About FireProx
FireProx is a powerful AWS API Gateway security management tool that enables researchers to create real-time HTTP forwarding proxies that rotate unique IP addresses.
Implementing source IP address rotation when sending network requests or interacting with the network is a complex process, and while there are tools in the community that can do so, they are either limited by the number of IP addresses, are too costly, or require a large number of V*S to be deployed.
FireProx can leverage AWS API Gateway to create forwarding proxies and rotate source IP addresses on a per-request basis. FireProx supports creating a proxy URL that points to the destination server and then making a web request to the proxy URL that returns a response from the destination server.
Function introduction
1. Rotate IP addresses for each request;
2. Support the configuration of a separate area;
3. Support all HTTP methods;
4. Support passing all parameters and URIs;
5. Support creating, deleting, viewing and updating agents;
6. The X-Forwarded-For source IP address can be forged by including the X-My-X-Forwarded-For Header in the request;
Tool download
Since the tool is based on Python 3.6, we first need to install and configure the Python 3.6+ environment on the local device. Next, researchers can directly use the following command to clone the source code of the project to the local computer:
$ git clone https://github.com/ustayready/fireprox Then switch to the project directory and create and activate a virtual environment:
$ cd fireprox
~/fireprox$ virtualenv -p python3 .
~/fireprox$ source bin/activate Once in the virtual environment, install the other dependent components required by the pip tool and the requirements.txt files provided by the project:
(fireprox) ~/fireprox$ pip install -r requirements.txt
(fireprox) ~/fireprox$ python fire.py Docker uses
If you want to build a Docker image, you can run the following command (the current version does not support Docker on the Windows platform):
$ git clone https://github.com/ustayready/fireprox
$ cd fireprox
$ docker build -t fireprox .
$ docker run --rm -it fireprox -h Tool use
It is important to note that the proper functioning of the tool requires the provision of an AWS access key/sensitive data access key or AWS CLI configuration.
usage: fire.py [-h] [--access_key ACCESS_KEY] [--secret_access_key SECRET_ACCESS_KEY] [--region REGION] [--command COMMAND] [--api_id API_ID] [--url URL] Tool Parameter commands
usage: fire.py [-h] [--profile_name PROFILE_NAME] [--access_key ACCESS_KEY] [--secret_access_key SECRET_ACCESS_KEY] [--session_token SESSION_TOKEN] [--region REGION] [--command COMMAND] [--api_id API_ID] [--url URL]
FireProx API Gateway Manager
optional arguments:
-h, --help 显示工具帮助信息和退出
--profile_name PROFILE_NAME
AWS配置文件名称,用于存储和获取凭证
--access_key ACCESS_KEY
AWS访问密钥
--secret_access_key SECRET_ACCESS_KEY
AWS敏感数据访问密钥
--session_token SESSION_TOKEN
AWS会话令牌
--region REGION AWS区域
--command COMMAND 支持的命令: list, create, delete, update
--api_id API_ID API ID
--url URL URL终端节点 Example of how to use the tool
examples/google.py:使用一个FireProx代理爬取Google搜索结果;
examples/bing.py:使用一个FireProx代理爬取Bing搜索结果; Screenshot of the tool running
Help with the tool
Create an agent
Delete an agent
View proxies
Demo of tool usage
License Agreement
The development and release of this project is under an open source license.
Project address
FireProx:https://github.com/ustayready/fireprox
Resources
https://aws.amazon.com/security/penetration-testing/