new: added new http.proxy.redirect and https.proxy.redirect parameters to optionally disable iptables port redirection

modules/http_proxy/http_proxy.go

@@ -30,6 +30,10 @@ func NewHttpProxy(s *session.Session) *HttpProxy {
 		"8080",
 		"Port to bind the HTTP proxy to."))
 
+	mod.AddParam(session.NewBoolParameter("http.proxy.redirect",
+		"true",
+		"Enable or disable port redirection with iptables."))
+
 	mod.AddParam(session.NewStringParameter("http.proxy.script",
 		"",
 		"",
@@ -82,6 +86,7 @@ func (mod *HttpProxy) Configure() error {
 	var address string
 	var proxyPort int
 	var httpPort int
+	var doRedirect bool
 	var scriptPath string
 	var stripSSL bool
 	var jsToInject string
@@ -96,6 +101,8 @@ func (mod *HttpProxy) Configure() error {
 		return err
 	} else if err, httpPort = mod.IntParam("http.port"); err != nil {
 		return err
+	} else if err, doRedirect = mod.BoolParam("http.proxy.redirect"); err != nil {
+		return err
 	} else if err, scriptPath = mod.StringParam("http.proxy.script"); err != nil {
 		return err
 	} else if err, stripSSL = mod.BoolParam("http.proxy.sslstrip"); err != nil {
@@ -111,7 +118,7 @@ func (mod *HttpProxy) Configure() error {
 	mod.proxy.Blacklist = str.Comma(blacklist)
 	mod.proxy.Whitelist = str.Comma(whitelist)
 
-	return mod.proxy.Configure(address, proxyPort, httpPort, scriptPath, jsToInject, stripSSL)
+	return mod.proxy.Configure(address, proxyPort, httpPort, doRedirect, scriptPath, jsToInject, stripSSL)
 }
 
 func (mod *HttpProxy) Start() error {

modules/http_proxy/http_proxy_base.go

@@ -49,6 +49,7 @@ type HTTPProxy struct {
 	jsHook      string
 	isTLS       bool
 	isRunning   bool
+	doRedirect  bool
 	stripper    *SSLStripper
 	sniListener net.Listener
 	sess        *session.Session
@@ -78,6 +79,7 @@ func NewHTTPProxy(s *session.Session) *HTTPProxy {
 		sess:       s,
 		stripper:   NewSSLStripper(s, false),
 		isTLS:      false,
+		doRedirect: true,
 		Server:     nil,
 		Blacklist:  make([]string, 0),
 		Whitelist:  make([]string, 0),
@@ -167,11 +169,13 @@ func (p *HTTPProxy) shouldProxy(req *http.Request) bool {
 	return true
 }
 
-func (p *HTTPProxy) Configure(address string, proxyPort int, httpPort int, scriptPath string, jsToInject string, stripSSL bool) error {
+func (p *HTTPProxy) Configure(address string, proxyPort int, httpPort int, doRedirect bool, scriptPath string,
+	jsToInject string, stripSSL bool) error {
 	var err error
 
 	p.stripper.Enable(stripSSL)
 	p.Address = address
+	p.doRedirect = doRedirect
 
 	if strings.HasPrefix(jsToInject, "http://") || strings.HasPrefix(jsToInject, "https://") {
 		p.jsHook = fmt.Sprintf("<script src=\"%s\" type=\"text/javascript\"></script></head>", jsToInject)
@@ -205,6 +209,7 @@ func (p *HTTPProxy) Configure(address string, proxyPort int, httpPort int, scrip
 		WriteTimeout: httpWriteTimeout,
 	}
 
+	if p.doRedirect {
 		if !p.sess.Firewall.IsForwardingEnabled() {
 			p.Info("enabling forwarding.")
 			p.sess.Firewall.EnableForwarding(true)
@@ -221,6 +226,9 @@ func (p *HTTPProxy) Configure(address string, proxyPort int, httpPort int, scrip
 		}
 
 		p.Debug("applied redirection %s", p.Redirection.String())
+	} else {
+		p.Warning("port redirection disabled, the proxy must be set manually to work")
+	}
 
 	p.sess.UnkCmdCallback = func(cmd string) bool {
 		if p.Script != nil {
@@ -267,8 +275,10 @@ func (p *HTTPProxy) TLSConfigFromCA(ca *tls.Certificate) func(host string, ctx *
 	}
 }
 
-func (p *HTTPProxy) ConfigureTLS(address string, proxyPort int, httpPort int, scriptPath string, certFile string, keyFile string, jsToInject string, stripSSL bool) (err error) {
-	if p.Configure(address, proxyPort, httpPort, scriptPath, jsToInject, stripSSL); err != nil {
+func (p *HTTPProxy) ConfigureTLS(address string, proxyPort int, httpPort int, doRedirect bool, scriptPath string,
+	certFile string,
+	keyFile string, jsToInject string, stripSSL bool) (err error) {
+	if err = p.Configure(address, proxyPort, httpPort, doRedirect, scriptPath, jsToInject, stripSSL); err != nil {
 		return err
 	}
 
@@ -402,7 +412,7 @@ func (p *HTTPProxy) Start() {
 }
 
 func (p *HTTPProxy) Stop() error {
-	if p.Redirection != nil {
+	if p.doRedirect && p.Redirection != nil {
 		p.Debug("disabling redirection %s", p.Redirection.String())
 		if err := p.sess.Firewall.EnableRedirection(p.Redirection, false); err != nil {
 			return err

modules/https_proxy/https_proxy.go

@@ -33,6 +33,10 @@ func NewHttpsProxy(s *session.Session) *HttpsProxy {
 		"8083",
 		"Port to bind the HTTPS proxy to."))
 
+	mod.AddParam(session.NewBoolParameter("https.proxy.redirect",
+		"true",
+		"Enable or disable port redirection with iptables."))
+
 	mod.AddParam(session.NewBoolParameter("https.proxy.sslstrip",
 		"false",
 		"Enable or disable SSL stripping."))
@@ -97,6 +101,7 @@ func (mod *HttpsProxy) Configure() error {
 	var address string
 	var proxyPort int
 	var httpPort int
+	var doRedirect bool
 	var scriptPath string
 	var certFile string
 	var keyFile string
@@ -113,6 +118,8 @@ func (mod *HttpsProxy) Configure() error {
 		return err
 	} else if err, httpPort = mod.IntParam("https.port"); err != nil {
 		return err
+	} else if err, doRedirect = mod.BoolParam("https.proxy.redirect"); err != nil {
+		return err
 	} else if err, stripSSL = mod.BoolParam("https.proxy.sslstrip"); err != nil {
 		return err
 	} else if err, certFile = mod.StringParam("https.proxy.certificate"); err != nil {
@@ -153,7 +160,8 @@ func (mod *HttpsProxy) Configure() error {
 		mod.Info("loading proxy certification authority TLS certificate from %s", certFile)
 	}
 
-	return mod.proxy.ConfigureTLS(address, proxyPort, httpPort, scriptPath, certFile, keyFile, jsToInject, stripSSL)
+	return mod.proxy.ConfigureTLS(address, proxyPort, httpPort, doRedirect, scriptPath, certFile, keyFile, jsToInject,
+		stripSSL)
 }
 
 func (mod *HttpsProxy) Start() error {