Research
Security News
Threat Actor Exposes Playbook for Exploiting npm to Build Blockchain-Powered Botnets
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
puppeteer-page-proxy
Advanced tools
Additional Node.js module to use with 'puppeteer' for setting proxies per page basis.
Additional Node.js module to use with puppeteer for setting proxies per page basis.
Forwards intercepted requests from the browser to Node.js where it handles the request then returns the response to the browser, changing the proxy as a result.
npm i puppeteer-page-proxy
pageOrReq
<object> 'Page' or 'Request' object to set a proxy for.proxy
<string|object> Proxy to use in the current page.
url
, method
, postData
, headers
page
<object> 'Page' object to execute the request on.lookupService
<string> External lookup service to request data from.
isJSON
<boolean> Whether to JSON.parse the received response.
timeout
<number|string> Time in milliseconds after which the request times out.
NOTE: By default this method expects a response in JSON format and JSON.parse's it to a usable javascript object. To disable this functionality, set isJSON
to false
.
const puppeteer = require('puppeteer');
const useProxy = require('puppeteer-page-proxy');
(async () => {
const site = 'https://example.com';
const proxy = 'http://host:port';
const proxy2 = 'https://host:port';
const browser = await puppeteer.launch({headless: false});
const page = await browser.newPage();
await useProxy(page, proxy);
await page.goto(site);
const page2 = await browser.newPage();
await useProxy(page2, proxy2);
await page2.goto(site);
})();
To remove proxy, omit or pass in falsy value (e.g null
):
await useProxy(page, null);
const puppeteer = require('puppeteer');
const useProxy = require('puppeteer-page-proxy');
(async () => {
const site = 'https://example.com';
const proxy = 'socks://host:port';
const browser = await puppeteer.launch({headless: false});
const page = await browser.newPage();
await page.setRequestInterception(true);
page.on('request', async req => {
await useProxy(req, proxy);
});
await page.goto(site);
})();
The request object itself is passed as the first argument. The proxy can now be changed every request.
Using it along with other interception methods:
await page.setRequestInterception(true);
page.on('request', async req => {
if (req.resourceType() === 'image') {
req.abort();
} else {
await useProxy(req, proxy);
}
});
Overriding requests:
await page.setRequestInterception(true);
page.on('request', async req => {
await useProxy(req, {
proxy: proxy,
url: 'https://example.com',
method: 'POST',
postData: '404',
headers: {
accept: 'text/html'
}
});
});
NOTE: It is necessary to set page.setRequestInterception to true when setting proxies per request, otherwise the function will fail.
const proxy = 'https://login:pass@host:port';
const puppeteer = require('puppeteer');
const useProxy = require('puppeteer-page-proxy');
(async () => {
const site = 'https://example.com';
const proxy1 = 'http://host:port';
const proxy2 = 'https://host:port';
const browser = await puppeteer.launch({headless: false});
// 1
const page1 = await browser.newPage();
await useProxy(page1, proxy1);
let data = await useProxy.lookup(page1); // Waits until done, 'then' continues
console.log(data.ip);
await page1.goto(site);
// 2
const page2 = await browser.newPage();
await useProxy(page2, proxy2);
useProxy.lookup(page2).then(data => { // Executes and 'comes back' once done
console.log(data.ip);
});
await page2.goto(site);
})();
It takes over the task of requesting content from the browser to do it internally via a requests library instead. Requests that are normally made by the browser, are thus made by Node. The IP's are changed by routing the requests through the specified proxy servers using *-proxy-agent's. When Node gets a response back from the server, it's forwarded to the browser for completion/rendering.
This happens when there is an attempt to handle the same request more than once. An intercepted request is handled by either request.abort, request.continue or request.respond methods. Each of these methods 'send' the request to its destination. A request that has already reached its destination cannot be intercepted or handled.
Because direct requests from the browser to the server are being intercepted by Node, making the establishment of a secure connection between them impossible. However, the requests aren't made by the browser, they are made by Node. All https
requests made through Node using this module are secure. This is evidenced by the connection property of the response object:
connection: TLSSocket {
_tlsOptions: {
secureContext: [SecureContext],
requestCert: true,
rejectUnauthorized: true,
},
_secureEstablished: true,
authorized: true,
encrypted: true,
}
You can think of the warning as a false positive.
[1.2.6] - 2020-06-18
FAQs
Additional Node.js module to use with 'puppeteer' for setting proxies per page basis.
The npm package puppeteer-page-proxy receives a total of 2,134 weekly downloads. As such, puppeteer-page-proxy popularity was classified as popular.
We found that puppeteer-page-proxy demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
Security News
NVD’s backlog surpasses 20,000 CVEs as analysis slows and NIST announces new system updates to address ongoing delays.
Security News
Research
A malicious npm package disguised as a WhatsApp client is exploiting authentication flows with a remote kill switch to exfiltrate data and destroy files.