DWS/hadrian
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix recursive proxy calls

Browse Source
This commit is contained in:
Kevin Pham
2023-11-22 07:21:48 -06:00
parent bfd647e526
commit 7668713b1a
2 changed files with 25 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
handlers/proxy.go
View File

@@ -56,13 +56,15 @@ func NewProxySiteHandler(opts *ProxyOptions) fiber.Handler {
SetFiberCtx(c).
SetDebugLogging(opts.Verbose).
SetRequestModifications(
rx.DeleteOutgoingCookies(),
//rx.DeleteOutgoingCookies(),
//rx.RequestArchiveIs(),
rx.MasqueradeAsGoogleBot(),
).
AddResponseModifications(
tx.DeleteIncomingCookies(),
//tx.DeleteIncomingCookies(),
tx.RewriteHTMLResourceURLs(),
tx.BypassCORS(),
tx.BypassContentSecurityPolicy(),
).
Execute()

21
proxychain/proxychain.go
View File

@@ -261,6 +261,22 @@ func reconstructUrlFromReferer(referer *url.URL, relativeUrl *url.URL) (*url.URL
}, nil
}
// prevents calls like: http://localhost:8080/http://localhost:8080
func preventRecursiveProxyRequest(urlQuery *url.URL, baseProxyURL string) *url.URL {
u := urlQuery.String()
isRecursive := strings.HasPrefix(u, baseProxyURL) || u == baseProxyURL
if !isRecursive {
return urlQuery
}
fixedURL, err := url.Parse(strings.TrimPrefix(strings.TrimPrefix(urlQuery.String(), baseProxyURL), "/"))
if err != nil {
log.Printf("proxychain: failed to fix recursive request: '%s' -> '%s\n'", baseProxyURL, u)
return urlQuery
}
return preventRecursiveProxyRequest(fixedURL, baseProxyURL)
}
// extractUrl extracts a URL from the request ctx. If the URL in the request
// is a relative path, it reconstructs the full URL using the referer header.
func (chain *ProxyChain) extractUrl() (*url.URL, error) {
@@ -284,6 +300,11 @@ func (chain *ProxyChain) extractUrl() (*url.URL, error) {
return nil, fmt.Errorf("error parsing request URL '%s': %v", reqUrl, err)
}
// prevent recursive proxy requests
fullURL := chain.Context.Request().URI()
proxyURL := fmt.Sprintf("%s://%s", fullURL.Scheme(), fullURL.Host())
urlQuery = preventRecursiveProxyRequest(urlQuery, proxyURL)
// Handle standard paths
// eg: https://localhost:8080/https://realsite.com/images/foobar.jpg -> https://realsite.com/images/foobar.jpg
isRelativePath := urlQuery.Scheme == ""