go-http-proxy-to-socks/resources/example_gohpts.yaml at main · shadowy-pycoder/go-http-proxy-to-socks · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
# bind proxy to specific network interface (either by interface name or index)
interface: "eth0" # if specified, overrides http server IP address
ipv6_enabled: false # this must be enabled for ndpspoof

http_server:
  enabled: true
  address: 127.0.0.1:8080
  # username and password for adding basic authentication (comment out to disable auth)
  username: username
  password: password
  # comment out these to use HTTP instead of HTTPS
  cert_file: ~/local.crt
  key_file: ~/local.key

# list of socks5 proxy
# if proxy_chain is disabled, uses first server in a list as upstream
proxy_list:
  - address: 127.0.0.1:1080
    # username and password are optional
    username: username
    password: password
  - address: 127.0.0.1:1081
  - address: :1082 # empty host means localhost

proxy_chain:
  enabled: false
  # Explanations for chains taken from /etc/proxychains4.conf

  # strict - Each connection will be done via chained proxies
  # all proxies chained in the order as they appear in the list
  # all proxies must be online to play in chain

  # dynamic - Each connection will be done via chained proxies
  # all proxies chained in the order as they appear in the list
  # at least one proxy must be online to play in chain
  # (dead proxies are skipped)

  # random - Each connection will be done via random proxy
  # (or proxy chain, see  chain_len) from the list.
  # this option is good to test your IDS :)

  # round_robin - Each connection will be done via chained proxies
  # of chain_len length
  # all proxies chained in the order as they appear in the list
  # at least one proxy must be online to play in chain
  # (dead proxies are skipped).
  # the start of the current proxy chain is the proxy after the last
  # proxy in the previously invoked proxy chain.
  # if the end of the proxy chain is reached while looking for proxies
  # start at the beginning again.
  # These semantics are not guaranteed in a multithreaded environment.
  type: strict # dynamic, strict, random, round_robin
  length: 2 # maximum number of proxy in a chain (works only for random chain and round_robin chain)

logging:
  debug: true
  json: false
  # defaults to standard output
  #logfile: /tmp/gohpts.log
  # use colored output in logs (no effect if json enabled)
  nocolor: false
  # profiling data
  pprof: 127.0.0.1:8081

sniffing:
  enabled: true
  # defaults to logfile
  #snifflog: /tmp/gohpts_sniff.log
  # collect request and response body for HTTP traffic (credentials, tokens, etc)
  body: true

transparent_proxy:
  tcp:
    enabled: false
    address: 0.0.0.0:8888
    # number of instances of transparent proxy server (Default: number of CPU cores)
    workers: 1
  udp:
    enabled: false
    address: 0.0.0.0:8889
    # number of instances of transparent UDP proxy server (Default: number of CPU cores)
    workers: 1
  mode: "tproxy" # available modes are "redirect", "tproxy" (udp requires tproxy mode)
  disable_http: false
  # automatically setup iptables and kernel parameters for transparent proxy (requires elevated privileges)
  auto: true
  # dump iptables rules and other system settings generated by auto setting
  dump_rules: false
  # list of ports to ignore when proxying traffic (Example: [22,80,443,9092])
  ignored_ports: []
  # set mark for each packet sent through transparent proxy (Default: redirect 0, tproxy 100)
  mark: 100

arpspoof:
  enabled: false
  # see https://github.com/shadowy-pycoder/arpspoof for settings explanation
  settings: "targets 192.168.10.0/24;fullduplex true;debug true;interval 10s"
ndpspoof:
  enabled: false
  # see https://github.com/shadowy-pycoder/ndpspoof for settings explanation
  settings: "ra true;na true;targets fe80::3a1c:7bff:fe22:91a4,fe80::b6d2:4cff:fe9a:5f10;fullduplex true;debug true;prefix 2001:db8:7a31:4400::/64;router_lifetime 30s;interval 10s;mtu 1500;packet HRD F2 DSDS"

# dns filters require udp transparent proxy and arpspoof/ndpspoof
# filters accept hosts like entries (use either links, file paths or just plain comma separated lists
dns_filter:
  enabled: true
  whitelist: ["/tmp/whitelisted_domains.txt"]
  blacklist:
    ["https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts"]
  blacklist_all: false # block all non whitelisted domains
  spooflist: ["127.0.0.1 example.com"]

pcap:
  enabled: false
  # see https://github.com/shadowy-pycoder/mshark for settings explanation
  settings: "promisc true;expr ip proto tcp;snaplen 65535;timeout 10s;packet_count 100;packet_buffer 8192;exts txt,pcap,pcapng"