Skip to content

Commit

Permalink
Much simpler rule model, exporting to mongol
Browse files Browse the repository at this point in the history
  • Loading branch information
@pomo-mondreganto
pomo-mondreganto committed Nov 27, 2021
1 parent 4b932c8 commit cdec08d
Show file tree
Hide file tree
Showing 40 changed files with 2,421 additions and 1,524 deletions.
46 changes: 38 additions & 8 deletions cmd/goxy/main.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,18 +2,23 @@ package main

import (
"context"
"net/http"
"os"
"os/signal"
"syscall"
"time"

"github.com/gin-gonic/gin"
"github.com/sirupsen/logrus"
"github.com/spf13/pflag"
"github.com/spf13/viper"
"google.golang.org/grpc"

"goxy/internal/common"
"goxy/internal/export"
"goxy/internal/grpcauth"
"goxy/internal/proxy"
"goxy/internal/web"
"net/http"
"os"
"os/signal"
"syscall"
"time"
)

var (
Expand All @@ -31,7 +36,8 @@ func main() {
parseConfig()

cfg := parseProxyConfig()
m := runProxyManager(cfg)
producer := createMongolProducer(cfg)
m := runProxyManager(cfg, producer)

s := web.NewServer(m)
httpServer := startHttpServer(s)
Expand Down Expand Up @@ -87,6 +93,30 @@ func parseConfig() {
}
}

func createMongolConnection(addr, token string) *grpc.ClientConn {
var opts []grpc.DialOption
opts = append(opts, grpc.WithInsecure())
if token != "" {
interceptor := grpcauth.NewClientInterceptor(token)
opts = append(opts, grpc.WithUnaryInterceptor(interceptor.Unary()))
opts = append(opts, grpc.WithStreamInterceptor(interceptor.Stream()))
}
conn, err := grpc.Dial(addr, opts...)
if err != nil {
logrus.Fatalf("dialing grpc: %v", err)
}
return conn
}

func createMongolProducer(cfg *common.ProxyConfig) *export.ProducerClient {
if cfg.Mongol == nil {
logrus.Info("Mongol exporter is disabled")
return nil
}
conn := createMongolConnection(cfg.Mongol.Addr, cfg.Mongol.Token)
return export.NewProducerClient(conn)
}

func parseProxyConfig() *common.ProxyConfig {
cfg := new(common.ProxyConfig)
if err := viper.Unmarshal(&cfg); err != nil {
Expand All @@ -95,8 +125,8 @@ func parseProxyConfig() *common.ProxyConfig {
return cfg
}

func runProxyManager(cfg *common.ProxyConfig) *proxy.Manager {
m, err := proxy.NewManager(cfg)
func runProxyManager(cfg *common.ProxyConfig, producer *export.ProducerClient) *proxy.Manager {
m, err := proxy.NewManager(cfg, producer)
if err != nil {
logrus.Fatalf("Error creating proxy manager: %v", err)
}
Expand Down
39 changes: 21 additions & 18 deletions config.yml
View file
Original file line number Diff line number Diff line change
@@ -1,59 +1,59 @@
rules:
####### TCP RULES ########
- name: regex_kek
type: tcp::regex
type: regex
args:
- "ke?k"

- name: contains_attack
type: tcp::contains
type: contains
args:
- "attack"

- name: ingress_not_contains_legit
type: tcp::ingress::not::contains
type: ingress::not::contains
args:
- "legit"

- name: volgactf_flag
type: tcp::volgactf_flag
args:
- "JCPOmYvE0bRQ4t6B-yu7cz3dp8F1IVWeXgn5AwkZfqa9_UxDThjKNiMlSL2GHosr."
# - name: volgactf_flag
# type: volgactf_flag
# args:
# - "JCPOmYvE0bRQ4t6B-yu7cz3dp8F1IVWeXgn5AwkZfqa9_UxDThjKNiMlSL2GHosr."
######## END TCP RULES #########


######## HTTP RULES #########
- name: http_form_username_contains_admin
type: http::form::array::any::contains
type: form::any::contains
field: username
args:
- "admi"

- name: http_body_contains_pt
type: http::ingress::body::contains
type: ingress::body::contains
args:
- "../"

- name: curl_request
type: http::headers::any::icontains
type: headers::any::icontains
field: "User-Agent"
args:
- "cUrl"

- name: requests
type: http::headers::any::contains
type: headers::any::contains
field: "User-Agent"
args:
- "python-requests"

- name: not_requests_2184
type: http::ingress::not::headers::contains
type: ingress::not::headers::contains
field: "User-Agent"
args:
- "python-requests/2.18.4"

- name: "http_volgactf"
type: http::transform_volga
# - name: "http_volgactf"
# type: transform_volga
######## END HTTP RULES #########

services:
Expand All @@ -62,8 +62,8 @@ services:
listen: 0.0.0.0:1337
target: 127.0.0.1:1338
filters:
- rule: volgactf_flag
verdict: "alert::flag transformed"
# - rule: volgactf_flag
# verdict: "alert::flag transformed"
- rule: regex_kek
verdict: inc::keks
- rule: egress
Expand Down Expand Up @@ -91,9 +91,12 @@ services:
verdict: "alert::requests"
- rule: not_requests_2184
verdict: "alert::not requests 2.18.4"
- rule: http_volgactf
verdict: "alert::flag transformed"
# - rule: http_volgactf
# verdict: "alert::flag transformed"

web:
username: admin
password: 1234

mongol:
addr: 127.0.0.1:5139
3 changes: 3 additions & 0 deletions go.mod
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,8 +6,11 @@ require (
github.com/gin-contrib/cors v1.3.1
github.com/gin-contrib/gzip v0.0.3
github.com/gin-gonic/gin v1.6.3
github.com/google/uuid v1.1.2
github.com/sirupsen/logrus v1.7.0
github.com/spf13/pflag v1.0.3
github.com/spf13/viper v1.7.1
go.uber.org/atomic v1.4.0
google.golang.org/grpc v1.42.0
google.golang.org/protobuf v1.27.1
)
Loading

0 comments on commit cdec08d

Please sign in to comment.