Stephen H. Gerstacker

Making an Image-Flip Proxy

Date

There have been many articles about creating a proxy server that flips directly as a proxy or gateway server. or distorts images that pass through it. They are hilarious, but they tended to lack in certain details. This article will detail how to set up the OS, proxy and routing, giving you the option to either use it

This is also very quick and dirty. It is meant to get you started as quickly as possible. This means any longevity or security concerns are ignored. You have been warned.

The original idea came from here.

Setting Up An OS

The proxy is based off of a default install of Debian Lenny from the netinstall ISO. It can be found here.

For the OS install, you can accept the defaults for almost every option. There are two cases to watch out for. First, you will be prompted to confirm all of your partitioning options before proceeding. The default option is to cancel. The second case is the additional software options. I unchecked the “Desktop Environment” option, since this is going to be server.

Once the OS is installed, log in as root and run the following commands to prepare our environment:

apt-get install squid3 apache2 imagemagick  
chmod -R 777 /var/www

Configuring the Proxy

Open the /etc/squid3/squid.conf file in your favorite editor. Near the top of the file is a configuration option for http_port. Change it to look like the following:

http_port 3128 transparent

Next, find the line that begins with INSERT YOUR OWN RULE(S), which should be around line number 2138. Below that line, add the following to allow your private network access to your proxy. Make sure to change the it for your network.

acl lan src 192.168.1.0/24  
http_access allow lan

Lastly, go to the bottom of the file and add the following line. This is the magic which will flip the images for you.

redirect_program /usr/local/bin/flip.pl

Save the file and exit your editor.

The Flip Script

Edit the file /usr/local/bin/flip.pl and add the following to it:

#!/usr/bin/perl

$|=1;  
$count = 0;  
$pid = $$;  
while (<>) {  
    chomp $_;  
    if ($_ =~ /(.*)(\.jpg|\.png|\.gif)/i) {  
        $url = $1 . $2;  
        system("/usr/bin/wget", "-q", "-O","/var/www/$pid-$count$2", "$url");  
        system("/usr/bin/mogrify", "-flip","/var/www/$pid-$count$2");  
        system("/bin/chmod", "777", "/var/www/$pid-$count$2");  
        print "http://127.0.0.1/$pid-$count$2\n";  
    } else {  
        print "$_\n";  
    }  
    $count++;  
}

The script is fairly simple. Squid passes URL’s to the script. If the URL ends in image type, it is pulled down to root of our web server. Mogrify then modifies the image in place. Lastly, it tells Squid to pull the image from our web server instead of the internet. If the URL isn’t an image, we just dump the origin URL back out.

Once the file is in place, make sure to make it executable.

chmod +x /usr/local/bin/flip.pl

You should have enough to test. Restart Squid with the following:

invoke-rc.d squid3 restart

You can now set up any browser to use the server as a proxy on port

  1. If you visit a page you have been to before, make sure you refresh a couple of times. Your browser might have cached the images locally, which means they won’t go through our proxy.

Making A Transparent Gateway

The last part of the process is to make the server a gateway which will transparently redirect web requests through the proxy. Create the file /etc/network/if-up.d/00-firewall and add the following to it:

#!/bin/sh

PATH=/usr/sbin:/sbin:/bin:/usr/bin

#  
# delete all existing rules.  
#  
iptables -F  
iptables -t nat -F  
iptables -t mangle -F  
iptables -X

# Always accept loopback traffic  
iptables -A INPUT -i lo -j ACCEPT

# Allow established connections  
iptables -A INPUT -m state --state ESTABLISHED,RELATED,NEW -j ACCEPT  
iptables -A FORWARD -i eth0 -o eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT

# Allow outgoing connections  
iptables -A FORWARD -i eth0 -o eth0 -j ACCEPT

# Masquerade  
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE  
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128

echo 1 > /proc/sys/net/ipv4/ip_forward

Now make the script executable and restart the networking.

chmod +x /etc/network/if-up.d/00-firewall  
invoke-rc.d networking restart

At this point, you should be able to set any computer’s default gateway to the IP address of your server. You don’t need to set a proxy address for your browser. Everything is now routed and all HTTP requests are redirected through the proxy.

Git Switch

Date

I have a need to change my git profile depending on what I’m working on. I created a simple script that I could run in the shell to switch between my profiles.

#!/bin/bash

case "$1" in  
'place1')  
git config --global user.name "Your Name"  
git config --global user.email foo@bar.com  
;;  
*)  
git config --global user.name "Your Other Name"  
git config --global user.email bar@baz.com  
;;  
esac

git config --global user.name  
git config --global user.email

If you put this script in your PATH, you can then run git switch place, where place is the profile you would like to use. In the script above, place1 is your first profile and anything else is the second profile. This allows you to run git switch, which just switches to the last, default profile.

The magic of git is that if you run git something, it looks for the command git-something in your path and runs it. If you save the above script as git-switch in your PATH and make it executable, you can execute the command as if it were apart of your git tool chain.

Newer