Proxy Tooling
How to proxy CLI tools, code, and other apps
Overview
Proxying tooling like the AWS CLI, Nmap, or Python scripts is a great way to understand what's happening under the hood.
Each tool, code, and app may not support the same methods of inspection so you may need to do some research.
Getting a Certificate from Caido (or BurpSuite)
First, we need to download the certificate from Caido
I've placed mine in my downloads folder here /Users/tyler/Downloads/caido_ca.crt
Proxying Tooling
We need to add the following environment variables either to your current terminal session or to your shell profile e.g., ~/.zshrc
Make sure this is the IP : Port that your proxy tool is runnnig on (Caido / BurpSuite)
export HTTP_PROXY="127.0.0.1:8080"
export HTTPS_PROXY="127.0.0.1:8080"AWS CLI
We need to point the AWS CLI to our certificate otherwise we'll see SSL errors.
export AWS_CA_BUNDLE='/Users/tyler/Downloads/caido_ca.crt'Alternatively, we can use this which will work with other tools like Python as well,
export REQUESTS_CA_BUNDLE='/Users/tyler/Downloads/caido_ca.crt'Now, just run any command in terminal and we should see it in Caido / BurpSuite,
aws iam get-user --user-name james
{
"User": {
"Path": "/",
"UserName": "james",
"UserId": "AIDAU[REDACTED]",
"Arn": "arn:aws:iam::[REDACTED]:user/james",
"CreateDate": "2022-05-18T23:38:48+00:00",
"PasswordLastUsed": "2025-09-24T12:30:48+00:00"
}
}And in Caido, under Proxy > HTTP History we'll see,
Request
POST / HTTP/1.1
Host: iam.amazonaws.com
Accept-Encoding: identity
Content-Type: application/x-www-form-urlencoded; charset=utf-8
User-Agent: aws-cli/2.27.31 md/awscrt#0.26.1 ua/2.1 os/macos#24.6.0 md/arch#arm64 lang/python#3.13.7 md/pyimpl#CPython cfg/retry-mode#standard md/installer#source md/prompt#off md/command#iam.get-user
X-Amz-Date: 20250924T120540Z
Authorization: AWS4-HMAC-SHA256 Credential=AKIA[REDACTED]/20250924/us-east-1/iam/aws4_request, SignedHeaders=content-type;host;x-amz-date, Signature=6871952e6714a55bada63b6129038299bd05d08e9c4b1b48ce86dc8c4d54cd41
Content-Length: 51
Action=GetUser&Version=2010-05-08&UserName=jamesResponse
HTTP/1.1 200 OK
Date: Wed, 24 Sep 2025 12:05:40 GMT
x-amzn-RequestId: 3f0a291f-1f43-4427-b29e-97331c7e37a1
Content-Type: text/xml
Content-Length: 529
<GetUserResponse xmlns="https://iam.amazonaws.com/doc/2010-05-08/">
<GetUserResult>
<User>
<Path>/</Path>
<PasswordLastUsed>2025-09-24T12:30:48Z</PasswordLastUsed>
<UserName>james</UserName>
<Arn>arn:aws:iam::[REDACTED]:user/dev_user</Arn>
<UserId>AIDA[REDACTED]</UserId>
<CreateDate>2022-05-18T23:38:48Z</CreateDate>
</User>
</GetUserResult>
<ResponseMetadata>
<RequestId>3f0a291f-1f43-4427-b29e-97331c7e37a1</RequestId>
</ResponseMetadata>
</GetUserResponse>curl
One way to proxy curl is by specifying the proxy in the command
curl -x http://127.0.0.1:8080 www.google.comnmap
We can proxy nmap by specifying the proxy as a parameter
nmap --proxies http://127.0.0.1:8080 SERVER_IP -pPORT -Pn -sCmetasploit
We can proxy metasploit exploits by setting the proxy in the exploit's configuration e.g.,
set PROXIES HTTP:127.0.0.1:8080Proxychains
Proxychains enables us to easily proxy tools as well which is useful for tooling that may not have a proxy option (this can also work for tools that do).
Update your proxy config file found in:
Linux:
/etc/proxychains.confmacOS:
/opt/homebrew/etc/proxychains.conf(assuming installed via Homebrew)
#socks4 127.0.0.1 9050
http 127.0.0.1 8080Optionally, uncomment quite_mode to reduce the output when running proxychains (can also use -s )
# Quiet mode (no output from library)
quiet_modeThen run your commands
proxychains4 -q aws sts get-caller-identity
{
"UserId": "AIDA[REDACTED]",
"Account": "[REDACTED]",
"Arn": "arn:aws:iam::[REDACTED]:user/james"
}And this will show up in Caido / BurpSuite.
Last updated
Was this helpful?