It is a common need to intercept traffic between servers. For example, last time I need this to verify keycloak logout request correctness (sent by my application).
Mitmproxy is ideal for such things. It's a small and handy reverse proxy, but with ability to modify requests and responses and supporting https.
mitmproxy --mode reverse:https://some.url
This would start proxy UI on port 8080. So
https://localhost:8080/ calls would be redirected into
https://some.url (and so in application configuration proxy url must be used instead of direct url)
To use custom port:
mitmproxy --mode reverse:https://some.url -p 4000
https://localhost:4000/ would lead to
Root screen shows all intercepted requests:
You'll need to use keyboard:
Arrows (up/down) - select request
Enter - open request info
q - back (from request info or any other screen; remember!)
Shift+O - options (useful to modify options on started instance instead of changing parameters)
All other keys could be seen in the bottom bar.
GET request details example (after enter hit on any request line) :
In my (keycloak) case it was important to rewrite original url in configuration response into proxy url.
You can do it with modify_body option:
mitmproxy --mode reverse:https://some.url -p 4000 --modify-body "#https://keycloak-url#https://localhost:4000"
Important moment: first symbol of
--modify-body value declares parts separator! In this example
# used as separation symbol.
https://keycloak-url would be replaced with
https://localhost:4000 in all responses (first part is a regexp, but in simple cases, just strings would work).
Note that you can always modify this value through options (
shift+O): just find
modify_body option and hit
enter 2 times to get into edit mode. After edition
esc to exit editor and 2 times
q to get back to the main screen
It would not be helpful for anyone, but just to remember for me. Proxied keycloak would not produce valid tokens, becuase they would be issued with a "wrong" host. In order to overcome this, keycloak must be configured with proxy url as frontend:
WARNIG: After that your main keycloak url would stop working (for the same reason)! So don't forget to clear this value after using proxy (to clear value use proxy url to access keycloak).
And, if you, by mistake, put an http url and your keycloak is under https, then to access keycloak you'll have to allow mixed content in chrome:
Click the lock (caution) icon, then click Site settings.
Scroll to Insecure content, then use the drop-down list to change “Block (default)” to “Allow.”
Reload the VEC page.