Coder Social home page Coder Social logo

between's Introduction

between

What

A transparent Http/Https proxy made in Go that intercepts and optionaly modifies outgoing requests/ incoming responses. Currently supports only OSX since it uses pf for intercepting traffic.

Why

While developing or reverse engineering web services, it's very useful to be able to see the incoming/outgoing traffic and have the ability to edit both. It's even more useful if you can programmaticaly alter them via code and do all that transparently to the 2 sides of communication. Currently and to my knowledge there isn't a library/software that does ALL of the above, so I decided to make one.

How

between uses pf to intercept all incoming and outgoing traffic. It will then filter out http and https requests and responses and will run user defined functions to edit them in any way possible. When between exits it deactivates pf and restores network connectivity.

Examples

  • deface is a fun little demo app that sniffs out all incoming images, performs face detection, and replaces faces with the 'rage guy'. See how it looks below: :-p

linkedin_defaced

To run it : ``` $ go build examples/deface.go $ sudo ./examples/deface ```

Limitations

Currently between has 2 limitations:

  • Needs to run as root. This is for 2 reasons:
    • To be able to manipulate pf so it's intercepting all traffic. A different user can be used if permissions on pfctl are set.
    • To exclude requests made from between from being intercepted again. Right now there is a pf rule that prevents traffic from root from being intercepted. A different user could be used for this reason too.
  • Works only in OSX since it's using pf magic for interception. FreeBSD might work too but hasnt been tested.

Alternatives

There are many alternatives that achieve some of between's functionality but none was satisfying everything mentioned on the Why section.

  • Browser Plugins (Chrome DevTools, Firebug, TamperData etc): Works great for reviewing requests/responses but editing them is impossible/very limited.
  • Charles Proxy: Great proxy with ton of functionality. It's difficult (impossible?) to programmaticaly modify requests/responses in an arbitrary way.

between's People

Contributors

gpavlidi avatar

Watchers

avatar avatar avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.