JustAnotherArchivist
/
transfer.sh
forked from kiska/transfer.sh
1
0
Fork 1
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
301 Commits
17 Branches
34 MiB
Tree: c4dbd39527
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'c4dbd39527'
${ noResults }
transfer.sh/vendor/github.com/google/martian/README.md

README.md 10 KiB
Raw Normal View History

Bump google.golang.org/api
5 years ago
 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297 
  1. # Martian Proxy [![Build Status](https://travis-ci.org/google/martian.svg?branch=master)](https://travis-ci.org/google/martian)

  2. 

  3. Martian Proxy is a programmable HTTP proxy designed to be used for testing.

  4. 

  5. Martian is a great tool to use if you want to:

  6. 

  7. * Verify that all (or some subset) of requests are secure

  8. * Mock external services at the network layer

  9. * Inject headers, modify cookies or perform other mutations of HTTP requests

  10.   and responses

  11. * Verify that pingbacks happen when you think they should

  12. * Unwrap encrypted traffic (requires install of CA certificate in browser)

  13. 

  14. By taking advantage of Go cross-compilation, Martian can be deployed

  15. anywhere that Go can target.

  16. 

  17. ## Requirements

  18. 

  19. Go 1.9

  20. 

  21. ## Getting Started

  22. 

  23. ### Installation

  24. Martian Proxy can be installed using `go install`

  25. 

  26.     go get github.com/google/martian/ && \

  27.     go install github.com/google/martian/cmd/proxy

  28. 

  29. ### Start the Proxy

  30. Assuming you've installed Martian, running the proxy is as simple as

  31. 

  32.     $GOPATH/bin/proxy

  33. 

  34. If you want to see system logs as Martian is running, pass in the verbosity

  35. flag:

  36. 

  37.     $GOPATH/bin/proxy -v=2

  38. 

  39. By default, Martian will be running on port 8080, and the Martian API will be running on 8181

  40. . The port can be specified via flags:

  41. 

  42.     $GOPATH/bin/proxy -addr=:9999 -api-addr=:9898

  43. 

  44. ### Logging

  45. For logging of requests and responses a [logging

  46. modifier](https://github.com/google/martian/wiki/Modifier-Reference#logging) is

  47. available or [HAR](http://www.softwareishard.com/blog/har-12-spec/) logs are

  48. available if the `-har` flag is used.

  49. 

  50. #### HAR Logging

  51. To enable HAR logging in Martian call the binary with the `-har` flag:

  52. 

  53.     $GOPATH/bin/proxy -har

  54. 

  55. If the `-har` flag has been enabled two HAR related endpoints will be

  56. available:

  57. 

  58.     GET http://martian.proxy/logs

  59. 

  60. Will retrieve the HAR log of all requests and responses seen by the proxy since

  61. the last reset.

  62. 

  63.     DELETE http://martian.proxy/logs/reset

  64. 

  65. Will reset the in-memory HAR log. Note that the log will grow unbounded unless

  66. it is periodically reset.

  67. 

  68. ### Configure

  69. Once Martian is running, you need to configure its behavior. Without

  70. configuration, Martian is just proxying without doing anything to the requests

  71. or responses. If enabled, logging will take place without additional

  72. configuration.

  73. 

  74. Martian is configured by JSON messages sent over HTTP that take the general

  75. form of:

  76. 

  77.     {

  78.       "header.Modifier": {

  79.         "scope": ["response"],

  80.         "name": "Test-Header",

  81.         "value": "true"

  82.       }

  83.     }

  84. 

  85. The above configuration tells Martian to inject a header with the name

  86. "Test-Header" and the value "true" on all responses.

  87. 

  88. Let's break down the parts of this message.

  89. 

  90. * `[package.Type]`: The package.Type of the modifier that you want to use. In

  91.   this case, it's "header.Modifier", which is the name of the modifier that

  92.   sets headers (to learn more about the `header.Modifier`, please

  93.   refer to the [modifier reference](https://github.com/google/martian/wiki/Modifier-Reference)).

  94. 

  95. * `[package.Type].scope`: Indicates whether to apply to the modifier to

  96.   requests, responses or both. This can be an array containing "request",

  97.   "response", or both.

  98. 

  99. * `[package.Type].[key]`: Modifier specific data. In the case of the header

  100.   modifier, we need the `name` and `value` of the header.

  101. 

  102. This is a simple configuration, for more complex configurations, modifiers are

  103. combined with groups and filters to compose the desired behavior.

  104. 

  105. To configure Martian, `POST` the JSON to `http://martian.proxy/modifiers`. You'll

  106. want to use whatever mechanism your language of choice provides you to make

  107. HTTP requests, but for demo purposes, curl works (assuming your configuration

  108. is in a file called `modifier.json`).

  109. 

  110.         curl -x localhost:8080 \

  111.              -X POST \

  112.              -H "Content-Type: application/json" \

  113.              -d @modifier.json \

  114.                 "http://martian.proxy/configure"

  115. 

  116. ### Intercepting HTTPS Requests and Responses

  117. Martian supports modifying HTTPS requests and responses if configured to do so.

  118. 

  119. In order for Martian to intercept HTTPS traffic a custom CA certificate must be

  120. installed in the browser so that connection warnings are not shown.

  121. 

  122. The easiest way to install the CA certificate is to start the proxy with the

  123. necessary flags to use a custom CA certificate and private key using the `-cert`

  124. and `-key` flags, or to have the proxy generate one using the `-generate-ca-cert`

  125. flag.

  126. 

  127. After the proxy has started, visit http://martian.proxy/authority.cer in the

  128. browser configured to use the proxy and a prompt will be displayed to install

  129. the certificate.

  130. 

  131. Several flags are available in `examples/main.go` to help configure MITM

  132. functionality:

  133. 

  134.     -key=""

  135.       PEM encoded private key file of the CA certificate provided in -cert; used

  136.       to sign certificates that are generated on-the-fly

  137.     -cert=""

  138.       PEM encoded CA certificate file used to generate certificates

  139.     -generate-ca-cert=false

  140.       generates a CA certificate and private key to use for man-in-the-middle;

  141.       most users choosing this option will immediately visit

  142.       http://martian.proxy/authority.cer in the browser whose traffic is to be

  143.       intercepted to install the newly generated CA certificate

  144.     -organization="Martian Proxy"

  145.       organization name set on the dynamically-generated certificates during

  146.       man-in-the-middle

  147.     -validity="1h"

  148.       window of time around the time of request that the dynamically-generated

  149.       certificate is valid for; the duration is set such that the total valid

  150.       timeframe is double the value of validity (1h before & 1h after)

  151. 

  152. ### Check Verifiers

  153. Let's assume that you've configured Martian to verify the presence a specific

  154. header in responses to a specific URL.

  155. 

  156. Here's a configuration to verify that all requests to `example.com` return

  157. responses with a `200 OK`.

  158. 

  159.           {

  160.             "url.Filter": {

  161.               "scope": ["request", "response"],

  162.               "host" : "example.com",

  163.               "modifier" : {

  164.                 "status.Verifier": {

  165.                   "scope" : ["response"],

  166.                   "statusCode": 200

  167.                 }

  168.               }

  169.             }

  170.           }

  171. 

  172. Once Martian is running, configured and the requests and resultant responses you

  173. wish to verify have taken place, you can verify your expectation that you only

  174. got back `200 OK` responses.

  175. 

  176. To check verifications, perform

  177. 

  178.     GET http://martian.proxy/verify

  179. 

  180. Failed expectations are tracked as errors, and the list of errors are retrieved

  181. by making a `GET` request to `host:port/martian/verify`, which will return

  182. a list of errors:

  183. 

  184.       {

  185.           "errors" : [

  186.               {

  187.                   "message": "response(http://example.com) status code verify failure: got 500, want 200"

  188.               },

  189.               {

  190.                   "message": "response(http://example.com/foo) status code verify failure: got 500, want 200"

  191.               }

  192.           ]

  193.       }

  194. 

  195. Verification errors are held in memory until they are explicitly cleared by

  196. 

  197.     POST http://martian.proxy/verify/reset

  198. 

  199. ## Martian as a Library

  200. Martian can also be included into any Go program and used as a library.

  201. 

  202. ## Modifiers All The Way Down

  203. Martian's request and response modification system is designed to be general

  204. and extensible. The design objective is to provide individual modifier

  205. behaviors that can arranged to build out nearly any desired modification.

  206. 

  207. When working with Martian to compose behaviors, you'll need to be familiar with

  208. these different types of interactions:

  209. 

  210. * Modifiers: Changes the state of a request or a response

  211. * Filters: Conditionally allows a contained Modifier to execute

  212. * Groups: Bundles multiple modifiers to be executed in the order specified in

  213.   the group

  214. * Verifiers: Tracks network traffic against expectations

  215. 

  216. Modifiers, filters and groups all implement `RequestModifer`,

  217. `ResponseModifier` or `RequestResponseModifier` (defined in

  218. [`martian.go`](https://github.com/google/martian/blob/master/martian.go)).

  219. 

  220. ```go

  221. ModifyRequest(req *http.Request) error

  222. 

  223. ModifyResponse(res *http.Response) error

  224. ```

  225. 

  226. Throughout the code (and this documentation) you'll see the word "modifier"

  227. used as a term that encompasses modifiers, groups and filters. Even though a

  228. group does not modify a request or response, we still refer to it as a

  229. "modifier".

  230. 

  231. We refer to anything that implements the `modifier` interface as a Modifier.

  232. 

  233. ### Parser Registration

  234. Each modifier must register its own parser with Martian. The parser is

  235. responsible for parsing a JSON message into a Go struct that implements a

  236. modifier interface.

  237. 

  238. Martian holds modifier parsers as a map of strings to functions that is built

  239. out at run-time. Each modifier is responsible for registering its parser with a

  240. call to `parse.Register` in `init()`.

  241. 

  242. Signature of parse.Register:

  243. 

  244. ```go

  245. Register(name string, parseFunc func(b []byte) (interface{}, error))

  246. ```

  247. 

  248. Register takes in the key as a string in the form `package.Type`. For

  249. instance, `cookie_modifier` registers itself with the key `cookie.Modifier` and

  250. `query_string_filter` registers itself as `querystring.Filter`. This string is

  251. the same as the value of `name` in the JSON configuration message.

  252. 

  253. In the following configuration message, `header.Modifier` is how the header

  254. modifier is registered in the `init()` of `header_modifier.go`.

  255. 

  256.     {

  257.       "header.Modifier": {

  258.         "scope": ["response"],

  259.         "name" : "Test-Header",

  260.         "value" : "true"

  261.       }

  262.     }

  263. 

  264. Example of parser registration from `header_modifier.go`:

  265. 

  266. ```go

  267. func init() {

  268.   parse.Register("header.Modifier", modifierFromJSON)

  269. }

  270. 

  271. func modifierFromJSON(b []byte) (interface{}, error) {

  272.   ...

  273. }

  274. ```

  275. 

  276. ### Adding Your Own Modifier

  277. If you have a use-case in mind that we have not developed modifiers, filters or

  278. verifiers for, you can easily extend Martian to your very specific needs.

  279. 

  280. There are 2 mandatory parts of a modifier:

  281. 

  282. * Implement the modifier interface

  283. * Register the parser

  284. 

  285. Any Go struct that implements those interfaces can act as a `modifier`.

  286. 

  287. ## Contact

  288. For questions and comments on how to use Martian, features announcements, or

  289. design discussions check out our public Google Group at

  290. https://groups.google.com/forum/#!forum/martianproxy-users.

  291. 

  292. For security related issues please send a detailed report to our private core

  293. group at martianproxy-core@googlegroups.com.

  294. 

  295. ## Disclaimer

  296. This is not an official Google product (experimental or otherwise), it is just

  297. code that happens to be owned by Google.