Proxy Tooling

How to proxy CLI tools, code, and other apps

Overview

Proxying tooling like the AWS CLI, Nmap, or Python scripts is a great way to understand what's happening under the hood.

Each tool, code, and app may not support the same methods of inspection so you may need to do some research.

Getting a Certificate from Caido (or BurpSuite)

First, we need to download the certificate from Caido

I've placed mine in my downloads folder here /Users/tyler/Downloads/caido_ca.crt

Proxying Tooling

We need to add the following environment variables either to your current terminal session or to your shell profile e.g., ~/.zshrc

Make sure this is the IP : Port that your proxy tool is runnnig on (Caido / BurpSuite)

export HTTP_PROXY="127.0.0.1:8080"
export HTTPS_PROXY="127.0.0.1:8080"

AWS CLI

We need to point the AWS CLI to our certificate otherwise we'll see SSL errors.

export AWS_CA_BUNDLE='/Users/tyler/Downloads/caido_ca.crt'

Alternatively, we can use this which will work with other tools like Python as well,

export REQUESTS_CA_BUNDLE='/Users/tyler/Downloads/caido_ca.crt'

Now, just run any command in terminal and we should see it in Caido / BurpSuite,

aws iam get-user --user-name james

{
    "User": {
        "Path": "/",
        "UserName": "james",
        "UserId": "AIDAU[REDACTED]",
        "Arn": "arn:aws:iam::[REDACTED]:user/james",
        "CreateDate": "2022-05-18T23:38:48+00:00",
        "PasswordLastUsed": "2025-09-24T12:30:48+00:00"
    }
}

And in Caido, under Proxy > HTTP History we'll see,

We can also turn on Caido > Proxy > Intercept to modify the Requests / Responses

Request

POST / HTTP/1.1
Host: iam.amazonaws.com
Accept-Encoding: identity
Content-Type: application/x-www-form-urlencoded; charset=utf-8
User-Agent: aws-cli/2.27.31 md/awscrt#0.26.1 ua/2.1 os/macos#24.6.0 md/arch#arm64 lang/python#3.13.7 md/pyimpl#CPython cfg/retry-mode#standard md/installer#source md/prompt#off md/command#iam.get-user
X-Amz-Date: 20250924T120540Z
Authorization: AWS4-HMAC-SHA256 Credential=AKIA[REDACTED]/20250924/us-east-1/iam/aws4_request, SignedHeaders=content-type;host;x-amz-date, Signature=6871952e6714a55bada63b6129038299bd05d08e9c4b1b48ce86dc8c4d54cd41
Content-Length: 51

Action=GetUser&Version=2010-05-08&UserName=james

Response

HTTP/1.1 200 OK
Date: Wed, 24 Sep 2025 12:05:40 GMT
x-amzn-RequestId: 3f0a291f-1f43-4427-b29e-97331c7e37a1
Content-Type: text/xml
Content-Length: 529

<GetUserResponse xmlns="https://iam.amazonaws.com/doc/2010-05-08/">
    <GetUserResult>
        <User>
            <Path>/</Path>
            <PasswordLastUsed>2025-09-24T12:30:48Z</PasswordLastUsed>
            <UserName>james</UserName>
            <Arn>arn:aws:iam::[REDACTED]:user/dev_user</Arn>
            <UserId>AIDA[REDACTED]</UserId>
            <CreateDate>2022-05-18T23:38:48Z</CreateDate>
        </User>
    </GetUserResult>
    <ResponseMetadata>
        <RequestId>3f0a291f-1f43-4427-b29e-97331c7e37a1</RequestId>
    </ResponseMetadata>
</GetUserResponse>

curl

One way to proxy curl is by specifying the proxy in the command

curl -x http://127.0.0.1:8080 www.google.com

nmap

We can proxy nmap by specifying the proxy as a parameter

nmap --proxies http://127.0.0.1:8080 SERVER_IP -pPORT -Pn -sC

metasploit

We can proxy metasploit exploits by setting the proxy in the exploit's configuration e.g.,

set PROXIES HTTP:127.0.0.1:8080

Proxychains

Proxychains enables us to easily proxy tools as well which is useful for tooling that may not have a proxy option (this can also work for tools that do).

Update your proxy config file found in:

Linux: /etc/proxychains.conf
macOS: /opt/homebrew/etc/proxychains.conf (assuming installed via Homebrew)

#socks4         127.0.0.1 9050
http 127.0.0.1 8080

Optionally, uncomment quite_mode to reduce the output when running proxychains (can also use -s )

# Quiet mode (no output from library)
quiet_mode

Then run your commands

proxychains4 -q aws sts get-caller-identity

{
    "UserId": "AIDA[REDACTED]",
    "Account": "[REDACTED]",
    "Arn": "arn:aws:iam::[REDACTED]:user/james"
}

And this will show up in Caido / BurpSuite.

PreviousPython NextCI/CD

Last updated 3 months ago

Was this helpful?