Skip to content

Instantly share code, notes, and snippets.

@siddMahen
Created December 29, 2011 17:30
Show Gist options
  • Save siddMahen/1535143 to your computer and use it in GitHub Desktop.
Save siddMahen/1535143 to your computer and use it in GitHub Desktop.
Looking for un-encrypted POST data

Proxy-hackz

This little script basically looks at it's traffic and prints the guts out of any passing POST bodies. Useful to help find out if your site (or a site you use) is leaking private data.

Setup

To set this up on Mac OSX, perform the following.

  1. Download the gist and run it using
node proxy-hackz.js
  1. Navigate to System Preferences > Network > Advanced... > Proxies > Web Proxy (HTTP). In the Web Proxy Server field type in localhost and in the port field to the right enter 8080.

  2. Click OK and then Apply.

Side-effects

Some sites such as Wikipedia or HN will have a little trouble loading.

Disclaimer

This is for educational and checking purposes only. I (Siddharth Mahendraker) hereby absolve myself of all blame or liability regarding your use of this script.

var http = require('http'),
qstr = require("querystring");
http.createServer(function(request, response) {
request.setEncoding("utf8");
var data = "";
if(request.method == "POST"){
request.on("data", function(chunk){
data += chunk.toString();
});
request.on("end", function(){
var frmt = qstr.parse(data);
console.log(request.url);
Object.keys(frmt).forEach(function(elem){
console.log(elem+": "+frmt[elem]);
});
});
}
var proxy = http.createClient(80, request.headers['host'])
var proxy_request = proxy.request(request.method, request.url, request.headers);
proxy_request.addListener('response', function (proxy_response) {
proxy_response.addListener('data', function(chunk) {
response.write(chunk, 'binary');
});
proxy_response.addListener('end', function() {
response.end();
});
response.writeHead(proxy_response.statusCode, proxy_response.headers);
});
request.addListener('data', function(chunk) {
proxy_request.write(chunk, 'binary');
});
request.addListener('end', function() {
proxy_request.end();
});
}).listen(8080);
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment