Looking for un-encrypted POST data

README.md

Proxy-hackz

This little script basically looks at it's traffic and prints the guts out of any passing POST bodies. Useful to help find out if your site (or a site you use) is leaking private data.

Setup

To set this up on Mac OSX, perform the following.

1. Download the gist and run it using

node proxy-hackz.js

2. Navigate to System Preferences > Network > Advanced... > Proxies > Web Proxy (HTTP). In the Web Proxy Server field type in localhost and in the port field to the right enter 8080.

3. Click OK and then Apply.

Side-effects

Some sites such as Wikipedia or HN will have a little trouble loading.

Disclaimer

This is for educational and checking purposes only. I (Siddharth Mahendraker) hereby absolve myself of all blame or liability regarding your use of this script.

proxy-hackz.js

var http = require('http'),
    qstr = require("querystring");

http.createServer(function(request, response) {
  request.setEncoding("utf8");

  var data = "";
  if(request.method == "POST"){
    request.on("data", function(chunk){
        data += chunk.toString();
    });
    request.on("end", function(){
        var frmt = qstr.parse(data);
        console.log(request.url);
        Object.keys(frmt).forEach(function(elem){
            console.log(elem+": "+frmt[elem]);
        });
    });
  }

  var proxy = http.createClient(80, request.headers['host'])
  var proxy_request = proxy.request(request.method, request.url, request.headers);
  proxy_request.addListener('response', function (proxy_response) {
    proxy_response.addListener('data', function(chunk) {
      response.write(chunk, 'binary');
    });
    proxy_response.addListener('end', function() {
      response.end();
    });
    response.writeHead(proxy_response.statusCode, proxy_response.headers);
  });
  request.addListener('data', function(chunk) {
    proxy_request.write(chunk, 'binary');
  });
  request.addListener('end', function() {
    proxy_request.end();
  });
}).listen(8080);