Tohuwabohu excorcism

User Tools

Site Tools

Trace: elk batch docker enterprise_architecture
devops:mock:hoverfly

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision		Previous revision
devops:mock:hoverfly [2022/04/29 10:39] – created skipidardevops:mock:hoverfly [2023/11/01 07:15] (current) – ↷ Page moved from camunda:devops:mock:hoverfly to devops:mock:hoverfly skipidar
Line 1: Line 1:
-===== Hoverfly =====+====== HoverFly ===== 
 + 
 +=== CA LISA === 
 +ServiceVirtualization tool. 
 +Like CA LISA: http://www.itko.com/solutions/service_virtualization.jsp 
 + 
 +Microservices and "HoverFly" 
 +https://www.linkedin.com/pulse/hoverfly-virtualizing-microservices-testing-eldad-uzman 
 + 
 +=== Hoverfly === 
 + 
 +Download 
 +http://hoverfly.readthedocs.io/en/latest/pages/introduction/downloadinstallation.html 
 + 
 + 
 +{{https://ioloop.io/_images/hoverfly.png}} 
 + 
 + 
 +Documentation: https://media.readthedocs.org/pdf/hoverfly/v0.10.2/hoverfly.pdf 
 + 
 +Repository: https://github.com/SpectoLabs/hoverfly 
 +Releases: https://github.com/SpectoLabs/hoverfly/releases/ 
 + 
 +Tutorials: http://hoverfly.readthedocs.io/en/latest/pages/tutorials/basic/basic.html# 
 + 
 + 
 +=== Starting hoverfly === 
 + 
 +<sxh js> 
 + 
 +# start 
 +hoverfly \ 
 + -ap 8006 \ 
 + -pp 8005 \ 
 + -username "admin"
 + -password "pass"
 + -listen-on-host 0.0.0.0 \ 
 + -logs-file "/tmp/hoverfly.log" 
 + 
 +# start on windows 
 +.\hoverfly ` 
 + -ap 8888 ` 
 + -pp 8005 ` 
 + -username "admin"
 + -password "pass"
 + -listen-on-host 0.0.0.0 ` 
 + -logs-file "/tmp/hoverfly.log" 
 +</sxh> 
 + 
 +=== Enable proxy === 
 + 
 +To enable the proxy - you can proxy everything. 
 +You will just have to allow the traffic to the hoverfly running on port 8888, 
 +and to the frontend running on port 8500 or 4200. 
 + 
 +Depending on the way, you started it-  via a jar or via a "ng start" 
 + 
 +{{https://lh3.googleusercontent.com/-hX1KGLONyb8/Ws9Q0wnfzsI/AAAAAAAAAHk/q2ZKskxnr9MS5JRf6DvbOgLQU42UJha9QCHMYCw/s0/2018-04-12_14-28-03.png}} 
 + 
 + 
 +=== Recording the traffic === 
 + 
 +Set the hoverfly into the "Capture mode"
 + 
 +{{https://lh3.googleusercontent.com/-8dnh5dt_ang/Ws9S5EzW08I/AAAAAAAAAH4/z_vzOIsdJOEGUlgJ5WnHgK0nUzb2fJEnwCHMYCw/s0/2018-04-12_14-36-52.png}} 
 + 
 +And record the traffic, e.g. by navigating the REST api URLs manually. 
 + 
 +Then export the strategy.json 
 + 
 +<code> 
 +hoverctl export simulation.json 
 +</code> 
 + 
 +Congratulation! You are now independent from the backend and may test the frontend - independently from backend. 
 + 
 + 
 +By just importing the recorded actions 
 +<code> 
 +hoverctl import simulation.json 
 +</code> 
 + 
 +You can see the captured datasets under the GUI 
 +{{https://lh3.googleusercontent.com/-I-pFyeIzeks/Ws9SiPJMl9I/AAAAAAAAAH0/L9sodCTtFM0ELYRJM2vjFY8JGNy5HNRMQCHMYCw/s0/2018-04-12_14-35-20.png}} 
 + 
 + 
 +=== how do I configure Ubuntu OS, to route all HTTP and HTTPS traffic via a HTTP proxy as a gateway?  === 
 + 
 +Ideally one would not want to configure the application under test. 
 + 
 +So we search for a proxification method, allowing to redirect HTTP, HTTPS traffic via a proxy transparently to the application. 
 + 
 +Here https://github.com/SpectoLabs/hoverfly/issues/774  
 +the tool *proxychains* is recommended. 
 + 
 + 
 +@Deprecated 
 +https://github.com/haad/proxychains 
 + 
 +Replacement 
 +https://github.com/rofl0r/proxychains-ng 
 + 
 + 
 +== Install proxychains == 
 + 
 +<sxh shell> 
 +sudo apt update 
 +sudo apt install proxychains4 
 +</sxh> 
 + 
 + 
 +== Configure the proxychain == 
 + 
 +**sudo vim /etc/proxychains.conf** 
 + 
 +<sxh shell> 
 +# proxychains.conf  VER 3.1 
 +
 +#        HTTP, SOCKS4, SOCKS5 tunneling proxifier with DNS. 
 +
 + 
 +# The option below identifies how the ProxyList is treated. 
 +# only one option should be uncommented at time, 
 +# otherwise the last appearing option will be accepted 
 +
 +#dynamic_chain 
 +
 +# Dynamic - Each connection will be done via chained proxies 
 +# all proxies chained in the order as they appear in the list 
 +# at least one proxy must be online to play in chain 
 +# (dead proxies are skipped) 
 +# otherwise EINTR is returned to the app 
 +
 +strict_chain 
 +
 +# Strict - Each connection will be done via chained proxies 
 +# all proxies chained in the order as they appear in the list 
 +# all proxies must be online to play in chain 
 +# otherwise EINTR is returned to the app 
 +
 +#random_chain 
 +
 +# Random - Each connection will be done via random proxy 
 +# (or proxy chain, see  chain_len) from the list. 
 +# this option is good to test your IDS :) 
 + 
 +# Make sense only if random_chain 
 +#chain_len = 2 
 + 
 +# Quiet mode (no output from library) 
 +#quiet_mode 
 + 
 +# Proxy DNS requests - no leak for DNS data 
 +proxy_dns 
 + 
 +# Some timeouts in milliseconds 
 +tcp_read_time_out 15000 
 +tcp_connect_time_out 8000 
 + 
 +# ProxyList format 
 +#       type  host  port [user pass] 
 +#       (values separated by 'tab' or 'blank'
 +
 +
 +#        Examples: 
 +
 +#               socks5  192.168.67.78   1080    lamer   secret 
 +#               http    192.168.89.3    8080    justu   hidden 
 +#               socks4  192.168.1.49    1080 
 +#               http    192.168.39.93   8080 
 +
 +
 +#       proxy types: http, socks4, socks5 
 +#        ( auth types supported: "basic"-http  "user/pass"-socks ) 
 +
 +[ProxyList] 
 +# add proxy here ... 
 +# meanwile 
 +# defaults set to "tor" 
 +http    127.0.0.1       8005 
 +</sxh> 
 + 
 + 
 +*note* : 
 + 
 +"proxy_dns" is key here, otherwise the certificates of "hoverfly" wont be accepted. 
 + 
 + 
 +== Make the OS trust the hoverfly CA certificate == 
 + 
 +Add it to the trusted certificates https://ubuntu.com/server/docs/security-trust-store 
 + 
 +<sxh shell> 
 +# get the hoverfly cert 
 +wget https://raw.githubusercontent.com/SpectoLabs/hoverfly/master/core/cert.pem -O /tmp/hovercert_ca.crt 
 + 
 +sudo apt-get install -y ca-certificates 
 +sudo cp /tmp/hovercert_ca.crt /usr/local/share/ca-certificates 
 +sudo update-ca-certificates 
 +</sxh> 
 + 
 + 
 + 
 +== Call some URL with proxy in the middle == 
 + 
 +Now you can make "proxychains" curl a "https" URL and it works with the proxy inbetween. 
 + 
 + 
 +<sxh shell> 
 +proxychains curl -iv https://google.com 
 + 
 + 
 +[proxychains] config file found: /etc/proxychains.conf 
 +[proxychains] preloading /usr/lib/x86_64-linux-gnu/libproxychains.so.4 
 +[proxychains] DLL init: proxychains-ng 4.14 
 +*   Trying 224.0.0.1:443... 
 +* TCP_NODELAY set 
 +[proxychains] Strict chain  ...  127.0.0.1:8005  ...  google.com:443  ...  OK 
 +* Connected to google.com (127.0.0.1) port 443 (#0) 
 +* ALPN, offering h2 
 +* ALPN, offering http/1.1 
 +* successfully set certificate verify locations: 
 +*   CAfile: /etc/ssl/certs/ca-certificates.crt 
 +  CApath: /etc/ssl/certs 
 +* TLSv1.3 (OUT), TLS handshake, Client hello (1): 
 +* TLSv1.3 (IN), TLS handshake, Server hello (2): 
 +* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8): 
 +* TLSv1.3 (IN), TLS handshake, Certificate (11): 
 +* TLSv1.3 (IN), TLS handshake, CERT verify (15): 
 +* TLSv1.3 (IN), TLS handshake, Finished (20): 
 +* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1): 
 +* TLSv1.3 (OUT), TLS handshake, Finished (20): 
 +* SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256 
 +* ALPN, server did not agree to a protocol 
 +* Server certificate: 
 +*  subject: O=GoProxy untrusted MITM proxy Inc; CN=google.com 
 +*  start date: Jan  1 00:00:00 1970 GMT 
 +*  expire date: Dec 31 00:00:00 2049 GMT 
 +*  subjectAltName: host "google.com" matched cert's "google.com" 
 +*  issuer: O=Hoverfly Authority; CN=hoverfly.proxy 
 +*  SSL certificate verify ok. 
 +> GET / HTTP/1.1 
 +> Host: google.com 
 +> User-Agent: curl/7.68.0 
 +> Accept: */* 
 +
 +* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4): 
 +* Mark bundle as not supporting multiuse 
 +< HTTP/1.1 301 Moved Permanently 
 +HTTP/1.1 301 Moved Permanently 
 +< Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 
 +Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 
 +< Cache-Control: private, max-age=2592000 
 +Cache-Control: private, max-age=2592000 
 +< Connection: close 
 +Connection: close 
 +< Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-iSN12G9UbZBSihIw67Ct5w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 
 +Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-iSN12G9UbZBSihIw67Ct5w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp 
 +< Content-Type: text/html; charset=UTF-8 
 +Content-Type: text/html; charset=UTF-8 
 +< Date: Fri, 23 Jun 2023 06:30:08 GMT 
 +Date: Fri, 23 Jun 2023 06:30:08 GMT 
 +< Expires: Fri, 23 Jun 2023 06:30:08 GMT 
 +Expires: Fri, 23 Jun 2023 06:30:08 GMT 
 +< Hoverfly: Was-Here 
 +Hoverfly: Was-Here 
 +< Location: https://www.google.com/ 
 +Location: https://www.google.com/ 
 +< P3p: CP="This is not a P3P policy! See g.co/p3phelp for more info." 
 +P3p: CP="This is not a P3P policy! See g.co/p3phelp for more info." 
 +< Server: gws 
 +Server: gws 
 +< Set-Cookie: CONSENT=PENDING+692; expires=Sun, 22-Jun-2025 06:30:08 GMT; path=/; domain=.google.com; Secure 
 +Set-Cookie: CONSENT=PENDING+692; expires=Sun, 22-Jun-2025 06:30:08 GMT; path=/; domain=.google.com; Secure 
 +< Transfer-Encoding: chunked 
 +Transfer-Encoding: chunked 
 +< X-Frame-Options: SAMEORIGIN 
 +X-Frame-Options: SAMEORIGIN 
 +< X-Xss-Protection:
 +X-Xss-Protection:
 + 
 +
 +<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8"> 
 +<TITLE>301 Moved</TITLE></HEAD><BODY> 
 +<H1>301 Moved</H1> 
 +The document has moved 
 +<A HREF="https://www.google.com/">here</A>
 +</BODY></HTML> 
 +* Closing connection 0 
 +* TLSv1.3 (OUT), TLS alert, close notify (256): 
 +</sxh> 
 + 
devops/mock/hoverfly.1651228748.txt.gz · Last modified: by skipidar