Dedicated to high quality security solutions, Open Systems constantly seeks out ways to further improve protection against unexpected effects a change of a component might have on the system. Whether that change is a result of an innovation from Labs or of a version upgrade of one of our carefully selected third-party components, we want to be as certain as we can, that the functionality of our products is always guaranteed without restrictions and their security is impeccable at any point in time.
One tool that has resulted from that effort and proved handy when checking a system's manner of handling different web server responses, is Contagent.
Contagent offers persistent responses to the same requests and is totally under your control as you may install it on your own host running Linux. It serves different HTTP responses that are like those you might get from broken or misconfigured servers on the internet, e.g. response headers containing null bytes or very long ones. But it also lets you host servers with insecure certificates of all kinds, e.g. expired ones. On top of that files for testing archive or media type handling and malware detection are hosted on a dedicated server.
Testing your client/proxy using Contagent provides you with answers to questions of the following kind:
- Are expired certificates blocked?
- Are expired certificates allowed when on the certificate whitelist?
- Is it possible to download malware through the proxy?
- What about executables?
- Or zip files that are compressed recursively 300 times?
As we realized that this server functionality is something which could be useful in many different scenarios, we have decided to make it open source and publish it on github, available for you to clone/download (https://github.com/open-ch/contagent).
How we use Contagent
Contagent was developed as a part of a testing environment for the Web Proxy service and is tightly integrated in our automatic testing framework. In addition to our unit tests, every code change triggers an extensive set of end-to-end tests that make use of Contagent’s servers.
How to use Contagent yourself
After installing nginx (the web server), cfssl (for certificate generation), and jq (neat JSON handling tool) on your Linux machine, it should meet all the requirements needed to install Contagent - just clone or download it from github (https://github.com/open-ch/contagent), run the install.sh script, include the freshly installed server configuration in the nginx config file, and you are ready to go.
Ready to perform requests to the server and see if the responses are as expected. You might want to test the behaviour of your sophisticated multi-level intermediate infrastructure or just the response handling done by your web browser. That's up to you now.
For more information on what Contagent has to offer, feel free to have a look at the README in the repository.