Remote Proxy For Http Injector Apr 2026

destConn, err := net.Dial("tcp", dest) if err != nil { log.Printf("Failed to connect to %s: %v", dest, err) http.Error(w, err.Error(), http.StatusBadGateway) return } defer destConn.Close()

Example payload from Injector:

GET http://injector.example.com/ HTTP/1.1 Host: injected.host.com X-Real-Host: target.com:443 We need to parse the real destination from custom headers. package main import ( "bufio" "bytes" "io" "log" "net" "net/http" "strings" )

go func() { io.Copy(destConn, clientConn) }() io.Copy(clientConn, destConn) } remote proxy for http injector

package main import ( "io" "log" "net" "net/http" )

go func() { io.Copy(destConn, clientConn) }() io.Copy(clientConn, destConn) }

go build -o remote-proxy proxy.go

type connPool struct { sync.Mutex conns map[string][]net.Conn } func (p *connPool) Get(addr string) net.Conn { p.Lock() defer p.Unlock() if pool, ok := p.conns[addr]; ok && len(pool) > 0 { conn := pool[len(pool)-1] p.conns[addr] = pool[:len(pool)-1] return conn } return nil }

Configure HTTP Injector with proxy type HTTP → Host your-server-ip → Port 8080 . It will work as a standard tunnel. 4. Adding Injector-Specific Payload Support HTTP Injector often sends custom payloads – not just CONNECT. For example, it might send a crafted HTTP request with a Host header that contains the real destination inside a query parameter or a custom header like X-Forward-Host .

func extractDestination(r *http.Request) (string, error) { // Priority 1: X-Real-Host header (common in custom payloads) if realHost := r.Header.Get("X-Real-Host"); realHost != "" { return realHost, nil } // Priority 2: Host header if r.Host != "" { return r.Host, nil } // Priority 3: Parse from URL (if GET/POST) if r.URL.Host != "" { return r.URL.Host, nil } return "", fmt.Errorf("no destination found") } destConn, err := net

clientConn.Write([]byte("HTTP/1.1 200 Connection Established\r\n\r\n"))

hijacker, ok := w.(http.Hijacker) if !ok { http.Error(w, "Hijacking not supported", http.StatusInternalServerError) return } clientConn, _, err := hijacker.Hijack() if err != nil { log.Printf("Hijack error: %v", err) return } defer clientConn.Close()