• Stars
    star
    1,456
  • Rank 32,304 (Top 0.7 %)
  • Language
    Java
  • License
    Apache License 2.0
  • Created over 12 years ago
  • Updated 4 months ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Smiley's HTTP Proxy implemented as a Java servlet

Smiley's HTTP Proxy Servlet

This is an HTTP Proxy (aka gateway) in the form of a Java servlet. An HTTP proxy is useful for AJAX applications to communicate with web accessible services on hosts other than where the web application is hosted. It's a reverse proxy, and not really a forwarding proxy albeit the template form of the servlet may blur that line.

This is hardly the first proxy, so why did I write it and thus why might you use it?

  • It's simple -- a single source file implementation
  • It's tested -- have confidence it works Build Status
  • It's securable -- via Java EE web.xml or via a servlet filter such as Spring-Security
  • It's extendable -- via simple class extension
  • It's embeddable -- into your Java web application making testing your app easier

I have seen many quick'n'dirty proxies posted in source form on the web such as in a blog. I've found such proxies to support a limited HTTP subset, such as only a GET request, or to suffer other implementation problems such as performance issues or URL escaping bugs. Disappointed at the situation, I set out to create a simple one that works well and that is well tested so I know it works. I suggest you use a well tested proxy instead of something non-tested that is perhaps better described as a proof-of-concept.

If you need something more sophisticated than there are some alternatives listed at the bottom of this page.

This proxy depends on Apache HttpClient, which offers another point of extension for this proxy. At some point I may write an alternative that uses the JDK and thus doesn't have any dependencies, which is desirable. In the meantime, you'll have to add the jar files for this and its dependencies:

 +- org.apache.httpcomponents:httpclient:jar:4.5.13:compile
    +- org.apache.httpcomponents:httpcore:jar:4.4.13:compile
    |  +- commons-logging:commons-logging:jar:1.2:compile
    |  \- commons-codec:commons-codec:jar:1.11:compile

This proxy supports HttpClient 4.5, and newer version too. If you need to support older HttpClient versions:

  • use 1.8 version of this proxy for HttpClient versions 4.1 and 4.2
  • use 1.12 version of this proxy for HttpClient versions 4.3 and 4.4

As of version 2.0 of the proxy, the proxy switched to the jakarta servlet-api, while nonetheless retaining support for the javax servlet-api version for those that need it. To use that, specify the javax classifier on the dependency declaration as follows:

<dependency>
    <groupId>org.mitre.dsmiley.httpproxy</groupId>
    <artifactId>smiley-http-proxy-servlet</artifactId>
    <version>${smiley-http-proxy-servlet.version}</version>
    <classifier>javax</classifier>
</dependency>

As of version 1.5 of the proxy, there is the ability to parameterize your proxy URL, allowing you to use the same web.xml servlet specification for multiple target servers. It follows the URI Template RFC, Level 1. Special query parameters (see the examples below) sent from the client to the ProxyServlet will map to the matching URL template, replacing arguments in the proxy's targetUri as specified in the web.xml. To use this, you must use a subclass of the base servlet. IMPORTANT! The template substitutions must be placed in the query string, even when using HTTP POST. Other application parameters can be in your POSTed url-encoded-form string; just not proxyArgs.

See CHANGES.md for a history of changes.

Build & Installation

Simply build the jar using "mvn package" at the command line. The jar is built to "target/smiley-http-proxy-servlet-VERSION.jar". You don't have to build the jar if you aren't modifying the code, since released versions are deployed to maven-central. If you are using maven then you can add this to your dependencies in your pom like so: (Note: the version below is not necessarily the latest.)

<dependency>
    <groupId>org.mitre.dsmiley.httpproxy</groupId>
    <artifactId>smiley-http-proxy-servlet</artifactId>
    <version>1.12.1</version>
</dependency>

Ivy and other dependency managers can be used as well.

Configuration

Parameters

The following is a list of parameters that can be configured

  • log: A boolean parameter name to enable logging of input and target URLs to the servlet log.
  • forwardip: A boolean parameter name to enable forwarding of the client IP
  • preserveHost: A boolean parameter name to keep HOST parameter as-is
  • preserveCookies: A boolean parameter name to keep COOKIES as-is
  • preserveCookiePath: A boolean parameter name to keep cookie path unchanged in Set-Cookie server response header
  • http.protocol.handle-redirects: A boolean parameter name to have auto-handle redirects
  • http.socket.timeout: A integer parameter name to set the socket connection timeout (millis)
  • http.read.timeout: A integer parameter name to set the socket read timeout (millis)
  • http.connectionrequest.timeout: A integer parameter name to set the connection request timeout (millis)
  • http.maxConnections: A integer parameter name to set max connection number
  • useSystemProperties: A boolean parameter whether to use JVM-defined system properties to configure various networking aspects.
  • targetUri: The parameter name for the target (destination) URI to proxy to.

Servlet

Here's an example excerpt of a web.xml file to communicate to a Solr server:

<servlet>
  <servlet-name>solr</servlet-name>
  <servlet-class>org.mitre.dsmiley.httpproxy.ProxyServlet</servlet-class>
  <init-param>
    <param-name>targetUri</param-name>
    <param-value>http://solrserver:8983/solr</param-value>
  </init-param>
  <init-param>
    <param-name>log</param-name>
    <param-value>true</param-value>
  </init-param>
</servlet>
<servlet-mapping>
  <servlet-name>solr</servlet-name>
  <url-pattern>/solr/*</url-pattern>
</servlet-mapping>

Here's an example with a parameterized proxy URL matching query parameters _subHost, _port, and _path such as "http://mywebapp/cluster/subpath?_subHost=namenode&_port=8080&_path=monitor". Note the different proxy servlet class. The leading underscore is not mandatory but it's good to differentiate them from the normal query parameters in case of a conflict.:

<servlet>
  <servlet-name>clusterProxy</servlet-name>
  <servlet-class>org.mitre.dsmiley.httpproxy.URITemplateProxyServlet</servlet-class>
  <init-param>
    <param-name>targetUri</param-name>
    <param-value>http://{_subHost}.behindfirewall.mycompany.com:{_port}/{_path}</param-value>
  </init-param>
  <init-param>
    <param-name>log</param-name>
    <param-value>true</param-value>
  </init-param>
</servlet>

<servlet-mapping>
  <servlet-name>clusterProxy</servlet-name>
  <url-pattern>/mywebapp/cluster/*</url-pattern>
</servlet-mapping>

SpringMVC

If you are using SpringMVC, then an alternative is to use its ServletWrappingController so that you can configure this servlet via Spring, which is supremely flexible, instead of having to modify your web.xml. However, note that some customization may be needed to divide the URL at the proxied portion; see Issue #15.

Spring Boot

If you are using Spring Boot, then consider this basic configuration:

@Configuration
public class SolrProxyServletConfiguration implements EnvironmentAware {

  @Bean
  public ServletRegistrationBean servletRegistrationBean() {
    ServletRegistrationBean servletRegistrationBean = new ServletRegistrationBean(new ProxyServlet(), propertyResolver.getProperty("servlet_url"));
    servletRegistrationBean.addInitParameter(ProxyServlet.P_TARGET_URI, propertyResolver.getProperty("target_url"));
    servletRegistrationBean.addInitParameter(ProxyServlet.P_LOG, propertyResolver.getProperty("logging_enabled", "false"));
    return servletRegistrationBean;
  }

  private RelaxedPropertyResolver propertyResolver;

  @Override
  public void setEnvironment(Environment environment) {
    this.propertyResolver = new RelaxedPropertyResolver(environment, "proxy.solr.");
  }
}

if you use Spring Boot 2.x,you can try this:

@Configuration
public class SolrProxyServletConfiguration implements EnvironmentAware {

    @Bean
    public ServletRegistrationBean servletRegistrationBean() {
        Properties properties= (Properties) bindResult.get();
        ServletRegistrationBean servletRegistrationBean = new ServletRegistrationBean(new ProxyServlet(), properties.getProperty("servlet_url"));
        servletRegistrationBean.addInitParameter(ProxyServlet.P_TARGET_URI, properties.getProperty("target_url"));
        servletRegistrationBean.addInitParameter(ProxyServlet.P_LOG, properties.getProperty("logging_enabled", "false"));
        return servletRegistrationBean;
    }

    private BindResult bindResult;

    @Override
    public void setEnvironment(Environment environment) {
        Iterable sources = ConfigurationPropertySources.get(environment);
        Binder binder = new Binder(sources);
        BindResult bindResult = binder.bind("proxy.solr", Properties.class);
        this.bindResult = bindResult;
    }
}

and properties in application.yml:

proxy:
    solr:
        servlet_url: /solr/*
        target_url: http://solrserver:8983/solr

It may be the case that Spring Boot (or Spring MVC) is consuming the servlet input stream before the servlet gets it, which is a problem.
See Issue #83 RE disabling FilterRegistrationBean.

Dropwizard

Addition of Smiley's proxy to Dropwizard is very straightforward.

Add a new property in the Dropwizard app .yml file

targetUri: http://foo.com/api  

Create a new configuration property

    @NotEmpty
    private String targetUri = "";

    @JsonProperty("targetUri")
    public String getTargetUri() {
        return targetUri;
    }  

Then register Smiley's proxy servlet with Jetty through the Dropwizard service's App run() method.

@Override
    public void run(final ShepherdServiceConfiguration configuration,
        final Environment environment) {

        environment.getApplicationContext()
            .addServlet("org.mitre.dsmiley.httpproxy.ProxyServlet", "foo/*")
            .setInitParameter("targetUri", configuration.getTargetUri());  

Alternatives

This servlet is intentionally simple and limited in scope. As such it may not meet your needs, so consider looking at these alternatives:

More Repositories

1

caldera

Automated Adversary Emulation Platform
Python
4,455
star
2

cti

Cyber Threat Intelligence Repository expressed in STIX 2.0
1,716
star
3

advmlthreatmatrix

Adversarial Threat Landscape for AI Systems
1,038
star
4

multiscanner

Modular file scanning/analysis framework
Python
598
star
5

cascade-server

CASCADE Server
Python
238
star
6

heimdall2

Heimdall Enterprise Server 2 lets you view, store, and compare automated security control scan results.
TypeScript
201
star
7

brawl-public-game-001

Data from a BRAWL Automated Adversary Emulation Exercise
188
star
8

caldera-ot

MITRE Calderaâ„¢ for OT Plugins & Capabilities
185
star
9

saf

The MITRE Security Automation Framework (SAF) Command Line Interface (CLI) brings together applications, techniques, libraries, and tools developed by MITRE and the security community to streamline security automation for systems and DevOps pipelines
TypeScript
118
star
10

inspec_tools

A command-line and ruby API of utilities, converters and tools for creating, converting and processing security baseline formats, results and data
Ruby
91
star
11

quaerite

Search relevance evaluation toolkit
Java
73
star
12

aws-foundations-cis-baseline

InSpec profile to validate your VPC to the standards of the CIS Amazon Web Services Foundations Benchmark v1.1.0
Ruby
72
star
13

menelaus

Online and batch-based concept and data drift detection algorithms to monitor and maintain ML performance.
Python
64
star
14

stockpile

A CALDERA plugin
PowerShell
63
star
15

hipcheck

Automatically assess and score software repositories for supply chain risk.
Rust
62
star
16

engage

MITRE Engageâ„¢ is a framework for conducting Denial, Deception, and Adversary Engagements.
59
star
17

vulcan

A web application to streamline the development of STIGs from SRGs
Ruby
54
star
18

sandcat

A CALDERA plugin
Go
53
star
19

caret

CARET - A tool for viewing cyber analytic relationships
JavaScript
52
star
20

pydecipher

pydecipher: unfreeze and deobfuscate your frozen python code
Python
46
star
21

device-admin-sample

Java
44
star
22

heimdall-legacy

A Security Results Viewer for the web with storage, teams and history
Ruby
35
star
23

heimdall_tools

DEPRECATED: A set of utilities for converting and working with compliance data for viewing in the heimdall applications
Ruby
33
star
24

fhir-server

A fast, open source, HL7 FHIR server
Go
33
star
25

cpsa

Cryptographic Protocol Shapes Analyzer
Scilab
33
star
26

tmnt

Algorithms for training state-of-the-art neural topic models
Python
31
star
27

stix2patterns_translator

Translate STIX 2 Patterning Queries
Python
30
star
28

vulnerable-mobile-apps

30
star
29

fusera

A FUSE interface to the NCBI Sequence Read Archive (SRA)
Go
29
star
30

sparklyr.nested

A sparklyr extension for nested data
R
29
star
31

d3fend

Public static website for the D3FEND project. For the D3FEND ontology repo see: https://github.com/d3fend/d3fend-ontology
HTML
27
star
32

atomic

A CALDERA plugin
Python
25
star
33

mitre.github.io

Open Source software from The MITRE Corporation
CSS
25
star
34

emasser

emasser is a command-line interface (CLI) that aims to automate routine business use-cases and provide utility surrounding the Enterprise Mission Assurance Support Service (eMASS) by leveraging its representational state transfer (REST) application programming interface (API).
Ruby
24
star
35

cis-aws-foundations-hardening

(WIP) A terraform / kitchen-terraform hardening baseline for the cis-aws-foundations-baseline
HCL
24
star
36

response

A CALDERA plugin for autonomous incident response
Python
23
star
37

ansible-cis-docker-ce-hardening

(WIP) An ansible playbook to harden a docker host to the CIS CE Benchmark requirements
Python
23
star
38

heimdall-lite

Heimdall Lite 2.0 is a JavaScript based security results viewer and review tool supporting multiple security results formats, such as: InSpec, SonarQube, OWASP-Zap and Fortify which you can load locally, from S3 and other data sources.
TypeScript
21
star
39

rhapsode

Advanced desktop search/corpus exploration prototype
Java
21
star
40

nginx-stigready-baseline

STIG Ready Content: InSpec Profile for NGINX Open Source based off the Web SRG V2R3
Ruby
21
star
41

human

Caldera plugin to deploy "humans" to emulate user behavior on systems
Python
20
star
42

emb3d

HTML
20
star
43

caldera-agent

Python
19
star
44

OpenHealthDashboard

A dashboard framework for visualizing complex data sets on T1V multi-panel displays
JavaScript
19
star
45

biqt-face

A face quality plugin for the BIQT framework.
C++
19
star
46

training

A CALDERA plugin
Python
18
star
47

emu

This CALDERA Plugin converts Adversary Emulation Plans from the Center for Threat Informed Defense
Python
18
star
48

thumbtack

A web front-end providing a REST-ful API to mount and unmount forensic disk images
Python
18
star
49

CICAT

Python
17
star
50

SystemInspector

SystemInspector is a script to pull a majority of the security-relevant files and settings from a system.
Shell
17
star
51

adversary

A CALDERA plugin
Python
17
star
52

inspec_training_courses

(WIP) A set of training material and guides for using inspec
Ruby
16
star
53

Fast-RRT-Star

ROS Global Path Planner Plugin based on the F-RRT* algorithm from this paper: https://doi.org/10.1016/j.eswa.2021.115457
C++
16
star
54

ilpyt

ilpyt: imitation learning library with modular, baseline implementations in Pytorch
Python
15
star
55

callisto

Java
15
star
56

microsoft-azure-cis-foundations-baseline

(WIP) CIS Microsoft Azure Foundations Benchmark
Ruby
15
star
57

ptmatch

A patient matching test harness to support PCOR
JavaScript
15
star
58

access

A CALDERA plugin
HTML
15
star
59

microsoft-windows-server-2019-stig-baseline

Microsoft Windows Server 2019 STIG InSpec Profile
Ruby
14
star
60

microsoft-windows-10-stig-baseline

InSpec profile for Microsoft Windows 10, against DISA's Microsoft Windows 10 Security Technical Implementation Guide (STIG) Version 1, Release 19
Ruby
14
star
61

multiscanner-ansible

Ansible configurations for distributed MultiScanner installations
Shell
13
star
62

policynet

Exploration of the U.S. rulesets as a network
Python
13
star
63

aws-rds-infrastructure-cis-baseline

InSpec Profile to validate the secure configuration of aws-rds-infrastructure-cis-baseline, against CIS's Amazon Web Services Three-tier Web Architecture Benchmark V1.0.0
Ruby
13
star
64

aws-s3-baseline

A micro InSpec baseline to check for insecure or public s3 buckets in your VPC
Ruby
13
star
65

biqt-iris

An iris quality plugin for the BIQT framework.
C++
13
star
66

FiGHT

Publicly accessible version of the FiGHT website.
HTML
12
star
67

yararules-python

Easily scan with multiple yara rules from different sources.
Python
12
star
68

keyterms

KeyTerms centralized terminology management tool
JavaScript
12
star
69

pickled-canary

Assembly-based binary pattern search!
Rust
12
star
70

ps_pc_props

PowerShell Utilities for Security Situational Awareness
PowerShell
12
star
71

microsoft-windows-server-2016-stig-baseline

An InSpec Profile for evaluating a Windows 2016 server to the DISA STIGs
Ruby
12
star
72

canonical-ubuntu-16.04-lts-stig-baseline

InSpec profile to validate the secure configuration of Canonical Ubuntu 16.04 LTS against DISA's Canonical Ubuntu 16.04 LTS Security Technical Implementation Guide (STIG) Version 1 Release 1.
Ruby
12
star
73

emass_client

The eMASS client repository maintains the Enterprise Mission Assurance Support Service (eMASS) Representational State Transfer (REST) Application Programming Interface (API) specification and executables.
Ruby
12
star
74

heimdall-mongo

A Mongo-based version of Heimdall (Deprecated)
Ruby
11
star
75

skeleton

A CALDERA Plugin Template
Python
11
star
76

fhir-exercises

HTML
11
star
77

hse-mwi

The Mental Wellness Index is a framework and dashboard tool that provides a picture of community-level mental wellness for each zip code in the nation
HTML
11
star
78

ckl2POAM

Standalone tool for converting DISA Checklists to eMASS POA&M Excel spreadsheets.
TypeScript
11
star
79

ecqm

Server side components to support electronic clinical quality measure calculation
Go
11
star
80

demodocus

Project dedicated to extending the capabilities of automated accessibility testing tools to include testing interactive web content.
Python
10
star
81

ecqm-frontend

Web application to provide an interface for clinical quality measure calculation
JavaScript
10
star
82

mock

A CALDERA plugin
Python
10
star
83

compass

HTML
10
star
84

saf-training-lab-environment

The SAF Training Lab is a GitHub Codespaces environment that makes it quick and easy for you to use, learn and participate in the MITRE Security Automation Framework Training Classes.
Shell
10
star
85

icap

Internet Content Adaptation Protocol (ICAP) Analyzer for Bro and Zeek.
JavaScript
10
star
86

FMACM

An aircraft and control model for Flight Deck Interval Management MOPS testing by RTCA SC-186 members.
C++
10
star
87

canonical-ubuntu-18.04-lts-stig-baseline

(WIP) canonical-ubuntu-18.04-lts-stig-baseline
Ruby
9
star
88

cpsaexp

Experimental CPSA -- the Cryptographic Protocol Shapes Analyzer experimental version
Scilab
9
star
89

gocat

Simplified go-cat agent for caldera
Go
9
star
90

caltack

Plugin that serves the ATT&CK website alongside CALDERA.
Python
9
star
91

arlin

ARLIN is a research library written in Python that provides explainability outputs and vulnerability detection for DRL models, specifically designed to increase model assurance and identify vulnerabilities and potential points of failure within a trained model. https://mitre.github.io/arlin/
Python
9
star
92

mitre_fast_layered_map

A high-speed lidar based mapping package for use with large scale robotics such as autonomous vehicles.
C++
9
star
93

caldera-crater

C#
9
star
94

credentials

Insulates package authors from worrying about how to collect user credentials
R
9
star
95

biqt

The core engine of the BIQT framework.
C
8
star
96

stixmarx

Data Markings API for STIX 1.x
Python
8
star
97

cql-translation-service

CQL to ELM translator packaged as a microservice.
Java
8
star
98

serverless-inspec-deprecated

(wip) InSpec run from serverless environments (lambda)
HCL
8
star
99

scorecard_app

Scorecard for a FHIR Patient Record -- SMART on FHIR App
HTML
8
star
100

heimdall-vue

(deprecated) A refactor of the heimdall-lite project using vue, see:
Vue
8
star