File: README.md

package info (click to toggle)
golang-github-google-martian 2.1.0+git20181219.d0b5ad3-3
  • links: PTS, VCS
  • area: main
  • in suites: buster
  • size: 1,140 kB
  • sloc: makefile: 3
file content (297 lines) | stat: -rw-r--r-- 10,522 bytes parent folder | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
# Martian Proxy [![Build Status](https://travis-ci.org/google/martian.svg?branch=master)](https://travis-ci.org/google/martian)

Martian Proxy is a programmable HTTP proxy designed to be used for testing.

Martian is a great tool to use if you want to:

* Verify that all (or some subset) of requests are secure
* Mock external services at the network layer
* Inject headers, modify cookies or perform other mutations of HTTP requests
  and responses
* Verify that pingbacks happen when you think they should
* Unwrap encrypted traffic (requires install of CA certificate in browser)

By taking advantage of Go cross-compilation, Martian can be deployed
anywhere that Go can target.

## Requirements

Go 1.9

## Getting Started

### Installation
Martian Proxy can be installed using `go install`

    go get github.com/google/martian/ && \
    go install github.com/google/martian/cmd/proxy

### Start the Proxy
Assuming you've installed Martian, running the proxy is as simple as

    $GOPATH/bin/proxy

If you want to see system logs as Martian is running, pass in the verbosity
flag:

    $GOPATH/bin/proxy -v=2

By default, Martian will be running on port 8080, and the Martian API will be running on 8181
. The port can be specified via flags:

    $GOPATH/bin/proxy -addr=:9999 -api-addr=:9898

### Logging
For logging of requests and responses a [logging
modifier](https://github.com/google/martian/wiki/Modifier-Reference#logging) is
available or [HAR](http://www.softwareishard.com/blog/har-12-spec/) logs are
available if the `-har` flag is used.

#### HAR Logging
To enable HAR logging in Martian call the binary with the `-har` flag:

    $GOPATH/bin/proxy -har

If the `-har` flag has been enabled two HAR related endpoints will be
available:

    GET http://martian.proxy/logs

Will retrieve the HAR log of all requests and responses seen by the proxy since
the last reset.

    DELETE http://martian.proxy/logs/reset

Will reset the in-memory HAR log. Note that the log will grow unbounded unless
it is periodically reset.

### Configure
Once Martian is running, you need to configure its behavior. Without
configuration, Martian is just proxying without doing anything to the requests
or responses. If enabled, logging will take place without additional
configuration.

Martian is configured by JSON messages sent over HTTP that take the general
form of:

    {
      "header.Modifier": {
        "scope": ["response"],
        "name": "Test-Header",
        "value": "true"
      }
    }

The above configuration tells Martian to inject a header with the name
"Test-Header" and the value "true" on all responses.

Let's break down the parts of this message.

* `[package.Type]`: The package.Type of the modifier that you want to use. In
  this case, it's "header.Modifier", which is the name of the modifier that
  sets headers (to learn more about the `header.Modifier`, please
  refer to the [modifier reference](https://github.com/google/martian/wiki/Modifier-Reference)).

* `[package.Type].scope`: Indicates whether to apply to the modifier to
  requests, responses or both. This can be an array containing "request",
  "response", or both.

* `[package.Type].[key]`: Modifier specific data. In the case of the header
  modifier, we need the `name` and `value` of the header.

This is a simple configuration, for more complex configurations, modifiers are
combined with groups and filters to compose the desired behavior.

To configure Martian, `POST` the JSON to `http://martian.proxy/modifiers`. You'll
want to use whatever mechanism your language of choice provides you to make
HTTP requests, but for demo purposes, curl works (assuming your configuration
is in a file called `modifier.json`).

        curl -x localhost:8080 \
             -X POST \
             -H "Content-Type: application/json" \
             -d @modifier.json \
                "http://martian.proxy/configure"

### Intercepting HTTPS Requests and Responses
Martian supports modifying HTTPS requests and responses if configured to do so.

In order for Martian to intercept HTTPS traffic a custom CA certificate must be
installed in the browser so that connection warnings are not shown.

The easiest way to install the CA certificate is to start the proxy with the
necessary flags to use a custom CA certificate and private key using the `-cert`
and `-key` flags, or to have the proxy generate one using the `-generate-ca-cert`
flag.

After the proxy has started, visit http://martian.proxy/authority.cer in the
browser configured to use the proxy and a prompt will be displayed to install
the certificate.

Several flags are available in `examples/main.go` to help configure MITM
functionality:

    -key=""
      PEM encoded private key file of the CA certificate provided in -cert; used
      to sign certificates that are generated on-the-fly
    -cert=""
      PEM encoded CA certificate file used to generate certificates
    -generate-ca-cert=false
      generates a CA certificate and private key to use for man-in-the-middle;
      most users choosing this option will immediately visit
      http://martian.proxy/authority.cer in the browser whose traffic is to be
      intercepted to install the newly generated CA certificate
    -organization="Martian Proxy"
      organization name set on the dynamically-generated certificates during
      man-in-the-middle
    -validity="1h"
      window of time around the time of request that the dynamically-generated
      certificate is valid for; the duration is set such that the total valid
      timeframe is double the value of validity (1h before & 1h after)

### Check Verifiers
Let's assume that you've configured Martian to verify the presence a specific
header in responses to a specific URL.

Here's a configuration to verify that all requests to `example.com` return
responses with a `200 OK`.

          {
            "url.Filter": {
              "scope": ["request", "response"],
              "host" : "example.com",
              "modifier" : {
                "status.Verifier": {
                  "scope" : ["response"],
                  "statusCode": 200
                }
              }
            }
          }

Once Martian is running, configured and the requests and resultant responses you
wish to verify have taken place, you can verify your expectation that you only
got back `200 OK` responses.

To check verifications, perform

    GET http://martian.proxy/verify

Failed expectations are tracked as errors, and the list of errors are retrieved
by making a `GET` request to `host:port/martian/verify`, which will return
a list of errors:

      {
          "errors" : [
              {
                  "message": "response(http://example.com) status code verify failure: got 500, want 200"
              },
              {
                  "message": "response(http://example.com/foo) status code verify failure: got 500, want 200"
              }
          ]
      }

Verification errors are held in memory until they are explicitly cleared by

    POST http://martian.proxy/verify/reset

## Martian as a Library
Martian can also be included into any Go program and used as a library.

## Modifiers All The Way Down
Martian's request and response modification system is designed to be general
and extensible. The design objective is to provide individual modifier
behaviors that can arranged to build out nearly any desired modification.

When working with Martian to compose behaviors, you'll need to be familiar with
these different types of interactions:

* Modifiers: Changes the state of a request or a response
* Filters: Conditionally allows a contained Modifier to execute
* Groups: Bundles multiple modifiers to be executed in the order specified in
  the group
* Verifiers: Tracks network traffic against expectations

Modifiers, filters and groups all implement `RequestModifer`,
`ResponseModifier` or `RequestResponseModifier` (defined in
[`martian.go`](https://github.com/google/martian/blob/master/martian.go)).

```go
ModifyRequest(req *http.Request) error

ModifyResponse(res *http.Response) error
```

Throughout the code (and this documentation) you'll see the word "modifier"
used as a term that encompasses modifiers, groups and filters. Even though a
group does not modify a request or response, we still refer to it as a
"modifier".

We refer to anything that implements the `modifier` interface as a Modifier.

### Parser Registration
Each modifier must register its own parser with Martian. The parser is
responsible for parsing a JSON message into a Go struct that implements a
modifier interface.

Martian holds modifier parsers as a map of strings to functions that is built
out at run-time. Each modifier is responsible for registering its parser with a
call to `parse.Register` in `init()`.

Signature of parse.Register:

```go
Register(name string, parseFunc func(b []byte) (interface{}, error))
```

Register takes in the key as a string in the form `package.Type`. For
instance, `cookie_modifier` registers itself with the key `cookie.Modifier` and
`query_string_filter` registers itself as `querystring.Filter`. This string is
the same as the value of `name` in the JSON configuration message.

In the following configuration message, `header.Modifier` is how the header
modifier is registered in the `init()` of `header_modifier.go`.

    {
      "header.Modifier": {
        "scope": ["response"],
        "name" : "Test-Header",
        "value" : "true"
      }
    }

Example of parser registration from `header_modifier.go`:

```go
func init() {
  parse.Register("header.Modifier", modifierFromJSON)
}

func modifierFromJSON(b []byte) (interface{}, error) {
  ...
}
```

### Adding Your Own Modifier
If you have a use-case in mind that we have not developed modifiers, filters or
verifiers for, you can easily extend Martian to your very specific needs.

There are 2 mandatory parts of a modifier:

* Implement the modifier interface
* Register the parser

Any Go struct that implements those interfaces can act as a `modifier`.

## Contact
For questions and comments on how to use Martian, features announcements, or
design discussions check out our public Google Group at
https://groups.google.com/forum/#!forum/martianproxy-users.

For security related issues please send a detailed report to our private core
group at martianproxy-core@googlegroups.com.

## Disclaimer
This is not an official Google product (experimental or otherwise), it is just
code that happens to be owned by Google.