Remote Proxy For Http Injector 📥

// Bidirectional copy go func() { io.Copy(destConn, clientConn) }() io.Copy(clientConn, destConn) }

func extractDestination(r *http.Request) (string, error) { // Priority 1: X-Real-Host header (common in custom payloads) if realHost := r.Header.Get("X-Real-Host"); realHost != "" { return realHost, nil } // Priority 2: Host header if r.Host != "" { return r.Host, nil } // Priority 3: Parse from URL (if GET/POST) if r.URL.Host != "" { return r.URL.Host, nil } return "", fmt.Errorf("no destination found") }

h, ok := w.(http.Hijacker) if !ok { http.Error(w, "No hijack", 500) return } clientConn, _, err := h.Hijack() if err != nil { return } defer clientConn.Close() remote proxy for http injector

// Connect to destination dialer := net.Dialer{Timeout: 10 * time.Second} destConn, err := dialer.Dial("tcp", dest) if err != nil { http.Error(w, err.Error(), 502) return } defer destConn.Close()

GET http://injector.example.com/ HTTP/1.1 Host: injected.host.com X-Real-Host: target.com:443 We need to parse the real destination from custom headers. package main import ( "bufio" "bytes" "io" "log" "net" "net/http" "strings" ) // Bidirectional copy go func() { io

hijacker, ok := w.(http.Hijacker) if !ok { http.Error(w, "Hijacking not supported", http.StatusInternalServerError) return } clientConn, _, err := hijacker.Hijack() if err != nil { log.Printf("Hijack error: %v", err) return } defer clientConn.Close()

// Send 200 Connection Established clientConn.Write([]byte("HTTP/1.1 200 Connection Established\r\n\r\n")) r *http.Request) { dest

func (p *connPool) Put(addr string, conn net.Conn) { p.Lock() defer p.Unlock() p.conns[addr] = append(p.conns[addr], conn) } A public remote proxy will be scanned and abused immediately. Implement: IP-based authentication var allowedIPs = map[string]bool{ "192.168.1.100": true, "203.0.113.50": true, } func checkIP(r *http.Request) bool { ip := strings.Split(r.RemoteAddr, ":")[0] return allowedIPs[ip] } TLS (HTTPS) for the proxy control port // Generate certs or use Let's Encrypt log.Fatal(http.ListenAndServeTLS(":8443", "server.crt", "server.key", nil)) Payload size limits & timeouts server := &http.Server{ Addr: ":8080", ReadTimeout: 10 * time.Second, WriteTimeout: 10 * time.Second, IdleTimeout: 30 * time.Second, Handler: myHandler, } 7. Full Production-Ready Example (Minimal) package main import ( "flag" "io" "log" "net" "net/http" "strings" "time" )

func handleInjectorTunnel(w http.ResponseWriter, r *http.Request) { dest, err := extractDestination(r) if err != nil { http.Error(w, "Missing destination", http.StatusBadRequest) return }

go func() { io.Copy(destConn, clientConn) }() io.Copy(clientConn, destConn) }

// Ensure port is present if !strings.Contains(dest, ":") { dest = dest + ":80" // default to HTTP }