Gor – A simple http traffic replication tool written in Go


Gor a simple HTTP traffic replication tool written in Go. Its main goal is to replay traffic from production servers to staging and dev environments.

You can check your code on real user sessions in an automatic and repeatable fashion. No additional falling down in production!

Here is basic workflow: The perceiver server catches HTTP traffic and sends it to the replay server or saves to file.The replay server forwards traffic to a given address.





HTTP traffic replay in real-time. Replay traffic from production to staging and dev environments.

Gor supports:
Traffic Capturing  from port

One instance for both listening and replaying(recommended to use separate server for replaying
traffic, but if you have enough CPU resources you can use single Gor instance.)

Guarantee of replay and HTTP input:
Due to how traffic interception works, there is chance of missing requests. If you want guarantee that requests will be replayed you can use http input, but it will require changes in your app as well.Then in your application you should send copy (e.g. like reverse proxy) all incoming requests to Gor http input.

Following redirects:10 redirects per request.

Rate limiting:Every input and output support rate limiting. It can be useful if you want forward only part of production traffic and not overload your staging environment.

There are 2 limiting algorithms: absolute or percentage based.

Absolute: If for current second it reached specified requests limit - disregard the rest, on next second counter reseted.

Percentage: For input-file it will slowdown or speedup request execution, for the rest it will use random generator to decide if request pass or not based on weight you specified

Limiting replay using absolute number

Limiting listener using percentage based limiter

Load testing: Currently it supported only by input-file and only when using percentage based limiter. Unlike default limiter for input-file instead of dropping requests it will slowdown or speedup request emitting.

Filtering
Match on regexp of url

Filter based on regexp of header

Filter based on hash of header

Forward to multiple addresses: You can forward traffic to multiple endpoints. Just add multiple --output-* arguments.

Splitting traffic: By default it will send same traffic to all outputs, but you have options to equally split it:

Saving requests to file: You can save requests to file, and replay them later

Injecting headers: Additional headers can be injected/overwritten into requests during replay. This may be useful if you need to identify requests generated by Gor or enable feature flagged functionality in an application

Filtering HTTP methods: Requests not matching a specified whitelist can be filtered out. For example to strip non-nullipotent requests.

Basic Auth: If your development or staging environment is protected by Basic Authentication then those credentials can be injected in during the replay.

Rewrite the target urls based on a mapping

Stats
ElasticSearch: For deep response analyze based on url, cookie, user-agent and etc. you can export response metadata to ElasticSearch.
Github:source

Post a Comment

0 Comments