Always wanted to manipulate HTTP and HTML using Nginx and Lua? Who didn't!?
This is a proof of concept targeting the unaware HTTP user by manipulating unencrypted HTTP traffic passing through a HTTP proxy.
The nice thing is that it actually gets down to the HTML level, so you can do funny things like injecting CSS and other kinds of DOM manipulation confidently without having to fight with regular expressions.
It uses Nginx and its embedded LuaJIT scripting engine as well as two nice Lua modules for processing HTTP and HTML.
- HTTP library: https://github.com/pintsized/lua-resty-http
- HTML library: https://github.com/craigbarnes/lua-gumbo
In order to make this work as a transparent http proxy using a Linux firewall rule:
iptables -t nat -D PREROUTING -s 192.168.0.0/24 -p tcp --dport 80 -j DNAT --to-destination zrwoxy.local:8080
Alternatively, you can have a look at the Web Proxy Auto-Discovery Protocol (WPAD) for disseminating proxy information.
make install
# Display version and configuration options make nginx-info # Test configuration make nginx-configtest # Run daemon in foreground make nginx-run
Fire a HTTP request using HTTPie:
http --follow --proxy http:http://localhost:8080 http://www.ilo.de/
We recommend using OpenResty.
An earlier implementation of this uses the nice
replace-filter-nginx-module,
you can find respective replace_filter configuration directives in nginx.conf.