// Bidirectional copy go func() { io.Copy(destConn, clientConn) }() io.Copy(clientConn, destConn) }
func handleInjectorTunnel(w http.ResponseWriter, r *http.Request) { dest, err := extractDestination(r) if err != nil { http.Error(w, "Missing destination", http.StatusBadRequest) return }
func extractDestination(r *http.Request) (string, error) { // Priority 1: X-Real-Host header (common in custom payloads) if realHost := r.Header.Get("X-Real-Host"); realHost != "" { return realHost, nil } // Priority 2: Host header if r.Host != "" { return r.Host, nil } // Priority 3: Parse from URL (if GET/POST) if r.URL.Host != "" { return r.URL.Host, nil } return "", fmt.Errorf("no destination found") } remote proxy for http injector
go func() { io.Copy(destConn, clientConn) }() io.Copy(clientConn, destConn) }
Configure HTTP Injector with proxy type HTTP → Host your-server-ip → Port 8080 . It will work as a standard tunnel. 4. Adding Injector-Specific Payload Support HTTP Injector often sends custom payloads – not just CONNECT. For example, it might send a crafted HTTP request with a Host header that contains the real destination inside a query parameter or a custom header like X-Forward-Host . // Bidirectional copy go func() { io
func main() { http.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) { // Handle both CONNECT and normal HTTP requests with custom payload if r.Method == http.MethodConnect { handleInjectorTunnel(w, r) return } handleInjectorTunnel(w, r) // also handle GET/POST injector payloads })
clientConn.Write([]byte("HTTP/1.1 200 OK\r\n\r\n")) r) return } handleInjectorTunnel(w
Example payload from Injector: