From 7668713b1a28b3e9c181b0f7ceea2ff285f1d7fc Mon Sep 17 00:00:00 2001 From: Kevin Pham Date: Wed, 22 Nov 2023 07:21:48 -0600 Subject: [PATCH] fix recursive proxy calls --- handlers/proxy.go | 6 ++++-- proxychain/proxychain.go | 21 +++++++++++++++++++++ 2 files changed, 25 insertions(+), 2 deletions(-) diff --git a/handlers/proxy.go b/handlers/proxy.go index 54718ad..1df46f0 100644 --- a/handlers/proxy.go +++ b/handlers/proxy.go @@ -56,13 +56,15 @@ func NewProxySiteHandler(opts *ProxyOptions) fiber.Handler { SetFiberCtx(c). SetDebugLogging(opts.Verbose). SetRequestModifications( - rx.DeleteOutgoingCookies(), + //rx.DeleteOutgoingCookies(), //rx.RequestArchiveIs(), rx.MasqueradeAsGoogleBot(), ). AddResponseModifications( - tx.DeleteIncomingCookies(), + //tx.DeleteIncomingCookies(), tx.RewriteHTMLResourceURLs(), + tx.BypassCORS(), + tx.BypassContentSecurityPolicy(), ). Execute() diff --git a/proxychain/proxychain.go b/proxychain/proxychain.go index 2c71a4e..7e30bff 100644 --- a/proxychain/proxychain.go +++ b/proxychain/proxychain.go @@ -261,6 +261,22 @@ func reconstructUrlFromReferer(referer *url.URL, relativeUrl *url.URL) (*url.URL }, nil } +// prevents calls like: http://localhost:8080/http://localhost:8080 +func preventRecursiveProxyRequest(urlQuery *url.URL, baseProxyURL string) *url.URL { + u := urlQuery.String() + isRecursive := strings.HasPrefix(u, baseProxyURL) || u == baseProxyURL + if !isRecursive { + return urlQuery + } + + fixedURL, err := url.Parse(strings.TrimPrefix(strings.TrimPrefix(urlQuery.String(), baseProxyURL), "/")) + if err != nil { + log.Printf("proxychain: failed to fix recursive request: '%s' -> '%s\n'", baseProxyURL, u) + return urlQuery + } + return preventRecursiveProxyRequest(fixedURL, baseProxyURL) +} + // extractUrl extracts a URL from the request ctx. If the URL in the request // is a relative path, it reconstructs the full URL using the referer header. func (chain *ProxyChain) extractUrl() (*url.URL, error) { @@ -284,6 +300,11 @@ func (chain *ProxyChain) extractUrl() (*url.URL, error) { return nil, fmt.Errorf("error parsing request URL '%s': %v", reqUrl, err) } + // prevent recursive proxy requests + fullURL := chain.Context.Request().URI() + proxyURL := fmt.Sprintf("%s://%s", fullURL.Scheme(), fullURL.Host()) + urlQuery = preventRecursiveProxyRequest(urlQuery, proxyURL) + // Handle standard paths // eg: https://localhost:8080/https://realsite.com/images/foobar.jpg -> https://realsite.com/images/foobar.jpg isRelativePath := urlQuery.Scheme == ""