Playbooks

Selective HTTP Proxying in Linux

SANS ISC handler Johannes Ullrich provides a practical guide to selective HTTP proxying on Linux systems, detailing how to route specific application traffic through proxy servers while leaving other connections direct. The technique is valuable for security testing scenarios where analysts need to capture and inspect traffic from specific tools without disrupting system-wide connectivity. Ullrich covers environment variable configuration, application-specific proxy settings, and transparent proxying approaches using iptables. The guide also addresses common pitfalls including DNS leak prevention, TLS certificate validation in proxied environments, and performance considerations. This knowledge is directly applicable to incident response, malware analysis sandboxes, and penetration testing engagements.

View on Graph

Overview

  • SANS ISC handler Johannes Ullrich provides a practical guide to selective HTTP proxying on Linux systems, detailing how to route specific application traffic through proxy servers while leaving other connections direct.
  • The technique is valuable for security testing scenarios where analysts need to capture and inspect traffic from specific tools without disrupting system-wide connectivity.
  • Ullrich covers environment variable configuration, application-specific proxy settings, and transparent proxying approaches using iptables.
  • The guide also addresses common pitfalls including DNS leak prevention, TLS certificate validation in proxied environments, and performance considerations.
  • This knowledge is directly applicable to incident response, malware analysis sandboxes, and penetration testing engagements.

Responsible use. This content is provided for defensive security education and authorized testing purposes only. Techniques and tools described here should only be applied in environments where you have explicit authorization. Unauthorized use of offensive security techniques is illegal and unethical.

Sources