Making an Image-Flip Proxy
- Date
There have been many articles about creating a proxy server that flips directly as a proxy or gateway server. or distorts images that pass through it. They are hilarious, but they tended to lack in certain details. This article will detail how to set up the OS, proxy and routing, giving you the option to either use it
This is also very quick and dirty. It is meant to get you started as quickly as possible. This means any longevity or security concerns are ignored. You have been warned.
The original idea came from here.
Setting Up An OS
The proxy is based off of a default install of Debian Lenny from the netinstall ISO. It can be found here.
For the OS install, you can accept the defaults for almost every option. There are two cases to watch out for. First, you will be prompted to confirm all of your partitioning options before proceeding. The default option is to cancel. The second case is the additional software options. I unchecked the “Desktop Environment” option, since this is going to be server.
Once the OS is installed, log in as root
and run the following commands to prepare our environment:
apt-get install squid3 apache2 imagemagick
chmod -R 777 /var/www
Configuring the Proxy
Open the /etc/squid3/squid.conf
file in your favorite editor. Near the top of the file is a configuration option for
http_port
. Change it to look like the following:
http_port 3128 transparent
Next, find the line that begins with INSERT YOUR OWN RULE(S)
, which should be around line number 2138. Below that
line, add the following to allow your private network access to your proxy. Make sure to change the it for your network.
acl lan src 192.168.1.0/24
http_access allow lan
Lastly, go to the bottom of the file and add the following line. This is the magic which will flip the images for you.
redirect_program /usr/local/bin/flip.pl
Save the file and exit your editor.
The Flip Script
Edit the file /usr/local/bin/flip.pl
and add the following to it:
#!/usr/bin/perl
$|=1;
$count = 0;
$pid = $$;
while (<>) {
chomp $_;
if ($_ =~ /(.*)(\.jpg|\.png|\.gif)/i) {
$url = $1 . $2;
system("/usr/bin/wget", "-q", "-O","/var/www/$pid-$count$2", "$url");
system("/usr/bin/mogrify", "-flip","/var/www/$pid-$count$2");
system("/bin/chmod", "777", "/var/www/$pid-$count$2");
print "http://127.0.0.1/$pid-$count$2\n";
} else {
print "$_\n";
}
$count++;
}
The script is fairly simple. Squid passes URL’s to the script. If the URL ends in image type, it is pulled down to root of our web server. Mogrify then modifies the image in place. Lastly, it tells Squid to pull the image from our web server instead of the internet. If the URL isn’t an image, we just dump the origin URL back out.
Once the file is in place, make sure to make it executable.
chmod +x /usr/local/bin/flip.pl
You should have enough to test. Restart Squid with the following:
invoke-rc.d squid3 restart
You can now set up any browser to use the server as a proxy on port
- If you visit a page you have been to before, make sure you refresh a couple of times. Your browser might have cached the images locally, which means they won’t go through our proxy.
Making A Transparent Gateway
The last part of the process is to make the server a gateway which will transparently redirect web requests through the
proxy. Create the file /etc/network/if-up.d/00-firewall
and add the following to it:
#!/bin/sh
PATH=/usr/sbin:/sbin:/bin:/usr/bin
#
# delete all existing rules.
#
iptables -F
iptables -t nat -F
iptables -t mangle -F
iptables -X
# Always accept loopback traffic
iptables -A INPUT -i lo -j ACCEPT
# Allow established connections
iptables -A INPUT -m state --state ESTABLISHED,RELATED,NEW -j ACCEPT
iptables -A FORWARD -i eth0 -o eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
# Allow outgoing connections
iptables -A FORWARD -i eth0 -o eth0 -j ACCEPT
# Masquerade
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128
echo 1 > /proc/sys/net/ipv4/ip_forward
Now make the script executable and restart the networking.
chmod +x /etc/network/if-up.d/00-firewall
invoke-rc.d networking restart
At this point, you should be able to set any computer’s default gateway to the IP address of your server. You don’t need to set a proxy address for your browser. Everything is now routed and all HTTP requests are redirected through the proxy.