Addition of the proxy option and the logging of the performed requests

[P-aLu]

This is a quick addition of two components :

• The database now stores the performed requests
• There is a new setting that let you specify proxy

[RedByte1337]

Hi P-aLu,
Thanks for your pull request (so sorry for the late reply, apparently I forgot to submit my comment two weeks ago...)

I had a couple of remarks though. I see you want to store all the requests in the SQLite database, however, I don't see any way how to retrieve this information or display it in the GUI. So I am wondering what purpose this would serve.

For the proxy, however, it is the other way around. I only see a text field and a button being added to the settings page to set a proxy, which refers to the setProxy() and getProxy() functions, although these functions are not implemented anywhere. There also is no server-side code to handle these proxy functions, so I don't think this will work :)

Although I don't know whether this functionality is really needed since you can already easily make GraphSpy use a proxy using the built in https_proxy environment variable like this:

# Linux
https_proxy=http://127.0.0.1:8080 graphspy
# Windows
$env:HTTPS_PROXY = "http://127.0.0.1:8080"
grahpspy

Would be happy to hear what you think!

[sudonoodle]

@RedByte1337 (thank you for contributing this amazing tool to the community, it's excellent! 🙂)

I believe the purpose of @P-aLu 's PR is to keep a copy of every request made by GraphSpy. Similar to C2 server logs, this is valuable for red teams to resolve deconfliction issues, and also for reporting to clients. I suppose, long-term, it would be ideal to view the "raw" request/responses via the GUI, too.

[P-aLu]

Hey @RedByte1337 , @sudonoodle

Thank you for you the review and sorry for the delay. Definitely I forgot to push some stuff, it should be way better now...

@sudonoodle is right, I made those changes to be able to use your amazing tool during Red Team engagements, here is the detail:

• Depending on the situation, you may need to swap your proxy pretty often and then being able to do so using the GUI is much more convenient than restarting the tool. If the tool is used within Docker containers or other stuff like that, restarting it and changing environnement variable needs much more work than just using the GUI.
• I guess that being able to store the requests logs is cool. My point is that is not that often useful but you may need it one day and you would be happy to have your requests logs stored. In that case I would just access the database file and get my data using 3rd party tools (just like VS Code). But indeed, I don't feel that integrating it to GUI would be so useful.

Let me know your thinks and again, sorry for the first "half-pushed code" PR :)

[RedByte1337]

Hi sudonoodle P-aLu,

Thanks for the insights!

For the proxy, I am wondering if it wouldn't be easier to use os.environ['HTTP_PROXY'] = ... and os.environ['HTTPS_PROXY'] = ... in the set_proxy() function. Then it will automatically be used by all requests made by GraphSpy automatically, without having to modify all of the requests and risking this being forgotten when a new request would be added somewhere :)

Maybe something similar can be done for the request logging. Not sure what the best approach would be. Using requests.Session maybe, and hooking the send function to add the logging there, but then we need to make sure that different requests don't interfere with each other (like if it will reuse the HTTP session and store cookies between requests). Or alternatively building a wrapper function for requests.request function, or even patching it.
Would also probably be a better solution for the user agent header that is manually added to each request everywhere, and we could also set the proxy here of course.

What do you guys think?