Recently in one of our test sites, I had to fake my source IP, as I had to test the GUI response to multiple source IPs. I had to work using a valid browser, in my case Chrome.
The first thing I've tried is using IPFuck Chrome extension, but it failed. Chrome was aware that it is sending an additional header, and the site was blocking this behavior using the Access-Control-Allow-Headers option.
The solution in my case was to add a NGINX reverse proxy to handle the header addition. I have setup a local NGINX to proxy the request to their original target.
The NGINX run script is using docker:
docker stop faker
docker rm faker
docker run --name faker --network host -v ${PWD}/empty:/docker-entrypoint.d -v ${PWD}/nginx.conf:/etc/nginx/nginx.conf nginx
And the folder of the script contains a folder named "empty", as well as nginx.conf file:
user nginx;
worker_processes 1;
error_log /dev/stdout debug;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /dev/stdout;
sendfile on;
keepalive_timeout 65;
server {
listen 8080;
location / {
resolver 10.221.1.47;
proxy_pass http://$http_host$uri$is_args$args;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For 52.14.41.49;
}
}
}
To make the browser use the NGINX reverse proxy, I had to setup it to use the proxy localhost:8080.
Final Note
Notice that this is working for HTTP sites.
HTTPS sites should have additional configuration for the SSL support.
No comments:
Post a Comment