Remote | Proxy For Http Injector

hijacker, ok := w.(http.Hijacker) if !ok { http.Error(w, "Hijacking not supported", http.StatusInternalServerError) return } clientConn, _, err := hijacker.Hijack() if err != nil { log.Printf("Hijack error: %v", err) return } defer clientConn.Close()

func handle(w http.ResponseWriter, r *http.Request) { dest := r.Header.Get("X-Real-Host") if dest == "" { dest = r.Host } if dest == "" { http.Error(w, "Missing destination", 400) return }

func main() { server := &http.Server{ Addr: ":8080", Handler: http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { if r.Method == http.MethodConnect { handleTunnel(w, r) return } http.Error(w, "Only CONNECT method allowed", http.StatusMethodNotAllowed) }), } log.Fatal(server.ListenAndServe()) }

type connPool struct { sync.Mutex conns map[string][]net.Conn } func (p *connPool) Get(addr string) net.Conn { p.Lock() defer p.Unlock() if pool, ok := p.conns[addr]; ok && len(pool) > 0 { conn := pool[len(pool)-1] p.conns[addr] = pool[:len(pool)-1] return conn } return nil } remote proxy for http injector

destConn, err := net.Dial("tcp", dest) if err != nil { log.Printf("Failed to connect to %s: %v", dest, err) http.Error(w, err.Error(), http.StatusBadGateway) return } defer destConn.Close()

go func() { io.Copy(destConn, clientConn) }() io.Copy(clientConn, destConn) }

func (p *connPool) Put(addr string, conn net.Conn) { p.Lock() defer p.Unlock() p.conns[addr] = append(p.conns[addr], conn) } A public remote proxy will be scanned and abused immediately. Implement: IP-based authentication var allowedIPs = map[string]bool{ "192.168.1.100": true, "203.0.113.50": true, } func checkIP(r *http.Request) bool { ip := strings.Split(r.RemoteAddr, ":")[0] return allowedIPs[ip] } TLS (HTTPS) for the proxy control port // Generate certs or use Let's Encrypt log.Fatal(http.ListenAndServeTLS(":8443", "server.crt", "server.key", nil)) Payload size limits & timeouts server := &http.Server{ Addr: ":8080", ReadTimeout: 10 * time.Second, WriteTimeout: 10 * time.Second, IdleTimeout: 30 * time.Second, Handler: myHandler, } 7. Full Production-Ready Example (Minimal) package main import ( "flag" "io" "log" "net" "net/http" "strings" "time" ) hijacker, ok := w

func main() { flag.Parse() http.HandleFunc("/", handle) log.Printf("Remote proxy listening on %s", *listenAddr) log.Fatal(http.ListenAndServe(*listenAddr, nil)) } Build:

Configure HTTP Injector with proxy type HTTP → Host your-server-ip → Port 8080 . It will work as a standard tunnel. 4. Adding Injector-Specific Payload Support HTTP Injector often sends custom payloads – not just CONNECT. For example, it might send a crafted HTTP request with a Host header that contains the real destination inside a query parameter or a custom header like X-Forward-Host .

// Ensure port is present if !strings.Contains(dest, ":") { dest = dest + ":80" // default to HTTP } It will work as a standard tunnel

func main() { http.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) { // Handle both CONNECT and normal HTTP requests with custom payload if r.Method == http.MethodConnect { handleInjectorTunnel(w, r) return } handleInjectorTunnel(w, r) // also handle GET/POST injector payloads })

func handleTunnel(w http.ResponseWriter, r *http.Request) { // Extract destination from CONNECT request destConn, err := net.Dial("tcp", r.Host) if err != nil { http.Error(w, err.Error(), http.StatusServiceUnavailable) return } defer destConn.Close()