Tohuwabohu excorcism

User Tools

Site Tools

Trace:
devops:mock:hoverfly

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
devops:mock:hoverfly [2023/06/22 13:55] skipidardevops:mock:hoverfly [2023/11/01 07:15] (current) – ↷ Page moved from camunda:devops:mock:hoverfly to devops:mock:hoverfly skipidar
Line 5: Line 5:
 Like CA LISA: http://www.itko.com/solutions/service_virtualization.jsp Like CA LISA: http://www.itko.com/solutions/service_virtualization.jsp
  
 +Microservices and "HoverFly"
 +https://www.linkedin.com/pulse/hoverfly-virtualizing-microservices-testing-eldad-uzman
  
 === Hoverfly === === Hoverfly ===
Line 15: Line 17:
  
  
-DOcumentation: https://media.readthedocs.org/pdf/hoverfly/v0.10.2/hoverfly.pdf+Documentation: https://media.readthedocs.org/pdf/hoverfly/v0.10.2/hoverfly.pdf
  
 Repository: https://github.com/SpectoLabs/hoverfly Repository: https://github.com/SpectoLabs/hoverfly
Line 23: Line 25:
  
  
-=== Starting and logging in ===+=== Starting hoverfly ===
  
-<code+<sxh js
-hoverctl.exe start + 
-hoverctl.exe login --username hfadmin --password hfpass +# start 
-</code>+hoverfly \ 
 + -ap 8006 \ 
 + -pp 8005 \ 
 + -username "admin"
 + -password "pass"
 + -listen-on-host 0.0.0.0 \ 
 + -logs-file "/tmp/hoverfly.log" 
 + 
 +start on windows 
 +.\hoverfly ` 
 + -ap 8888 ` 
 + -pp 8005 ` 
 + -username "admin"
 + -password "pass"
 + -listen-on-host 0.0.0.0 ` 
 + -logs-file "/tmp/hoverfly.log" 
 +</sxh>
  
 === Enable proxy === === Enable proxy ===
Line 47: Line 65:
 {{https://lh3.googleusercontent.com/-8dnh5dt_ang/Ws9S5EzW08I/AAAAAAAAAH4/z_vzOIsdJOEGUlgJ5WnHgK0nUzb2fJEnwCHMYCw/s0/2018-04-12_14-36-52.png}} {{https://lh3.googleusercontent.com/-8dnh5dt_ang/Ws9S5EzW08I/AAAAAAAAAH4/z_vzOIsdJOEGUlgJ5WnHgK0nUzb2fJEnwCHMYCw/s0/2018-04-12_14-36-52.png}}
  
-And recode the traffic, e.g. by navigating the REST api URLs manually.+And record the traffic, e.g. by navigating the REST api URLs manually.
  
 Then export the strategy.json Then export the strategy.json
 +
 <code> <code>
 hoverctl export simulation.json hoverctl export simulation.json
Line 66: Line 85:
  
  
-=== The  ===+=== how do I configure Ubuntu OS, to route all HTTP and HTTPS traffic via a HTTP proxy as a gateway?  ===
  
 Ideally one would not want to configure the application under test. Ideally one would not want to configure the application under test.
Line 75: Line 94:
 the tool *proxychains* is recommended. the tool *proxychains* is recommended.
  
 +
 +@Deprecated
 https://github.com/haad/proxychains https://github.com/haad/proxychains
 +
 +Replacement
 +https://github.com/rofl0r/proxychains-ng
 +
 +
 +== Install proxychains ==
 +
 +<sxh shell>
 +sudo apt update
 +sudo apt install proxychains4
 +</sxh>
 +
 +
 +== Configure the proxychain ==
 +
 +**sudo vim /etc/proxychains.conf**
 +
 +<sxh shell>
 +# proxychains.conf  VER 3.1
 +#
 +#        HTTP, SOCKS4, SOCKS5 tunneling proxifier with DNS.
 +#
 +
 +# The option below identifies how the ProxyList is treated.
 +# only one option should be uncommented at time,
 +# otherwise the last appearing option will be accepted
 +#
 +#dynamic_chain
 +#
 +# Dynamic - Each connection will be done via chained proxies
 +# all proxies chained in the order as they appear in the list
 +# at least one proxy must be online to play in chain
 +# (dead proxies are skipped)
 +# otherwise EINTR is returned to the app
 +#
 +strict_chain
 +#
 +# Strict - Each connection will be done via chained proxies
 +# all proxies chained in the order as they appear in the list
 +# all proxies must be online to play in chain
 +# otherwise EINTR is returned to the app
 +#
 +#random_chain
 +#
 +# Random - Each connection will be done via random proxy
 +# (or proxy chain, see  chain_len) from the list.
 +# this option is good to test your IDS :)
 +
 +# Make sense only if random_chain
 +#chain_len = 2
 +
 +# Quiet mode (no output from library)
 +#quiet_mode
 +
 +# Proxy DNS requests - no leak for DNS data
 +proxy_dns
 +
 +# Some timeouts in milliseconds
 +tcp_read_time_out 15000
 +tcp_connect_time_out 8000
 +
 +# ProxyList format
 +#       type  host  port [user pass]
 +#       (values separated by 'tab' or 'blank')
 +#
 +#
 +#        Examples:
 +#
 +#               socks5  192.168.67.78   1080    lamer   secret
 +#               http    192.168.89.3    8080    justu   hidden
 +#               socks4  192.168.1.49    1080
 +#               http    192.168.39.93   8080
 +#
 +#
 +#       proxy types: http, socks4, socks5
 +#        ( auth types supported: "basic"-http  "user/pass"-socks )
 +#
 +[ProxyList]
 +# add proxy here ...
 +# meanwile
 +# defaults set to "tor"
 +http    127.0.0.1       8005
 +</sxh>
 +
 +
 +*note* :
 +
 +"proxy_dns" is key here, otherwise the certificates of "hoverfly" wont be accepted.
 +
 +
 +== Make the OS trust the hoverfly CA certificate ==
 +
 +Add it to the trusted certificates https://ubuntu.com/server/docs/security-trust-store
 +
 +<sxh shell>
 +# get the hoverfly cert
 +wget https://raw.githubusercontent.com/SpectoLabs/hoverfly/master/core/cert.pem -O /tmp/hovercert_ca.crt
 +
 +sudo apt-get install -y ca-certificates
 +sudo cp /tmp/hovercert_ca.crt /usr/local/share/ca-certificates
 +sudo update-ca-certificates
 +</sxh>
 +
 +
 +
 +== Call some URL with proxy in the middle ==
 +
 +Now you can make "proxychains" curl a "https" URL and it works with the proxy inbetween.
 +
 +
 +<sxh shell>
 +proxychains curl -iv https://google.com
 +
 +
 +[proxychains] config file found: /etc/proxychains.conf
 +[proxychains] preloading /usr/lib/x86_64-linux-gnu/libproxychains.so.4
 +[proxychains] DLL init: proxychains-ng 4.14
 +*   Trying 224.0.0.1:443...
 +* TCP_NODELAY set
 +[proxychains] Strict chain  ...  127.0.0.1:8005  ...  google.com:443  ...  OK
 +* Connected to google.com (127.0.0.1) port 443 (#0)
 +* ALPN, offering h2
 +* ALPN, offering http/1.1
 +* successfully set certificate verify locations:
 +*   CAfile: /etc/ssl/certs/ca-certificates.crt
 +  CApath: /etc/ssl/certs
 +* TLSv1.3 (OUT), TLS handshake, Client hello (1):
 +* TLSv1.3 (IN), TLS handshake, Server hello (2):
 +* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
 +* TLSv1.3 (IN), TLS handshake, Certificate (11):
 +* TLSv1.3 (IN), TLS handshake, CERT verify (15):
 +* TLSv1.3 (IN), TLS handshake, Finished (20):
 +* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
 +* TLSv1.3 (OUT), TLS handshake, Finished (20):
 +* SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256
 +* ALPN, server did not agree to a protocol
 +* Server certificate:
 +*  subject: O=GoProxy untrusted MITM proxy Inc; CN=google.com
 +*  start date: Jan  1 00:00:00 1970 GMT
 +*  expire date: Dec 31 00:00:00 2049 GMT
 +*  subjectAltName: host "google.com" matched cert's "google.com"
 +*  issuer: O=Hoverfly Authority; CN=hoverfly.proxy
 +*  SSL certificate verify ok.
 +> GET / HTTP/1.1
 +> Host: google.com
 +> User-Agent: curl/7.68.0
 +> Accept: */*
 +>
 +* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
 +* Mark bundle as not supporting multiuse
 +< HTTP/1.1 301 Moved Permanently
 +HTTP/1.1 301 Moved Permanently
 +< Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
 +Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
 +< Cache-Control: private, max-age=2592000
 +Cache-Control: private, max-age=2592000
 +< Connection: close
 +Connection: close
 +< Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-iSN12G9UbZBSihIw67Ct5w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp
 +Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-iSN12G9UbZBSihIw67Ct5w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp
 +< Content-Type: text/html; charset=UTF-8
 +Content-Type: text/html; charset=UTF-8
 +< Date: Fri, 23 Jun 2023 06:30:08 GMT
 +Date: Fri, 23 Jun 2023 06:30:08 GMT
 +< Expires: Fri, 23 Jun 2023 06:30:08 GMT
 +Expires: Fri, 23 Jun 2023 06:30:08 GMT
 +< Hoverfly: Was-Here
 +Hoverfly: Was-Here
 +< Location: https://www.google.com/
 +Location: https://www.google.com/
 +< P3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
 +P3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
 +< Server: gws
 +Server: gws
 +< Set-Cookie: CONSENT=PENDING+692; expires=Sun, 22-Jun-2025 06:30:08 GMT; path=/; domain=.google.com; Secure
 +Set-Cookie: CONSENT=PENDING+692; expires=Sun, 22-Jun-2025 06:30:08 GMT; path=/; domain=.google.com; Secure
 +< Transfer-Encoding: chunked
 +Transfer-Encoding: chunked
 +< X-Frame-Options: SAMEORIGIN
 +X-Frame-Options: SAMEORIGIN
 +< X-Xss-Protection: 0
 +X-Xss-Protection: 0
 +
 +<
 +<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
 +<TITLE>301 Moved</TITLE></HEAD><BODY>
 +<H1>301 Moved</H1>
 +The document has moved
 +<A HREF="https://www.google.com/">here</A>.
 +</BODY></HTML>
 +* Closing connection 0
 +* TLSv1.3 (OUT), TLS alert, close notify (256):
 +</sxh>
 +
  
devops/mock/hoverfly.1687442141.txt.gz · Last modified: by skipidar