Comments (2)
As is, basically no, but you might be able to bodge together some changes to make it work...
There's at least a few main issues:
- For everything except phones, obviously the server will launch intercepted applications on the server machine, not the UI, so launching Chrome & intercepted terminals etc from the UI will clearly not work as you're expecting at all. Similarly ADB setup will require the server to have an ADB connection to the phone, which may be challenging.
- The server only exposes its API for the UI on localhost by default. This is very important, because the server's API lets you launch intercepted applications, and so in effect it allows arbitrary remote code execution - if you expose it more widely, in theory any mildly interested attacker can run anything they like on your machine. You can secure this with a token (set the
HTK_SERVER_TOKEN
env var to some value, and then pass that as?authToken=...
in your browser when loading the UI, but this is really a security-in-depth mechanism - it's a backup, it's not properly designed to provide rock-solid security for a high risk service on the public internet (there's no rate limiting, for example). - The UI explicitly connects to localhost everywhere when connecting to the server, so if the browser you're using isn't running on the server then you'll need to manually change that, probably by replacing
127.0.0.1
everywhere with your server's IP (note that there's two different UI -> server connections: one on 45457 for querying machine state & launching interceptors, and one on 45456 to Mockttp to manage the proxy & configure traffic rules). - You might be able to solve both the above with an local -> server SSH tunnel to forward 45456 & 45457 traffic to the server.
- When connecting an Android device, HTTP Toolkit share's the computer's visible IP addresses with the phone (either via QR code or ADB). In almost all cases, it doesn't know your externally reachable IP address, and your firewall wouldn't let it in anyway. You'll need to either modify this, or manually configure the phone proxy settings.
- You'll almost certainly run into firewall issues - you'll need to expose your proxy port to the global internet, and in that case you will eventually run into issues with random attackers proxying malicious traffic via your server (I've heard reports that this happens - people scan for and automatically abuse public proxy servers). You can gamble and ignore that, or you can try to set up complex firewall rules that only allow traffic from your phone's IP, or do some other tricks (remapping traffic to not use port 8000 will help, for starters), but it'll be complicated.
Those are just the cases I'm aware of though, I'm sure there are other problems! I would actually like to solve all that and add built-in support for this eventually (tracked in httptoolkit/httptoolkit#288) but it's not available yet, so if you do get this working or find other issues, please do share them on that issue 😄.
from httptoolkit-server.
Thank you @pimterry for such a detailed answer, I can feel that you love the httptoolkit project very much.
I am still a novice in this field, and my ability can only reach the use level at present.
I sorted out my needs again, and my needs should be mainly on the android side:
First of all, I need a vpn tool (let's call it vpn-app
) on the android side, which can monitor http/https requests from other apps on the phone. vpn-app
can automatically POST these request data to a server, similar to sending an http post request to a backend server. As long as I can set the server and RESTful interface in this vpn-app
, of course, it would be better if I can set whether to submit these data automatically or manually.
I feel that I should create a new issue under the httptoolkit-android
repository, but I feel that this requirement is inconsistent with the original intention of httptoolkit-android
.So don't take this as a issue, but as a simple communication between friends. I hope you can recommend some apps that meet the needs I described above or give me some related suggestions.
from httptoolkit-server.
Related Issues (20)
- possible to drop url and headers to a file ? HOT 3
- fails to intercept oauth2 HOT 5
- Fresh Terminal, Wrong git-bash HOT 3
- npm install error: sentry-cli HOT 8
- self-signed upstream CA-certificate HOT 1
- How to configure mock requests without any browser interaction. HOT 6
- HttpToolkit generating and not cleaning outputs HOT 4
- Upstream proxy support HOT 1
- build for arm64 failed HOT 19
- Support android-arm64/Termux HOT 11
- Support darwin-arm64 HOT 10
- Cant install HOT 2
- install error HOT 2
- 'Cannot find module prepend-node.js' when using npx in hooked terminal HOT 5
- Terminal Intercepting crashes when using NodeJS worker threads HOT 3
- Installing httptoolkit-server for use as a library HOT 3
- ecapture HOT 1
- android: cant find trusted cert after install using root adb HOT 10
- Support running the server on linux-arm64
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from httptoolkit-server.