NETCAP
OverviewGitHubHomepageGoDoc
Search…
v0.5
Overview
Audit Records
Specification
Installation
Quickstart
Configuration
Bash Completion
Packet Collection
Audit Record Labeling
HTTP Proxy
USB Capture
Payload Capture
Distributed Collection
Workers
Filtering and Export
Data Compression
Internals
Metrics
Resolvers
TLS Fingerprinting
Reassembly
Deep Packet Inspection
Live Capture
Maltego Integration
Logging
Packet Contexts
Industrial Control Systems
File Extraction
Email Extraction
Device Profiles
Python Integration
Changelog
Troubleshooting
Unit Tests
Extension
Downloads
Docker Containers
FAQ
Contributing
License
Powered By GitBook
HTTP Proxy
Inspect traffic to web applications with a HTTP reverse proxy

Motivation

The proxy tool allows to quickly spin up monitoring of web applications and retrieving netcap audit records.
Since currently, TCP stream reassembly is only supported for IPv4, netcap misses HTTP traffic over IPv6 when decoding traffic from raw packets. Also there is currently no support implemented for decoding HTTP2 over TCP or QUIC.
By using a simple reverse proxy for HTTP traffic, the operating system handles the stream reassembly and we can make sure no IPv6 and / or HTTP2 traffic is missed.

Usage

Spin up a single proxy instance from the commandline:
$ net proxy -local 127.0.0.1:4000 -remote http://google.com
Specifiy a custom config file for proxying multiple services with the -proxy-config flag:
1
$ net proxy -proxy-config example_config.yml
Copied!
The default config path is net.proxy-config.yml, so if this file exists in the folder where you execute the proxy, you do not need to specify it on the commandline.

Configuration

For proxying several services, you need to provide a config file, here is a simple example:
1
# Proxies map holds all reverse proxies
2
proxies:
3
service1:
4
local: 127.0.0.1:443
5
remote: http://127.0.0.1:8080
6
tls: true
7
​
8
service2:
9
local: 127.0.0.1:9999
10
remote: http://192.168.1.20
11
​
12
service3:
13
local: 127.0.0.1:7000
14
remote: https://google.com
15
​
16
# CertFile for TLS secured connections
17
certFile: "certs/cert.crt"
18
​
19
# KeyFile for TLS secured connections
20
keyFile: "certs/cert.key"
21
​
22
# Logdir is used as destination for the logfile
23
logdir: "logs"
Copied!

Help

1
Usage of net proxy:
2
-version bool
3
print netcap package version and exit
4
-config string
5
set config file path (default "net.proxy-config.yml")
6
-debug
7
set debug mode
8
-dialTimeout int
9
seconds until dialing to the backend times out (default 30)
10
-idleConnTimeout int
11
seconds until a connection times out (default 90)
12
-local string
13
set local endpoint
14
-maxIdle int
15
maximum number of idle connections (default 120)
16
-remote string
17
set remote endpoint
18
-skipTlsVerify
19
skip TLS verification
20
-tlsTimeout int
21
seconds until a TLS handshake times out (default 15)
Copied!
Previous
Audit Record Labeling
Next
USB Capture
Last modified 1yr ago
Copy link
Contents
Motivation
Usage
Configuration
Help