- Download and install the Go environment, as at https://golang.org/doc/install
- Unpack modified version of redwood filtering server - redwood.zip - to desired location.
- Get dependencies if needed with
go get ./... - Execute
go buildto compile proxy binary.
For selecting where to insert payload in HTML you can set additional flag in config: injection-place. If it set to 'head' - the payload will be inserted after first <HEAD> tag, otherwise - after first <BODY>.
- Create configuration files for redwood server in /etc/redwood as usually.
- Start the proxy server with
./redwood - Check logs in files or at standard output
- Open a browser and point HTTP proxy settings to the redwood ip:port, configured in /etc/redwood/redwood.conf
- In browser go to any http site to check HTML injection applied.
- A red horizontal banner at the top of opened page will indicate the success. If you have disabled JavaScript in your browser the banner will not appear (because it uses JavaScript payload to render itself) and you have to view page source for injection checking.
You can find the payload HTML in injection/payload.html subfolder of redwood main folder. The payload simply inserted after selected tag in every HTTP response with Content-type containing 'html', returned by the proxy. Feel free to modify the payload on your own.
Any related questions are welcome. I am open for further cooperation in wide range of IT tasks.
Best regards, Alex C. kazan1000@gmail.com