HTTPS Traffic

[sgalvez]

Am I able somehow to replicate https traffic?, just did a simple test and could not replicate it.

Regards.

[joekiller]

the short answer is no. The longer answer is that gor is similar to Wireshark in that it is just reading TCP packets. because the packets are encrypted you cannot just capture and replay them. See this FAQ on Wireshark page for more details. http://wiki.wireshark.org/SSL

[joekiller]

you could set up a proxy which terminates the encrypted traffic and then passes it back to your application unencrypted. You can then sniff the unencrypted traffic and replay it via gor.

[buger]

Here at Granify we use Amazon ELB which do SSL termination for us, so all traffic comes un-encrypted. If you use nginx as proxy that does SSL termination, and have few upstreams, you can point Gor listen for upstream ports, for example:

nginx is on 9000 port with 3 upstreams on 9001, 9002 and 9003 ports, you can run Gor like this:

gor --input-raw :9001 --input-raw :9002 --input-raw:9003 --output-http "staging"

[buger]

Its impossible to catch SSL traffic using raw sockets, because it is encrypted. So closing.

[ramnes]

I feel like this is a real issue. Couldn't ssldump be used with an option?

[buger]

@ramnes ssldump is quite hacky tool, and did not updated for a while. If you really want to use it, its possible to build input plugin which will parse ssldump output, but i doubt it could work good enough.

Building input plugin should not be a problem, you can try to hack it if you want, and i provide feedback, but i do not have plans in near time for this functionality. I checked ssldump source, and it will be too much work to implement same in Gor.

[ramnes]

I've suggested ssldump quite randomly. Do you see anything else that could do the job in a less "hacky" way?

[buger]

Frankly not, SSL was made to protect from traffic capture, even if you have a private key, i guess thats why not so many alternatives to ssldump :)

[ramnes]

I ended up doing it with nginx by terminating SSL, doing a proxy_pass http://localhost:8800 and then using that 8800 socket.

[buger]

👍

[lovewhll]

@ramnes can you show the details of HTTPS Traffic solution?

Thanks

[ramnes]

@lovewhll, there you go:

# Force HTTPS
server {
  listen 80;
  server_name yourdomain.com;
  rewrite ^ https://$server_name$request_uri? permanent;
}

# SSL termination
server {
  listen 443 ssl;
  server_name yourdomain.com;

  access_log /var/log/nginx/access.log main;
  error_log /var/log/nginx/error.log error;

  ssl_certificate /etc/ssl/nginx/yourdomain.com.crt;
  ssl_certificate_key /etc/ssl/nginx/yourdomain.com.key;

  # ramnes: We use a socket on the port 8800 as a SSL terminated socket rather
  # than using the 443 socket directly. This is useful for us since we want to
  # to listen on that socket in clear HTTP to be able to clone packets.
  location / {
    proxy_set_header Host $host;
    proxy_pass http://localhost:8800;
  }
}

# Clear HTTP
# ramnes: here you implement your "real" nginx configuration
server {
  listen 8800;
  server_name yourdomain.com;

  root /var/www;

  location /index.html {
    if_modified_since off;
    etag off;
    expires -1;
  }

  location / {
    try_files $uri/ $uri /index.html;
  }
}

Then you can do something like sudo nohup ./gor --input-raw :8800 --output-http https://dev.yourdomain.com --output-http-header "Host: dev.yourdomain.com" &

[lovewhll]

@ramnes Thank you!

[gmontard]

Yep this is the right way to do it, reverse proxy works pretty fine.

Anyway I just submitted an issue that could improve this setup by having Gor listen directly to a Unix Socket as an input, which would be faster than TCP Socket #192

[AbdullahMuhammad20]

@buger Hi, can I ask about how I can monitor the requests after redirecting to apply on another URL when I used output-HTTP?
or how I can use the compare or Analytics?
are we have any comments to show the differences or appear count of requests or dashboard or something like that?