Differences

This shows you the differences between two versions of the page.

--- devops:mock:hoverfly [2023/06/22 13:55] – skipidar
+++ devops:mock:hoverfly [2023/11/01 07:15] (current) – ↷ Page moved from camunda:devops:mock:hoverfly to devops:mock:hoverfly skipidar
@@ Line 5: / Line 5: @@
 Like CA LISA: http://www.itko.com/solutions/service_virtualization.jsp
+Microservices and "HoverFly"
+https://www.linkedin.com/pulse/hoverfly-virtualizing-microservices-testing-eldad-uzman
 === Hoverfly ===
@@ Line 15: / Line 17: @@
-DOcumentation: https://media.readthedocs.org/pdf/hoverfly/v0.10.2/hoverfly.pdf
+Documentation: https://media.readthedocs.org/pdf/hoverfly/v0.10.2/hoverfly.pdf
 Repository: https://github.com/SpectoLabs/hoverfly
@@ Line 23: / Line 25: @@
-=== Starting and logging in ===
+=== Starting hoverfly ===
-<code>
+<sxh js>
-hoverctl.exe start
-hoverctl.exe login --username hfadmin --password hfpass
+# start
-</code>
+hoverfly \
+	-ap 8006 \
+	-pp 8005 \
+	-username "admin" \
+	-password "pass" \
+	-listen-on-host 0.0.0.0 \
+	-logs-file "/tmp/hoverfly.log"
+# start on windows
+.\hoverfly `
+	-ap 8888 `
+	-pp 8005 `
+	-username "admin" `
+	-password "pass" `
+	-listen-on-host 0.0.0.0 `
+	-logs-file "/tmp/hoverfly.log"
+</sxh>
 === Enable proxy ===
@@ Line 47: / Line 65: @@
 {{https://lh3.googleusercontent.com/-8dnh5dt_ang/Ws9S5EzW08I/AAAAAAAAAH4/z_vzOIsdJOEGUlgJ5WnHgK0nUzb2fJEnwCHMYCw/s0/2018-04-12_14-36-52.png}}
-And recode the traffic, e.g. by navigating the REST api URLs manually.
+And record the traffic, e.g. by navigating the REST api URLs manually.
 Then export the strategy.json
 <code>
 hoverctl export simulation.json
@@ Line 75: / Line 94: @@
 the tool *proxychains* is recommended.
+@Deprecated
 https://github.com/haad/proxychains
+Replacement
+https://github.com/rofl0r/proxychains-ng
+== Install proxychains ==
+<sxh shell>
+sudo apt update
+sudo apt install proxychains4
+</sxh>
+== Configure the proxychain ==
+**sudo vim /etc/proxychains.conf**
+<sxh shell>
+# proxychains.conf  VER 3.1
+#
+#        HTTP, SOCKS4, SOCKS5 tunneling proxifier with DNS.
+#
+# The option below identifies how the ProxyList is treated.
+# only one option should be uncommented at time,
+# otherwise the last appearing option will be accepted
+#
+#dynamic_chain
+#
+# Dynamic - Each connection will be done via chained proxies
+# all proxies chained in the order as they appear in the list
+# at least one proxy must be online to play in chain
+# (dead proxies are skipped)
+# otherwise EINTR is returned to the app
+#
+strict_chain
+#
+# Strict - Each connection will be done via chained proxies
+# all proxies chained in the order as they appear in the list
+# all proxies must be online to play in chain
+# otherwise EINTR is returned to the app
+#
+#random_chain
+#
+# Random - Each connection will be done via random proxy
+# (or proxy chain, see  chain_len) from the list.
+# this option is good to test your IDS :)
+# Make sense only if random_chain
+#chain_len = 2
+# Quiet mode (no output from library)
+#quiet_mode
+# Proxy DNS requests - no leak for DNS data
+proxy_dns
+# Some timeouts in milliseconds
+tcp_read_time_out 15000
+tcp_connect_time_out 8000
+# ProxyList format
+#       type  host  port [user pass]
+#       (values separated by 'tab' or 'blank')
+#
+#
+#        Examples:
+#
+#               socks5  192.168.67.78   1080    lamer   secret
+#               http    192.168.89.3    8080    justu   hidden
+#               socks4  192.168.1.49    1080
+#               http    192.168.39.93   8080
+#
+#
+#       proxy types: http, socks4, socks5
+#        ( auth types supported: "basic"-http  "user/pass"-socks )
+#
+[ProxyList]
+# add proxy here ...
+# meanwile
+# defaults set to "tor"
+http    127.0.0.1       8005
+</sxh>
+*note* :
+"proxy_dns" is key here, otherwise the certificates of "hoverfly" wont be accepted.
+== Make the OS trust the hoverfly CA certificate ==
+Add it to the trusted certificates https://ubuntu.com/server/docs/security-trust-store
+<sxh shell>
+# get the hoverfly cert
+wget https://raw.githubusercontent.com/SpectoLabs/hoverfly/master/core/cert.pem -O /tmp/hovercert_ca.crt
+sudo apt-get install -y ca-certificates
+sudo cp /tmp/hovercert_ca.crt /usr/local/share/ca-certificates
+sudo update-ca-certificates
+</sxh>
+== Call some URL with proxy in the middle ==
+Now you can make "proxychains" curl a "https" URL and it works with the proxy inbetween.
+<sxh shell>
+proxychains curl -iv https://google.com
+[proxychains] config file found: /etc/proxychains.conf
+[proxychains] preloading /usr/lib/x86_64-linux-gnu/libproxychains.so.4
+[proxychains] DLL init: proxychains-ng 4.14
+*   Trying 224.0.0.1:443...
+* TCP_NODELAY set
+[proxychains] Strict chain  ...  127.0.0.1:8005  ...  google.com:443  ...  OK
+* Connected to google.com (127.0.0.1) port 443 (#0)
+* ALPN, offering h2
+* ALPN, offering http/1.1
+* successfully set certificate verify locations:
+*   CAfile: /etc/ssl/certs/ca-certificates.crt
+  CApath: /etc/ssl/certs
+* TLSv1.3 (OUT), TLS handshake, Client hello (1):
+* TLSv1.3 (IN), TLS handshake, Server hello (2):
+* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
+* TLSv1.3 (IN), TLS handshake, Certificate (11):
+* TLSv1.3 (IN), TLS handshake, CERT verify (15):
+* TLSv1.3 (IN), TLS handshake, Finished (20):
+* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
+* TLSv1.3 (OUT), TLS handshake, Finished (20):
+* SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256
+* ALPN, server did not agree to a protocol
+* Server certificate:
+*  subject: O=GoProxy untrusted MITM proxy Inc; CN=google.com
+*  start date: Jan  1 00:00:00 1970 GMT
+*  expire date: Dec 31 00:00:00 2049 GMT
+*  subjectAltName: host "google.com" matched cert's "google.com"
+*  issuer: O=Hoverfly Authority; CN=hoverfly.proxy
+*  SSL certificate verify ok.
+> GET / HTTP/1.1
+> Host: google.com
+> User-Agent: curl/7.68.0
+> Accept: */*
+>
+* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
+* Mark bundle as not supporting multiuse
+< HTTP/1.1 301 Moved Permanently
+HTTP/1.1 301 Moved Permanently
+< Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
+Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
+< Cache-Control: private, max-age=2592000
+Cache-Control: private, max-age=2592000
+< Connection: close
+Connection: close
+< Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-iSN12G9UbZBSihIw67Ct5w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp
+Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-iSN12G9UbZBSihIw67Ct5w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp
+< Content-Type: text/html; charset=UTF-8
+Content-Type: text/html; charset=UTF-8
+< Date: Fri, 23 Jun 2023 06:30:08 GMT
+Date: Fri, 23 Jun 2023 06:30:08 GMT
+< Expires: Fri, 23 Jun 2023 06:30:08 GMT
+Expires: Fri, 23 Jun 2023 06:30:08 GMT
+< Hoverfly: Was-Here
+Hoverfly: Was-Here
+< Location: https://www.google.com/
+Location: https://www.google.com/
+< P3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
+P3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
+< Server: gws
+Server: gws
+< Set-Cookie: CONSENT=PENDING+692; expires=Sun, 22-Jun-2025 06:30:08 GMT; path=/; domain=.google.com; Secure
+Set-Cookie: CONSENT=PENDING+692; expires=Sun, 22-Jun-2025 06:30:08 GMT; path=/; domain=.google.com; Secure
+< Transfer-Encoding: chunked
+Transfer-Encoding: chunked
+< X-Frame-Options: SAMEORIGIN
+X-Frame-Options: SAMEORIGIN
+< X-Xss-Protection: 0
+X-Xss-Protection: 0
+<
+<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
+<TITLE>301 Moved</TITLE></HEAD><BODY>
+<H1>301 Moved</H1>
+The document has moved
+<A HREF="https://www.google.com/">here</A>.
+</BODY></HTML>
+* Closing connection 0
+* TLSv1.3 (OUT), TLS alert, close notify (256):
+</sxh>