Can I run the`httptoolkit-server` as a remote service? about httptoolkit-server HOT 2 CLOSED

As is, basically no, but you might be able to bodge together some changes to make it work...

There's at least a few main issues:

• For everything except phones, obviously the server will launch intercepted applications on the server machine, not the UI, so launching Chrome & intercepted terminals etc from the UI will clearly not work as you're expecting at all. Similarly ADB setup will require the server to have an ADB connection to the phone, which may be challenging.
• The server only exposes its API for the UI on localhost by default. This is very important, because the server's API lets you launch intercepted applications, and so in effect it allows arbitrary remote code execution - if you expose it more widely, in theory any mildly interested attacker can run anything they like on your machine. You can secure this with a token (set the HTK_SERVER_TOKEN env var to some value, and then pass that as ?authToken=... in your browser when loading the UI, but this is really a security-in-depth mechanism - it's a backup, it's not properly designed to provide rock-solid security for a high risk service on the public internet (there's no rate limiting, for example).
• The UI explicitly connects to localhost everywhere when connecting to the server, so if the browser you're using isn't running on the server then you'll need to manually change that, probably by replacing 127.0.0.1 everywhere with your server's IP (note that there's two different UI -> server connections: one on 45457 for querying machine state & launching interceptors, and one on 45456 to Mockttp to manage the proxy & configure traffic rules).
• You might be able to solve both the above with an local -> server SSH tunnel to forward 45456 & 45457 traffic to the server.
• When connecting an Android device, HTTP Toolkit share's the computer's visible IP addresses with the phone (either via QR code or ADB). In almost all cases, it doesn't know your externally reachable IP address, and your firewall wouldn't let it in anyway. You'll need to either modify this, or manually configure the phone proxy settings.
• You'll almost certainly run into firewall issues - you'll need to expose your proxy port to the global internet, and in that case you will eventually run into issues with random attackers proxying malicious traffic via your server (I've heard reports that this happens - people scan for and automatically abuse public proxy servers). You can gamble and ignore that, or you can try to set up complex firewall rules that only allow traffic from your phone's IP, or do some other tricks (remapping traffic to not use port 8000 will help, for starters), but it'll be complicated.

Those are just the cases I'm aware of though, I'm sure there are other problems! I would actually like to solve all that and add built-in support for this eventually (tracked in httptoolkit/httptoolkit#288) but it's not available yet, so if you do get this working or find other issues, please do share them on that issue 😄.

from httptoolkit-server.

Thank you @pimterry for such a detailed answer, I can feel that you love the httptoolkit project very much.

I am still a novice in this field, and my ability can only reach the use level at present.

I sorted out my needs again, and my needs should be mainly on the android side:
First of all, I need a vpn tool (let's call it vpn-app) on the android side, which can monitor http/https requests from other apps on the phone. vpn-app can automatically POST these request data to a server, similar to sending an http post request to a backend server. As long as I can set the server and RESTful interface in this vpn-app, of course, it would be better if I can set whether to submit these data automatically or manually.

I feel that I should create a new issue under the httptoolkit-android repository, but I feel that this requirement is inconsistent with the original intention of httptoolkit-android.So don't take this as a issue, but as a simple communication between friends. I hope you can recommend some apps that meet the needs I described above or give me some related suggestions.

from httptoolkit-server.