use TLS connections?
@buger

[buger]

Short: you can't capture https traffic on netwrok interface, maybe if except FBI, since such traffic is encrypted.

Long: The only way to capture TLS protected traffic is to put proxy on top of your app which will terminate traffic for you, and you will intercept non-TLS traffic, behind proxy. Or maybe if proxy can record traffic for you (and GoReplay at the moment can't act as proxy). Maybe smth like nginx mirror module will suite better for your needs http://nginx.org/en/docs/http/ngx_http_mirror_module.html

[baiduguoyun]

Firstly thanks a lot.@buger
It is very clear to my original question.But my question has changed into a new one,that is what your new feature(Add support for TLS connections between --input-tcp and --output-tcp) is for?

[buger]

I think doc can clarify it https://github.com/buger/goreplay/wiki/Distributed-configuration

In some cases, you may want to have GoReplay worker nodes, which redirect intercepted traffic to GoReplay master node on separate machine. --input-tcp and --output-tcp made exactly for this purpose.

[baiduguoyun]

So I guess this new feature(Add support for TLS connections between --input-tcp and --output-tcp) is used for encrypting http traffic between -input-tcp and --output-tcp. Since I still can not make it work even thouth I followed the example of this doc(https://github.com/buger/goreplay/wiki/Distributed-configuration).I still get error message like my above comment.I gave up trying because I think maybe there is a bug in establishing tls connection.
Anyway,thanks for your great tool,it is very useful.@buger