The net.proxy tool allows to quickly spin up monitoring of web applications and retrieving netcap audit records.
Since currently, TCP stream reassembly is only supported for IPv4, netcap misses HTTP traffic over IPv6 when decoding traffic from raw packets.
By using a simple reverse proxy for HTTP traffic, the operating system handles the stream reassembly and we can make sure no IPv6 traffic is missed.
Spin up a single proxy instance from the commandline:
$ net.proxy -local 127.0.0.1:4000 -remote http://google.com
Specifiy a custom config file for proxying multiple services:
$ net.proxy -config example_config.yml
The default config path is net.proxy-config.yml, so if this file exists in the folder where you execute the proxy, you do not need to specify it on the commandline.
For proxying several services, you need to provide a config file, here is a simple example:
# Proxies map holds all reverse proxiesproxies:service1:local: 127.0.0.1:443remote: http://127.0.0.1:8080tls: true​service2:local: 127.0.0.1:9999remote: http://192.168.1.20​service3:local: 127.0.0.1:7000remote: https://google.com​# CertFile for TLS secured connectionscertFile: "certs/cert.crt"​# KeyFile for TLS secured connectionskeyFile: "certs/cert.key"​# Logdir is used as destination for the logfilelogdir: "logs"
Usage of net.proxy:-version boolprint netcap package version and exit-config stringset config file path (default "net.proxy-config.yml")-debugset debug mode-dialTimeout intseconds until dialing to the backend times out (default 30)-idleConnTimeout intseconds until a connection times out (default 90)-local stringset local endpoint-maxIdle intmaximum number of idle connections (default 120)-remote stringset remote endpoint-skipTlsVerifyskip TLS verification-tlsTimeout intseconds until a TLS handshake times out (default 15)