{"id":30034782,"url":"https://github.com/naseridev/cork","last_synced_at":"2025-08-07T00:51:56.519Z","repository":{"id":308155633,"uuid":"1031814229","full_name":"naseridev/cork","owner":"naseridev","description":"Lightweight, powerful HTTP/HTTPS traffic analysis tool for network monitoring","archived":false,"fork":false,"pushed_at":"2025-08-04T11:39:44.000Z","size":20,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-08-04T15:44:22.643Z","etag":null,"topics":["analysis","http","https","rust","sniffing"],"latest_commit_sha":null,"homepage":"","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/naseridev.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2025-08-04T11:22:03.000Z","updated_at":"2025-08-04T11:39:47.000Z","dependencies_parsed_at":"2025-08-04T15:57:29.168Z","dependency_job_id":null,"html_url":"https://github.com/naseridev/cork","commit_stats":null,"previous_names":["naseridev/cork"],"tags_count":null,"template":false,"template_full_name":null,"purl":"pkg:github/naseridev/cork","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/naseridev%2Fcork","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/naseridev%2Fcork/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/naseridev%2Fcork/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/naseridev%2Fcork/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/naseridev","download_url":"https://codeload.github.com/naseridev/cork/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/naseridev%2Fcork/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":269181031,"owners_count":24373850,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-08-06T02:00:09.910Z","response_time":99,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["analysis","http","https","rust","sniffing"],"created_at":"2025-08-07T00:51:55.200Z","updated_at":"2025-08-07T00:51:56.497Z","avatar_url":"https://github.com/naseridev.png","language":"Rust","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Cork - Advanced HTTP/HTTPS Traffic Analysis Proxy\n\nCork is a lightweight, high-performance HTTP/HTTPS proxy server designed for network traffic analysis, monitoring, and security research. Built in Rust, it provides comprehensive traffic inspection capabilities with optional HTTPS Man-in-the-Middle (MITM) functionality for deep packet analysis.\n\n## Features\n\n### Core Capabilities\n- **High Performance**: Multi-threaded architecture with optimized buffer management\n- **Protocol Support**: HTTP/1.1 and HTTPS with optional TLS termination\n- **Traffic Analysis**: Comprehensive request/response logging and metrics\n- **Rule-Based Filtering**: Regex-based content filtering and blocking\n- **Multiple Logging Formats**: Text, JSON, and CSV output formats\n- **Connection Management**: Intelligent connection pooling and timeout handling\n\n### Advanced Features\n- **HTTPS MITM**: Optional TLS interception for encrypted traffic analysis\n- **Adaptive Performance**: Automatic optimization based on system resources\n- **Real-time Statistics**: Connection metrics and performance monitoring\n- **Flexible Configuration**: Command-line interface with extensive options\n\n## Technical Architecture\n\n### Performance Optimizations\nCork implements several performance optimizations:\n\n- **Dynamic Resource Allocation**: Automatically adjusts thread pool size and buffer allocation based on available system resources\n- **OS-Specific Tuning**: Platform-specific socket optimizations for Linux, Windows, and macOS\n- **Batch Processing**: Efficient log batching to minimize I/O overhead\n- **Memory Management**: Intelligent buffer sizing and connection reuse\n\n### Security Considerations\n- **Certificate Management**: Support for custom TLS certificates for MITM operations\n- **Rule Engine**: Regex-based filtering for content analysis and blocking\n- **Connection Limits**: Built-in protection against connection exhaustion attacks\n\n## Installation\n\n### Prerequisites\n- Rust 1.70+ with Cargo\n- OpenSSL development libraries (for TLS support)\n\n### Dependencies\nThe project relies on several key Rust crates:\n- `rustls`: Modern TLS implementation\n- `clap`: Command-line argument parsing\n- `crossbeam-channel`: High-performance channel communication\n- `regex`: Pattern matching for rule engine\n- `serde`: Serialization for configuration and logging\n- `chrono`: Timestamp handling\n\n### Build Instructions\n```bash\ngit clone \u003crepository-url\u003e\ncd cork\ncargo build --release\n```\n\n## Usage\n\n### Basic HTTP Proxy\n```bash\n./cork --host 0.0.0.0 --port 8080\n```\n\n### HTTPS MITM Proxy\n```bash\n./cork --host 0.0.0.0 --port 8080 --cert server.crt --key server.key\n```\n\n### Advanced Configuration\n```bash\n./cork \\\n  --host 0.0.0.0 \\\n  --port 8080 \\\n  --rules rules.json \\\n  --cert server.crt \\\n  --key server.key \\\n  --log-format json \n```\n\n## Command Line Options\n\n| Option | Short | Description | Default |\n|--------|-------|-------------|---------|\n| `--host` | `-h` | Listen address | `127.0.0.1` |\n| `--port` | `-p` | Listen port | `8080` |\n| `--rules` | `-r` | Path to rules JSON file | None |\n| `--cert` | `-c` | TLS certificate for MITM | None |\n| `--key` | `-k` | TLS private key for MITM | None |\n| `--log-format` | `-f` | Output format (text/json/csv) | `text` |\n\n## Configuration\n\n### Rules Engine\nCork supports regex-based filtering rules defined in JSON format:\n\n```json\n[\n  {\n    \"name\": \"Block Social Media\",\n    \"pattern\": \"(facebook|twitter|instagram)\\\\.com\",\n    \"action\": \"block\",\n    \"replacement\": null\n  },\n  {\n    \"name\": \"Block Malware Domains\",\n    \"pattern\": \"malicious-domain\\\\.com\",\n    \"action\": \"block\",\n    \"replacement\": null\n  }\n]\n```\n\n### Rule Properties\n- **name**: Human-readable rule identifier\n- **pattern**: Regular expression for matching\n- **action**: Action to take (`block` currently supported)\n- **replacement**: Future feature for content modification\n\n## Logging and Output\n\n### Log Formats\n\n#### Text Format (Default)\n```\n[2024-01-15 14:30:45] 200 GET /api/data 192.168.1.100 -\u003e example.com\n```\n\n#### JSON Format\n```json\n{\n  \"timestamp\": 1705329045,\n  \"timestamp_human\": \"[2024-01-15 14:30:45]\",\n  \"session_id\": \"a1b2c3\",\n  \"src_addr\": \"192.168.1.100:45678\",\n  \"dst_addr\": \"example.com:443\",\n  \"method\": \"GET\",\n  \"url\": \"/api/data\",\n  \"full_url\": \"https://example.com/api/data\",\n  \"status\": 200,\n  \"request_size\": 512,\n  \"response_size\": 2048,\n  \"duration_ms\": 145.5,\n  \"is_https\": true,\n  \"user_agent\": \"Mozilla/5.0...\",\n  \"blocked\": false\n}\n```\n\n#### CSV Format\nSuitable for data analysis with spreadsheet applications or data processing pipelines.\n\n### Output Files\n- **Text**: `cork.log`\n- **JSON**: `cork.jsonl` (JSON Lines format)\n- **CSV**: `cork.csv`\n\n## Performance Tuning\n\n### Automatic Optimization\nCork automatically optimizes performance based on:\n- **CPU Count**: Thread pool sizing\n- **Available Memory**: Buffer allocation\n- **Operating System**: Platform-specific optimizations\n\n### Manual Tuning\nFor specific use cases, consider:\n- **High Traffic**: Increase system file descriptor limits\n- **Memory Constraints**: Monitor batch sizes and buffer allocation\n- **Network Latency**: Adjust timeout values in source code\n\n## Security and Privacy Considerations\n\n### HTTPS MITM Setup\nWhen using MITM functionality:\n\n1. **Generate Certificate Authority**:\n```bash\nopenssl genrsa -out ca.key 4096\nopenssl req -new -x509 -days 365 -key ca.key -out ca.crt\n```\n\n2. **Generate Server Certificate**:\n```bash\nopenssl genrsa -out server.key 4096\nopenssl req -new -key server.key -out server.csr\nopenssl x509 -req -days 365 -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt\n```\n\n3. **Client Configuration**: Install `ca.crt` as trusted root certificate on client systems\n\n### Legal and Ethical Considerations\n- Ensure compliance with local privacy laws\n- Obtain proper authorization before monitoring network traffic\n- Use only for legitimate security research or network administration\n- Implement appropriate data retention and access controls\n\n## Research Applications\n\n### Network Security Analysis\n- **Malware Communication**: Identify C\u0026C traffic patterns\n- **Data Exfiltration**: Monitor unusual outbound data flows\n- **Protocol Analysis**: Study HTTP/HTTPS usage patterns\n\n### Performance Research\n- **Latency Analysis**: Measure request/response times\n- **Bandwidth Utilization**: Track data transfer patterns\n- **Caching Effectiveness**: Analyze cache hit/miss ratios\n\n### Academic Use Cases\n- **Network Behavior Studies**: Understand application communication patterns\n- **Security Research**: Analyze attack vectors and defensive measures\n- **Protocol Development**: Test new HTTP extensions or modifications\n\n## Contributing\n\n### Development Setup\n1. Fork the repository\n2. Create feature branch: `git checkout -b feature/enhancement`\n3. Follow Rust coding standards and run `cargo clippy`\n4. Add tests for new functionality\n5. Submit pull request with detailed description\n\n### Code Structure\n- **Main Loop**: Connection handling and thread management\n- **Protocol Handlers**: HTTP/HTTPS request processing\n- **Rule Engine**: Pattern matching and filtering\n- **Logging System**: Multi-format output generation\n- **Performance Layer**: System optimization and resource management\n\n## Disclaimer\n\nThis tool is intended for legitimate network analysis, security research, and educational purposes. Users are responsible for ensuring compliance with applicable laws and regulations. The authors assume no liability for misuse of this software.\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnaseridev%2Fcork","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fnaseridev%2Fcork","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnaseridev%2Fcork/lists"}