add: customContent replacement in request.Body

2026-01-23 02:24:05 +00:00 · 2024-10-18 14:51:41 +02:00 · 2024-10-18 14:51:41 +02:00 · bee8be0134
commit bee8be0134
parent 5804f03873
3 changed files with 60 additions and 0 deletions
--- a/core/proxy/handler.go
+++ b/core/proxy/handler.go
@ -5,12 +5,14 @@ import (
 	"bytes"
 	"encoding/json"
 	"fmt"
+	"io"
 	"io/ioutil"
 	"net/http"
 	"net/url"
 	"regexp"
 	"strconv"
 	"strings"
+	"unicode/utf8"

 	"github.com/evilsocket/islazy/tui"
 	. "github.com/logrusorgru/aurora"
@ -134,6 +136,54 @@ func (muraena *MuraenaProxy) RequestProcessor(request *http.Request) (err error)
 		request.Header.Set("User-Agent", sess.Config.Transform.Request.UserAgent)
 	}

+	//
+	// BODY
+	//
+	// Transform body
+	if len(sess.Config.Transform.Request.CustomContent) > 0 {
+
+		// Make sure the content type is not binary
+
+		if request.Body != nil {
+			r := request.Body
+			buf, err := ioutil.ReadAll(r)
+			if err != nil {
+				log.Error("unable to transform request body: %s", err)
+				goto skip
+			}
+			err = request.Body.Close()
+			if err != nil {
+				log.Error("unable to transform request body: %s", err)
+				goto skip
+			}
+
+			defer r.Close()
+
+			// CustomContent is an [][]string containing the following:
+			// [0] is the string to be replaced
+			// [1] is the string to replace with
+			// Example: [["foo", "bar"], ["bar", "foo"]]
+			if !utf8.Valid(buf) {
+				log.Debug("skip binary content from request body replacement in %s", request.URL.Path)
+				goto skip
+			}
+
+			bodyString := string(buf)
+			for _, cc := range sess.Config.Transform.Request.CustomContent {
+				bodyString = strings.Replace(bodyString, cc[0], cc[1], -1)
+			}
+
+			request.Body = io.NopCloser(bytes.NewReader([]byte(bodyString)))
+			request.ContentLength = int64(len(bodyString))
+			request.Header.Set("Content-Length", strconv.Itoa(len(bodyString)))
+
+		}
+	}
+
+skip:
+	{
+	}
+
 	//
 	// HEADERS
 	//
--- a/docs/config/transform.md
+++ b/docs/config/transform.md
@ -54,6 +54,13 @@ Commonly headers to transform include:
 - `Origin`
 - `X-Forwarded-For`

+#### `customContent`
+`customContent` defines a list of content transformation rules to be applied to body.
+
+The rules are defined as a list of pairs, where the first element is the search string and the second element is the
+replacement string. `customContent` works by searching for the `search` string in the response content and replacing it
+with the `replace` string.
+

 #### `remove`
 ##### `headers`
--- a/session/config.go
+++ b/session/config.go
@ -85,6 +85,9 @@ type Configuration struct {
 			// Headers list to consider for the transformation
 			Headers []string `toml:"headers"`

+			// CustomContent Transformations
+			CustomContent [][]string `toml:"customContent"`
+
 			Remove struct {
 				Headers []string `toml:"headers"`
 			} `toml:"remove"`