public
/
misp
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Reverse-Proxy for exposing the Host through a Firewall.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
92 Commits
5 Branches
0 Tags
5.3 MiB
 
 
 
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
Go to file
io42630 cdac2c6562
+ add sym enc 		1 year ago
forward refactor 1 year ago
helper + add sym enc 1 year ago
mirror refactor 1 year ago
reverse refactor 1 year ago
.gitignore migration complete - working! 1 year ago
.tool-versions migration complete - working! 1 year ago
LICENSE.md + servlets interact 5 years ago
README.md refactor 1 year ago
build-all.sh migration complete - working! 1 year ago
docker-compose.yaml refactor 1 year ago
down.sh migration complete - working! 1 year ago
dup.sh migration complete - working! 1 year ago
flow.uxf refactor 1 year ago
overview.png + querying for supply implemented. 5 years ago
overview.uxf ~ release. 5 years ago
push.sh refactor 1 year ago

README.md

About

The goal of this project is to bypass the limitations caused by ISPs blocking incoming connections. To do so, the proxy reverse is created. reverse sends Ride objects to another proxy, which is called forward. forward waits for a request from the user, and inserts the request into the Ride object received form reverse. The Ride object is then sent back to reverse. reverse subsequently forwards the request contained in the Ride object to the app. Upon recieving a reply with data from app, reverse will forward this data to forward, which in turn will finally forward it to the user.

Control

Routing / Access Control
  • currently, there is a 1:1 mapping between forward and reverse.
    • thus any Ride "submitted" to forward will naturally be selected, and circle back to reverse.
  • thus forward and Ride can both be stateless.
  • if any access control, name resolution, port forwarding were to happen, it would be done in reverse.

Overview

What works:

  • Forwarding GET requests (including HTTPS).

What does not work:

  • Handling 301 (Moved Permanently).
  • Forwarding PUT requests - if needed, the logic might be quickly added to doPut in forward.

Run / Deploy

How to Run / Debug

  • com.olexyn.misp.embedded.RunAll.main()

How to Deploy

  • Set the URIs in code.
  • Build (e.g. with build-install-all.sh)
  • Put the generated forward-0.1.war in a servlet container (e.g. Jetty).
  • Launch the reverse-0.1.jar on your host.

Security Considerations

  • user might access other resources (i.e. another app)
    • user might manipulate the app URL
      • the URL of the app is provided as ENV
      • reverse calls said URL.
      • the URL is never transmitted over the network
      • the Ride object which forward receives contains only the original request and the response payload from app
    • user might use redirect magic
      • user can not manipulate URL directly
      • but if the server is not properly configured, the user might exploit that
      • thus only expose local servers that you consider hardened.
      • TODO possibly do some Header editing, before calling app URL in Tools.send()

Considerations How to add multiple host mapping

  • keep forward agnostic
    • supply parameter to / indicating desired target service
  • in reverse
    • maintain a map of desired service -> URL