##NOTE: currently requires node-http-proxy 0.10.4 because a method I use was removed in 1.x

Presentation video from ToorCon San Diego

Link to SecTor 2013 Presentation

Slow/App DoS information and resources

(The documentation is sparse, will improve this next)

###Dependencies: npm install http-proxy@0.10.4
npm install uuid
npm install optimist
###Optional: npm install forever

Proxy

Usage:

/usr/bin/node ./proxy.js -o [loghost] -P [logport] -t [target_host] -p [target_port] -l [proxy_listen_port]

Options:
  -t  [required]
  -p  [required]
  -l  [required]
  -o  [default: "localhost"]
  -P  [default: 5555]

Aggregator

Usage:

/usr/bin/node ./aggregator.js  -l [listen_port]

Consumer datastream/commands

View events generated by the proxy:

echo -e "C\n" | ncat localhost 5555

Example output:

{"time":1379603264938,"type":"connect",
"host":"10.0.0.150"}

{"time":1379603264940,"type":"request",
"host":"10.0.0.150",
"url":"/changelog/","method":"GET",
"headers": (....),"uuid":
"f42095a1-3a4b-41fc-b005-46f504cde2a0"}

{"time":1379603263662,"type":"end",
"uuid":
"f42095a1-3a4b-41fc-b005-46f504cde2a0"}

Sending commands to proxy:

block 10.1.1.1|10000 Block 10.1.1.1 completely for 10 seconds
durl /kittens.jpg Add kittens.jpg to the disabled url list for greylisted hosts
grey 10.1.1.2|10000 Add 10.1.1.2 to greylist for 10 seconds
flush Clear blacklist