# Proxy Tooling

## Overview

Proxying tooling like the AWS CLI, Nmap, or Python scripts is a great way to understand what's happening under the hood. 

{% hint style="danger" %}
Each tool, code, and app may not support the same methods of inspection so you may need to do some research.
{% endhint %}

***

## Getting a Certificate from Caido (or BurpSuite)

First, we need to download the certificate from Caido

<figure><img src="/files/uBJaOYdMs1ZFZzpcRroi" alt=""><figcaption></figcaption></figure>

I've placed mine in my downloads folder here `/Users/tyler/Downloads/caido_ca.crt`

***

## Proxying Tooling

We need to add the following environment variables either to your current terminal session or to your shell profile e.g., `~/.zshrc`

{% hint style="warning" %}
Make sure this is the IP : Port that your proxy tool is runnnig on (Caido / BurpSuite)
{% endhint %}

```
export HTTP_PROXY="127.0.0.1:8080"
export HTTPS_PROXY="127.0.0.1:8080"
```

### AWS CLI

We need to point the AWS CLI to our certificate otherwise we'll see SSL errors.

```
export AWS_CA_BUNDLE='/Users/tyler/Downloads/caido_ca.crt'
```

Alternatively, we can use this which will work with other tools like Python as well,

```
export REQUESTS_CA_BUNDLE='/Users/tyler/Downloads/caido_ca.crt'
```

Now, just run any command in terminal and we should see it in Caido / BurpSuite,

{% code overflow="wrap" %}

```sh
aws iam get-user --user-name james

{
    "User": {
        "Path": "/",
        "UserName": "james",
        "UserId": "AIDAU[REDACTED]",
        "Arn": "arn:aws:iam::[REDACTED]:user/james",
        "CreateDate": "2022-05-18T23:38:48+00:00",
        "PasswordLastUsed": "2025-09-24T12:30:48+00:00"
    }
}
```

{% endcode %}

And in Caido, under `Proxy > HTTP History`  we'll see,

{% hint style="info" %}
We can also turn on `Caido > Proxy > Intercept` to modify the Requests / Responses
{% endhint %}

**Request**

{% code overflow="wrap" %}

```sh
POST / HTTP/1.1
Host: iam.amazonaws.com
Accept-Encoding: identity
Content-Type: application/x-www-form-urlencoded; charset=utf-8
User-Agent: aws-cli/2.27.31 md/awscrt#0.26.1 ua/2.1 os/macos#24.6.0 md/arch#arm64 lang/python#3.13.7 md/pyimpl#CPython cfg/retry-mode#standard md/installer#source md/prompt#off md/command#iam.get-user
X-Amz-Date: 20250924T120540Z
Authorization: AWS4-HMAC-SHA256 Credential=AKIA[REDACTED]/20250924/us-east-1/iam/aws4_request, SignedHeaders=content-type;host;x-amz-date, Signature=6871952e6714a55bada63b6129038299bd05d08e9c4b1b48ce86dc8c4d54cd41
Content-Length: 51

Action=GetUser&Version=2010-05-08&UserName=james
```

{% endcode %}

**Response**

{% code overflow="wrap" %}

```sh
HTTP/1.1 200 OK
Date: Wed, 24 Sep 2025 12:05:40 GMT
x-amzn-RequestId: 3f0a291f-1f43-4427-b29e-97331c7e37a1
Content-Type: text/xml
Content-Length: 529

<GetUserResponse xmlns="https://iam.amazonaws.com/doc/2010-05-08/">
    <GetUserResult>
        <User>
            <Path>/</Path>
            <PasswordLastUsed>2025-09-24T12:30:48Z</PasswordLastUsed>
            <UserName>james</UserName>
            <Arn>arn:aws:iam::[REDACTED]:user/dev_user</Arn>
            <UserId>AIDA[REDACTED]</UserId>
            <CreateDate>2022-05-18T23:38:48Z</CreateDate>
        </User>
    </GetUserResult>
    <ResponseMetadata>
        <RequestId>3f0a291f-1f43-4427-b29e-97331c7e37a1</RequestId>
    </ResponseMetadata>
</GetUserResponse>
```

{% endcode %}

### curl

One way to proxy curl is by specifying the proxy in the command

{% code overflow="wrap" %}

```sh
curl -x http://127.0.0.1:8080 www.google.com
```

{% endcode %}

### nmap

We can proxy nmap by specifying the proxy as a parameter&#x20;

{% code overflow="wrap" %}

```sh
nmap --proxies http://127.0.0.1:8080 SERVER_IP -pPORT -Pn -sC
```

{% endcode %}

### metasploit

We can proxy metasploit exploits by setting the proxy in the exploit's configuration e.g.,&#x20;

{% code overflow="wrap" %}

```sh
set PROXIES HTTP:127.0.0.1:8080
```

{% endcode %}

***

## Proxychains

Proxychains enables us to easily proxy tools as well which is useful for tooling that may not have a proxy option (this can also work for tools that do).

Update your proxy config file found in:

* Linux:  `/etc/proxychains.conf`&#x20;
* macOS: `/opt/homebrew/etc/proxychains.conf` (assuming installed via [Homebrew](/coding-and-cli-tooling/cli-tools/homebrew.md))

{% code overflow="wrap" %}

```
#socks4         127.0.0.1 9050
http 127.0.0.1 8080
```

{% endcode %}

Optionally, uncomment `quite_mode` to reduce the output when running proxychains (can also use `-s` )

{% code overflow="wrap" %}

```
# Quiet mode (no output from library)
quiet_mode
```

{% endcode %}

Then run your commands

```
proxychains4 -q aws sts get-caller-identity

{
    "UserId": "AIDA[REDACTED]",
    "Account": "[REDACTED]",
    "Arn": "arn:aws:iam::[REDACTED]:user/james"
}
```

And this will show up in Caido / BurpSuite.&#x20;


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://www.techwithtyler.dev/coding-and-cli-tooling/proxy-tooling.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.