[SOLVED] How to locally proxy/spoof a single web page?

fang2415 · 04-11-2011, 04:57 PM

I'm wondering if there's a way to locally proxy or spoof just one web page. That is, use tsocks or hosts or something so that when I run an application that requests http://example.com/specialpage.html, it receives /home/user/myversion.html, but for any other address it gets the normal page.

Seems simple enough, if a little unusual... (I'm trying to work around a wget bug.) Does anybody know if there's a convenient way to do this?

corp769 · 04-11-2011, 05:02 PM

Well if anything, could you give us details about the wget bug that you are experiencing?

Josh

fang2415 · 04-11-2011, 05:05 PM

Sure thing -- it's this one: https://savannah.gnu.org/bugs/index.php?33044

The bug can be solved by changing robots.txt on the server side, so I'm hoping to fool wget into thinking that /home/user/robots.txt is really example.com/robots.txt.

corp769 · 04-11-2011, 05:08 PM

Well can't you tell wget to not use the robots.txt file?

fang2415 · 04-11-2011, 05:23 PM

Sorry, I wasn't completely clear: the bug can only be worked around if the target server's robots file contains a particular rule, which it currently does not contain. So I need wget to think that some file containing that rule is example.com's robots file. But since I can't write to example.com/robots.txt, I want to substitute a local file for it.

Sorry, I didn't want to have to dive into the bug logic which is why I left it out at first. But hopefully it doesn't matter too much...

fang2415 · 04-13-2011, 05:36 PM

Anybody at least have any hints on what tools to check out for this? tsocks? squid? Both together? White-hat MITM stuff? Should I try the software forum instead?

What I'm trying to do should at least be possible in theory, right?

stormpunk · 04-22-2011, 11:42 PM

Use squid and the url_rewrite_program option in it. Squid passes in a url, your program should check if it's the url you want to intercept. Set up a squid ACL to only bother with requests for the particular machine(s) that you want to intercept.

fang2415 · 04-25-2011, 11:05 PM

Hey, just saw your reply -- I'll need to play around with that a bit before I understand it all, but it sounds promising, thanks for the tip!

stormpunk · 04-26-2011, 02:15 PM

Post back if you need more help. I had a similar setup for an employee that just couldn't stay off of facebook so I had his computer go to a shock site if he tried to play any of the facebook games. It worked.

corp769 · 04-26-2011, 06:17 PM

One thing I just thought of, not sure if it was mentioned or not - How about changing your hosts file and point example.com to a different address? That's what I do when I want to mess with people

fang2415 · 04-27-2011, 03:22 AM

Quote:

Originally Posted by stormpunk

Use squid and the url_rewrite_program option in it. Squid passes in a url, your program should check if it's the url you want to intercept. Set up a squid ACL to only bother with requests for the particular machine(s) that you want to intercept.

Hey hey, I've got some squid success! Although there are a couple things I'm still getting stuck on:

I can't figure out how to redirect the url to a local file. I can replace 'http://example.com/whatever' with 'http://mydomain.com/whatever' -- obviously that's fine as long as there's a web server somewhere that I control, but it'd be a lot tidier if I could actually point those url requests straight at /home/fang2415/myfile.txt.

Also, squid works out of the box on my Debian system, but seems to refuse all connections when installed on my Ubuntu (10.10) box, even though the squid.conf files are the same. I haven't done a lot of searching for solutions to this yet, but any hints would be much appreciated -- the squid configuration learning curve is a little steep where I'm standing. (EDIT: Just reinstalled squid and redid everything and it's working on the Ubuntu box now. Might've had a typo in there or something.)

Quote:

Originally Posted by corp769

One thing I just thought of, not sure if it was mentioned or not - How about changing your hosts file and point example.com to a different address? That's what I do when I want to mess with people

I thought something like this might be easier than tackling a squid configuration, but will it work for particular files, or only domains? That is, I would guess that you could use this method to map example.com to mydomain.com, but not to map example.com/robots.txt to mydomain.com/robots_replacement.txt? 'man hosts' says that host names can contain only alphanumerics, '-', and '.', so it doesn't seem like it could handle '/'? Or is there a better way of doing this that I'm overlooking? It would be great if that worked since then I could avoid squid altogether.

In case other dummies like me are interested, here's how I got the squid method working to spoof example.com/robots.txt:

Code:

sudo apt-get install squid

Wrote the following (which I found here) to /home/fang2415/bin/redirect.pl:

Code:

#! /usr/bin/perl
# enable buffer autoflush
$|=1;
# read from standard input
while (<STDIN>) { 
        # perform string substitution:
        # replace example.com/robots.txt with mydomain.com/robots_replacement.txt
        s@http://example.com/robots.txt@http://mydomain.com/robots_replacement.txt@; 
        # print result to standard output
        print STDOUT; 
}

Added the following lines to /etc/squid/squid.conf:

Code:

acl redirect dstdomain .example.com
url_rewrite_access allow redirect
url_rewrite_program /home/fang2415/bin/redirect.pl

Then did

Code:

sudo squid -k reconfigure

Then added the following to .wgetrc:

Code:

http_proxy = localhost:3128/

(Or to test it, set Firefox's manual proxy to 127.0.0.1:3128).

Whew. I'm glad to have a workaround, and many thanks to stormpunk for the suggestion! ...But it does seem like a slightly overweight solution -- if anybody has any ideas on how to simplify it using only a hosts file or anything else, I'd appreciate it!