Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Modlishka adds X-Forwarded-For header #244

Closed
jbarlowbignell opened this issue Apr 9, 2021 · 0 comments
Closed

Modlishka adds X-Forwarded-For header #244

jbarlowbignell opened this issue Apr 9, 2021 · 0 comments
Labels
wontfix This will not be worked on

Comments

@jbarlowbignell
Copy link

jbarlowbignell commented Apr 9, 2021
edited
Loading

The Golang reverse-proxy implementation adds an X-Forwarded-For header by default with the IP address of the client/victim. This is a bit of an opsec giveaway.

It's possible to disable this header by setting the X-Forwarded-For header to nil (see discussion at golang/go#31095).

I've tested this by inserting the following at line 106 in core/proxy.go:

request := HTTPRequest{r}
request.Header["X-Forwarded-For"] = nil // New
request.PatchHeaders(p)
request.PatchQueryString()

Many thanks!
@drk1wi drk1wi added the wontfix This will not be worked on label May 1, 2024
@drk1wi drk1wi closed this as completed May 1, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
wontfix This will not be worked on
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@drk1wi @jbarlowbignell