Capturing and replaying traffic

Leonid Bugaev edited this page Jun 21, 2016 · 5 revisions

Think about Gor more like a network analyzer or tcpdump on steroids, it is not a proxy and does not affect your app anyhow. You specify application port, and it will capture and replay incoming data.

Simplest setup will be:

# Run on servers where you want to catch traffic. You can run it on every `web` machine.
sudo gor --input-raw :80 --output-http

It will record and replay traffic from the same machine. However, it is possible to use Aggregator-forwarder setup, when Gor on your web machines forward traffic to Gor aggregator instance running on the separate server.

You may notice that it require sudo: to analyze network Gor need permissions which available only to root users. However, it is possible to configure Gor [beign run for non-root users](Running as a non-root user).

Forwarding to multiple addresses

You can forward traffic to multiple endpoints.

gor --input-tcp :28020 --output-http ""  --output-http ""

Splitting traffic

By default, it will send same traffic to all outputs, but you have options to equally split it (round-robin) using --split-output option.

gor --input-raw :80 --output-http ""  --output-http "" --split-output true

Tracking responses

By default input-raw does not intercept responses, only requests. You can turn response tracking using --input-raw-track-response option. When enable you will be able to access response information in middleware and output-file.

Traffic interception engine

By default, Gor will use libpcap for intercepting traffic, it should work in most cases. If you have any troubles with it, you may try alternative engine: raw_socket.

sudo gor --input-raw :80 --input-raw-engine "raw_socket" --output-http ""

You can read more about Replaying HTTP traffic.

Tracking original IP addresses

You can use --input-raw-realip-header option to specify header name: If not blank, injects header with given name and real IP value to the request payload. Usually, this header should be named: X-Real-IP, but you can specify any name.

gor --input-raw :80 --input-raw-realip-header "X-Real-IP" ...

Also you may want to know about Rate limiting, Request rewriting and Request filtering

You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.
Press h to open a hovercard with more details.