HTTP/HTTPS proxy over SSH.
- Local machine:
go install github.com/justmao945/mallory/cmd/mallory@latest
- Remote server: need our old friend sshd
Default path is $HOME/.config/mallory.json
, can be set when start program
mallory -config path/to/config.json
Content:
id_rsa
is the path to our private key file, can be generated byssh-keygen
local_smart
is the local address to serve HTTP proxy with smart detection of destination hostlocal_normal
is similar tolocal_smart
but send all traffic through remote SSH server without destination host detectionremote
is the remote address of SSH serverblocked
is a list of domains that need use proxy, any other domains will connect to their server directly
{
"id_rsa": "$HOME/.ssh/id_rsa",
"local_smart": ":1315",
"local_normal": ":1316",
"remote": "ssh://user@vm.me:22",
"blocked": [
"angularjs.org",
"golang.org",
"google.com",
"google.co.jp",
"googleapis.com",
"googleusercontent.com",
"google-analytics.com",
"gstatic.com",
"twitter.com",
"youtube.com"
]
}
Blocked list in config file will be reloaded automatically when updated, and you can do it manually:
# send signal to reload
kill -USR2 <pid of mallory>
# or use reload command by sending http request
mallory -reload
- Set both HTTP and HTTPS proxy to
localhost
with port1315
to use with block list - Set env var
http_proxy
andhttps_proxy
tolocalhost:1316
for terminal usage
mallory -suffix www.google.com
# install it: go get github.com/justmao945/mallory/cmd/forward
# all traffic through port 20022 will be forwarded to destination.com:22
forward -network tcp -listen :20022 -forward destination.com:22
# you can ssh to destination:22 through localhost:20022
ssh root@localhost -p 20022
- return http error when unable to dial
- add host to list automatically when unable to dial
- support multiple remote servers
Considering the following config file:
$ cat mallory.json
{
"id_rsa": "/tmp/id_rsa",
"local_smart": ":1315",
"local_normal": ":1316",
"remote": "ssh://bhenrion@10.151.0.11:22"
}
You can run the container (zoobab/mallory
) my mounting the config file, the SSH key, and mapping the 2 ports:
$ docker run -v $PWD/mallory.json:/root/.config/mallory.json -p 1316:1316 -p 1315:1315 -v $PWD/.ssh/id_rsa:/tmp/id_rsa zoobab/mallory
mallory: 2020/03/30 16:51:10 main.go:22: Starting...
mallory: 2020/03/30 16:51:10 main.go:23: PID: 1
mallory: 2020/03/30 16:51:10 config.go:103: Loading: /root/.config/mallory.json
mallory: 2020/03/30 16:51:10 main.go:30: Connecting remote SSH server: ssh://bhenrion@10.151.0.11:22
mallory: 2020/03/30 16:51:10 main.go:38: Local normal HTTP proxy: :1316
mallory: 2020/03/30 16:51:10 main.go:48: Local smart HTTP proxy: :1315
My use case was to connect to a Kubernetes cluster (Openshift) installed behind an SSH bastion:
$ export http_proxy=http://localhost:1316
$ export https_proxy=https://localhost:1316
$ oc login https://master.mycluster.zoobab.com:8443
Authentication required for https://master.mycluster.zoobab.com:8443 (openshift)
Username: bhenrion
Password:
Login successful.