DEV Community πŸ‘©β€πŸ’»πŸ‘¨β€πŸ’»

DEV Community πŸ‘©β€πŸ’»πŸ‘¨β€πŸ’» is a community of 966,155 amazing developers

We're a place where coders share, stay up-to-date and grow their careers.

Create account Log in
t.okazaki
t.okazaki

Posted on

Traffic Mirroring with GoReplay

What is GoReplay?

Github: https://github.com/buger/goreplay

  • It captures HTTP requests received by the server and then duplicate the traffic to another server.

  • For example, when you test the new version of your application on the stating environment, you can check the behavior of the application by replicating the trrafic using GoReplay.

  • This can be done without affecting existing application and traffics. (Because GoReplay uses libpcap, which retrieves packets at the L2 level, as well as tcpdump)

  • Solves the problem of shadow proxies which is used for similar purposes. ( it can be a critical path of the traffic.)

You can do for example,

  • Capture HTTP request packets and duplicate them
  • Save the packet on the file, restoring it from the file
  • Filtering request packets
  • Rewriting request headers

How to install

You can download rpm, deb and tar.gz from
https://github.com/buger/gor/releases

For AmazonLinux, you can get a tar.gz of the executable binary. If you get the tar.gz and decompress it, you get "gor".

Simple Usage.

$ sudo ./gor --input-raw :8000 --output-stdout
Enter fullscreen mode Exit fullscreen mode

By default, no response contents are received.
you can receive them by adding --output-http-track-response option.

Replaying Packets.

$ sudo ./gor --input-raw :8000 --output-http="http://localhost:8001"
Enter fullscreen mode Exit fullscreen mode

Save the requests
to a file

$ sudo ./gor --input-raw :8000 --output-file=requests.gor
Enter fullscreen mode Exit fullscreen mode

Restore and send the requests stored in the file

$ sudo ./gor --input-file requests.gor --output-http="http://localhost:8001"
Enter fullscreen mode Exit fullscreen mode

You can also specify multiple IP addresses to send requests
by round-robin feature.

The response body is designed to receive up to 200KB by default.

Supports BASIC authentication. You can specify user:pass@ before the URL.
You can specify user:pass@ before the URL.

$ sudo ./gor --input-raw :80 --output-http "http://user:pass@staging.com"
Enter fullscreen mode Exit fullscreen mode

Filtering Requests.
Replay only requests to /api

$ sudo ./gor --input-raw :8080 --output-http staging.com --http-allow-url /api
Enter fullscreen mode Exit fullscreen mode

Excluding only requests to /api

$ sudo ./gor --input-raw :8080 --output-http staging.com --http-disallow-url /api
Enter fullscreen mode Exit fullscreen mode

Example Use Case 1

  • Capture HTTP packets to /production/submission on port 80
  • The path changes from /production/submission to /staging/submission/
  • Saving the source IP addresses of the packets
  • Replay the packet to https://staging.abc.com
$ sudo ./gor --input-raw :80 --output-http 'https://staging.abc.com '
--http-allow-url /production/submission
--http-rewrite-url /production/submission:/staging/submission --input-raw-realip-header "X-Real-IP" 
Enter fullscreen mode Exit fullscreen mode

Example Use Case 2

Capture the requests and save it to a file.
AUTH-TOKEN is rewritten to an arbitrary value for the test user on the staging environment.
Do not save requests for sign_in, sign_out operation.

$ sudo ./gor --input-raw :80 --output-file=requests.gor 
--input-raw :80 --output-file=requests.gor
--http-set-header "X-HTTP-AUTH-TOKEN: abcdefghijk"
--http-disallow-url /sign_in
--http-disallow-url /sign_out
Enter fullscreen mode Exit fullscreen mode

Top comments (0)

🌚 Life is too short to browse without dark mode