-
Notifications
You must be signed in to change notification settings - Fork 646
Description
I have made a Pangolin ressource to be able to access a UI running on 443 at the end of the chain.
curl -v -x http://gost-proxy:8118 https://target.com.internal
works like a charm.
But doing the same via Pangolin does not work. A whoami container works and I can see the headers. It has the correct Host header.
I have to set the first leg via Pangolin to http but then gost for some reason only seems to care about target.com.internal:80 according to the logs
Hostname: 2181d497b911
IP: 127.0.0.1
IP: ::1
IP: 172.18.0.2
RemoteAddr: 172.18.0.5:32820
GET / HTTP/1.1
Host: target.com.internal
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:144.0) Gecko/20100101 Firefox/144.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip, deflate, br, zstd
Accept-Language: en-US,en;q=0.5
Cookie: p_session_token_s.1759275596773=3bqfwadsdsdsdsdsdsdsddss
Priority: u=0, i
Remote-Email: administrator@test.com
Remote-User: administrator@test.com
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
Sec-Fetch-User: ?1
Te: trailers
Upgrade-Insecure-Requests: 1
X-Forwarded-For: 181.xxxxx
X-Forwarded-Host: test.my.team
X-Forwarded-Port: 443
X-Forwarded-Proto: https
X-Forwarded-Server: 8454ba6d8c4a
X-Real-Ip: 181.xxxxxx
":"172.18.0.7:8118","msg":"172.18.0.5:40024 <> 172.18.0.7:8118","remote":"172.18.0.5:40024","service":"service-0","sid":"d3e75cqlaa9c73cmus0g","time":"2025-10-01T00:15:47.646Z"} │
nfo","listener":"tcp","local":"172.18.0.7:8118","msg":"172.18.0.5:40024 <> 172.18.0.7:8118","network":"","remote":"172.18.0.5:40024","service":"service-0","sid":"d3e75cqlaa9c73cmus0g","time":"2025-10-01T00:15│
andler":"http","host":"target.com.internal:80","kind":"handler","level":"debug","listener":"tcp","local":"172.18.0.7:8118","msg":"172.18.0.5:40024 >> target.com.internal:80","network":"t│
ntes.de:80","handler":"http","host":"target.com.internal:80","kind":"handler","level":"info","listener":"tcp","local":"172.18.0.7:8118","msg":"172.18.0.5:40024 <-> target.com.internal","│
ntes.de:80","duration":297910,"handler":"http","host":"target.com.internal:80","inputBytes":0,"kind":"handler","level":"info","listener":"tcp","local":"172.18.0.7:8118","msg":"172.18.0.5:40024 >-< │
es":794,"kind":"handler","level":"info","listener":"tcp","local":"172.18.0.7:8118","msg":"172.18.0.5:40024 >< 172.18.0.7:8118","network":"","outputBytes":55,"remote":"172.18.0.5:40024","service":"service-0","│
ener":"tcp","local":"172.18.0.7:8118","msg":"172.18.0.5:40024 >< 172.18.0.7:8118","remote":"172.18.0.5:40024","service":"service-0","sid":"d3e75cqlaa9c73cmus0g","time":"2025-10-01T00:15:47.646Z"} │
sg":"http: no Host in request URL","service":"service-0","sid":"d3e75cqlaa9c73cmus0g","time":"2025-10-01T00:15:47.646Z"}
running via
command: -L=:8118?sniffing=true -F=socks5://target.com.internal-ssh-proxy:1080 -D debug
Is there any way I can tell Gost for that Host to auto-upgrade to port 443 ?
I am not sure if it should be a feature request to be able to rewrite host headers or ports.
Also, how can I see , to be really sure, how the full request looks that arrives in Gost ?
Or is this something Pangolin has to fix on their side ? I have a few services working already , this is the first one that goes through a ssh dynamic port forward like
Host target.com.internal-socks-proxy
HostName 111.1.111.111
User usr
DynamicForward 0.0.0.0:1080
I read the whole documentation and tried a lot of different options.
What am I missing ?
EDIT: Privoxy works, so it seems there is either a bug or a feature missing in gost? Privoxy cannot do ws and wss so I hope gost will do the job!
EDIT2: I was able to overwrite with a custom host header
Host: target.com.internal:443
handler":"http","host":"target.com.internal:443","kind":"handler","level":"debug","listener":"tcp","local":"172.18.0.7:8118","msg":"172.18.0.5:59450 >> target.com.internal:443","network"│
es":798,"kind":"handler","level":"info","listener":"tcp","local":"172.18.0.7:8118","msg":"172.18.0.5:59450 >< 172.18.0.7:8118","network":"","outputBytes":47,"remote":"172.18.0.5:59450","service":"service-0","│
Now I just get an 400 Bad Request error...