starred/Proxyman
1
0
Fork 0
mirror of https://github.com/ProxymanApp/Proxyman.git synced 2026-04-26 16:45:57 +03:00
Code Issues 1.2k Projects Releases 5 Packages Wiki Activity

[GH-ISSUE #795] Scripting the request causes the Host header to change #789

New issue
Open
opened 2026-03-03 19:21:54 +03:00 by kerem · 4 comments
kerem commented 2026-03-03 19:21:54 +03:00
Owner
Copy link

Originally created by @nilayp on GitHub (Feb 19, 2021).
Original GitHub issue: https://github.com/ProxymanApp/Proxyman/issues/795

Originally assigned to: @NghiaTranUIT on GitHub.

Proxyman version? (Ex. Proxyman 1.4.3)

2.18

macOS Version? (Ex. mac 10.14)

10.15.7

Steps to reproduce

  1. Start capturing requests with SSL Proxy enabled. Execute the request without scripting enabled. Request is successful and the Host header has no port number.
192_168_125_150_and_aws-v4signature_–___Dropbox_Documents_Backblaze_B2_projects_aws-v4signature_aws-v4signature_py

  1. Enable scripting for the request.
    Scripting_and_192_168_125_150_and_aws-v4signature_–___Dropbox_Documents_Backblaze_B2_projects_aws-v4signature_aws-v4signature_py

  2. Resend the same request. Proxy will fail because Proxyman appended the Host header to include the port number.

192_168_125_150_and_aws-v4signature_–___Dropbox_Documents_Backblaze_B2_projects_aws-v4signature_aws-v4signature_py

The request I'm making is a very basic GET request with an Authorization token and one Query parameter called VersionId. This is executing against AWS S3.

Nothing I can do allows me to remove the port number from Proxyman. I tried to edit the request manually, or use a script to edit it. I tried to toggle the "preserveHostHeader" flag. If the scripting is enabled, a port number is appended. If the script is not enabled, no port number is appended.

I also copied the request as a cUrl command from Proxyman, removed the port number from the Host header and it was successful. I'm 100% confident my request is correct, if the port number isn't present.

The script I used it very basic and does nothing more than log the request content.

function onRequest(context, url, request) {
  console.log(request);
  return request;
}

The logged console output does not include the port number appended to the Host header. It seems the port is appended somewhere after the script execution.

---------------------------------
11:37:27.379: [onRequest] with Request ID=13
{
	"headers": {
		"x-amz-content-sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855",
		"User-Agent": "python-urllib3/1.26.3",
		"Host": "nilayp-versioned.s3-us-west-1.amazonaws.com",
		"x-amz-date": "20210219T193727Z",
		"Accept-Encoding": "identity",
		"Authorization": [omitted]
	},
	"schema": "https",
	"path": "/mytextfile.txt",
	"port": 443,
	"host": "nilayp-versioned.s3-us-west-1.amazonaws.com",
	"queries": {
		"versionId": [omitted]
	},
	"method": "GET",
	"preserveHostHeader": false
}
11:37:27.380 onRequest() is executed!
----------------------------------
Originally created by @nilayp on GitHub (Feb 19, 2021). Original GitHub issue: https://github.com/ProxymanApp/Proxyman/issues/795 Originally assigned to: @NghiaTranUIT on GitHub. ### Proxyman version? (Ex. Proxyman 1.4.3) 2.18 ### macOS Version? (Ex. mac 10.14) 10.15.7 ### Steps to reproduce 1. Start capturing requests with SSL Proxy enabled. Execute the request without scripting enabled. Request is successful and the Host header has no port number. <img width="1247" alt="192_168_125_150_and_aws-v4signature_–___Dropbox_Documents_Backblaze_B2_projects_aws-v4signature_aws-v4signature_py" src="https://user-images.githubusercontent.com/744246/108552790-a303b980-72a6-11eb-966b-448f00b27cfa.png"> 2. Enable scripting for the request. <img width="1249" alt="Scripting_and_192_168_125_150_and_aws-v4signature_–___Dropbox_Documents_Backblaze_B2_projects_aws-v4signature_aws-v4signature_py" src="https://user-images.githubusercontent.com/744246/108552889-c4fd3c00-72a6-11eb-8083-883d4af8fa5a.png"> 3. Resend the same request. Proxy will fail because Proxyman appended the Host header to include the port number. <img width="1248" alt="192_168_125_150_and_aws-v4signature_–___Dropbox_Documents_Backblaze_B2_projects_aws-v4signature_aws-v4signature_py" src="https://user-images.githubusercontent.com/744246/108553101-0ee62200-72a7-11eb-8df4-f1fada4b4049.png"> The request I'm making is a very basic GET request with an Authorization token and one Query parameter called VersionId. This is executing against AWS S3. Nothing I can do allows me to remove the port number from Proxyman. I tried to edit the request manually, or use a script to edit it. I tried to toggle the "preserveHostHeader" flag. If the scripting is enabled, a port number is appended. If the script is not enabled, no port number is appended. I also copied the request as a cUrl command from Proxyman, removed the port number from the Host header and it was successful. I'm 100% confident my request is correct, if the port number isn't present. The script I used it very basic and does nothing more than log the request content. ``` function onRequest(context, url, request) { console.log(request); return request; } ``` The logged console output does not include the port number appended to the Host header. It seems the port is appended somewhere after the script execution. ``` --------------------------------- 11:37:27.379: [onRequest] with Request ID=13 { "headers": { "x-amz-content-sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "User-Agent": "python-urllib3/1.26.3", "Host": "nilayp-versioned.s3-us-west-1.amazonaws.com", "x-amz-date": "20210219T193727Z", "Accept-Encoding": "identity", "Authorization": [omitted] }, "schema": "https", "path": "/mytextfile.txt", "port": 443, "host": "nilayp-versioned.s3-us-west-1.amazonaws.com", "queries": { "versionId": [omitted] }, "method": "GET", "preserveHostHeader": false } 11:37:27.380 onRequest() is executed! ---------------------------------- ```
kerem commented 2026-03-03 19:21:55 +03:00
Author
Owner
Copy link

@NghiaTranUIT commented on GitHub (Feb 20, 2021):

Hi @nilayp, by default, Proxyman will construct the Host header from the Host and port, so it appears as you see.

It's useful if we'd map to different Host and Port (e.g. mydomain.com to localhost:3000).

I suppose that I should omit the port if it's using a default port (80 for HTTP and 443 for HTTPS), so it can resolve your problem 😄

<!-- gh-comment-id:782571787 --> @NghiaTranUIT commented on GitHub (Feb 20, 2021): Hi @nilayp, by default, Proxyman will construct the Host header from the Host and port, so it appears as you see. It's useful if we'd map to different Host and Port (e.g. `mydomain.com` to `localhost:3000`). I suppose that I should omit the port if it's using a default port (80 for HTTP and 443 for HTTPS), so it can resolve your problem 😄
kerem commented 2026-03-03 19:21:55 +03:00
Author
Owner
Copy link

@NghiaTranUIT commented on GitHub (Feb 20, 2021):

@nilayp Please try this Beta build: https://proxyman.s3.us-east-2.amazonaws.com/beta/Proxyman_2.18.0_Omit_Default_Port_In_Host_Header_Script.dmg

This build will omit the default port: 443 for HTTPS and 80 for HTTP 👍

Screen_Shot_2021-02-20_at_14_25_16
<!-- gh-comment-id:782580847 --> @NghiaTranUIT commented on GitHub (Feb 20, 2021): @nilayp Please try this Beta build: https://proxyman.s3.us-east-2.amazonaws.com/beta/Proxyman_2.18.0_Omit_Default_Port_In_Host_Header_Script.dmg This build will omit the default port: 443 for HTTPS and 80 for HTTP 👍 <img width="1653" alt="Screen_Shot_2021-02-20_at_14_25_16" src="https://user-images.githubusercontent.com/5878421/108588128-25b17500-738a-11eb-88e4-c3d26d65ff2e.png">
kerem commented 2026-03-03 19:21:55 +03:00
Author
Owner
Copy link

@nilayp commented on GitHub (Feb 20, 2021):

@NghiaTranUIT - Thank you so much. I can confirm this has worked.

Just so you know why this is important - AWS request headers are signed on the client side. When received by AWS (or service that is using AWS compatible requests) - elements of the request are used to compute a signature... if the newly computed signature does not matches the signature provided in the request, the request is rejected by the service.

One of the required headers in the signature calculation is "Host". When it changed, the signatures no longer matched.

Thanks again for the super fast turnaround! It is much appreciated.

<!-- gh-comment-id:782704421 --> @nilayp commented on GitHub (Feb 20, 2021): @NghiaTranUIT - Thank you so much. I can confirm this has worked. Just so you know why this is important - AWS request headers are signed on the client side. When received by AWS (or service that is using AWS compatible requests) - elements of the request are used to compute a signature... if the newly computed signature does not matches the signature provided in the request, the request is rejected by the service. One of the required headers in the signature calculation is "Host". When it changed, the signatures no longer matched. Thanks again for the super fast turnaround! It is much appreciated.
kerem commented 2026-03-03 19:21:55 +03:00
Author
Owner
Copy link

@NghiaTranUIT commented on GitHub (Feb 21, 2021):

Glad to know that it works for you 🎉

<!-- gh-comment-id:782781906 --> @NghiaTranUIT commented on GitHub (Feb 21, 2021): Glad to know that it works for you 🎉
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
6.9.0
6.8.0
6.7.0
6.6.0
6.5.0
6.4.0
6.3.0
6.2.0
6.1.0
6.0.2
6.0.0
6.0.1
5.25.0
5.24.0
5.23.0
5.23.1
5.22.0
5.20.0
5.21.0
5.19.0
5.18.0
5.17.0
5.16.0
5.15.0
5.14.0
5.12.2
5.12.1
5.12.0
5.11.0
5.10.0
5.8.0
5.9.0
5.7.0
5.6.1
5.6.0
5.5.0
5.4.0
5.2.0
5.3.0
5.1.1
5.0.0
4.16.0
4.15.0
4.14.0
4.13.0
4.12.0
4.11.0
4.10.0
4.9.1
4.9.0
4.8.2
4.8.1
4.8.0
4.7.1
4.7.0
4.6.1
4.6.0
4.5.0
4.4.0
4.3.1
4.3.0
4.2.1
4.2.0
4.1.0
4.0.0
3.15.0
3.14.0
3.13.0
3.12.0
3.11.0
3.10.0
3.9.0
3.8.0
3.7.0
3.6.2
3.6.1
3.6.0
3.5.2
3.5.1
3.5.0
3.4.0
3.3.0
3.2.0
3.1.0
3.0.0
2.35.4
2.35.3
2.35.2
2.35.1
2.35.0
2.34.1
2.34.0
2.33.0
2.32.1
2.32.0
2.31.0
2.30.0
2.29.0
2.28.0
2.27.0
2.26.0
2.25.0
2.24.0
2.23.0
2.22.0
2.21.1
2.21.0
2.20.0
2.19.0
2.18.0
2.17.0
2.16.1
2.16.0
2.15.2
2.15.1
2.15.0
2.14.2
2.14.1
2.14.0
2.13.0
2.12.0
2.11.1
2.11.0
2.10.0
2.9.1
2.9.0
2.8.0
2.7.0
2.6.0
2.5.3
2.5.2
2.5.1
2.5.0
2.4.2
2.4.1
2.4.0
2.3.0
2.2.0
2.1.1
2.1.0
2.0.1
2.0.0
1.24.0
1.23.0
1.22.0
1.21.0
1.20.0
1.19.0
1.18.1
1.18.0
1.17.1
1.17.0
1.16.0
1.15.0
1.14.1
1.14.0
1.13.1
1.13.0
1.12.0
1.11.0
1.10.0
1.9.3
1.9.2
1.9.1
1.9.0
1.8.0
1.7.2
1.7.1
1.7.0
1.6.2
1.6.1
1.6.0
1.5.1
1.5.0
1.4.7
1.4.6
1.4.5.1
1.4.5
1.4.4.1
1.4.4
1.4.3
1.4.2
1.4.1.1
1.4.1
1.4
1.3.9
1.3.8
1.3.7
1.3.6
1.3.5
1.3.4.3
1.3.4.2
1.3.4.1
1.3.4
1.3.3
1.3.2
1.3.1
1.3
1.2
1.1.2
1.1.1
1.1
1.0.3
1.0.2
1.0
0.8.1
0.8
0.7
0.6
0.5.1
0.5
v0.4.1
Labels
Clear labels   
Discussion

   
Feature request

   
In Progress...

   
Plugins

   
Waiting response

   
Windows

   
Windows

   
bug

   
duplicate

   
enhancement

   
feature

   
good first issue

   
iOS

   
macOS 10.11

   
question

   
wontfix

   
Done
No labels
Discussion
Feature request
In Progress...
Plugins
Waiting response
Windows
Windows
bug
duplicate
enhancement
feature
good first issue
iOS
macOS 10.11
question
wontfix
Done
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/Proxyman#789
No description provided.