ssrf_proxy 0.0.3 → 0.0.4

checksums.yaml

@@ -1,15 +1,15 @@
 ---
 !binary "U0hBMQ==":
   metadata.gz: !binary |-
-    OWNjNWNkNjA2ZjI0NjQ4MWNkMzhhMTM2ZWIxZDQzNTFiMjg1ZmNhZg==
+    ZGJhNjA3ZTRkODE5YTNlZmQyYTY3MGJjM2Q1YWE1NTNhOThhYmE2ZA==
   data.tar.gz: !binary |-
-    MThiZTIzYzZjOGZlMDMzNzdhZjFiYWEzNGMyZDVlNjBhYTM5MTVhYg==
+    YzZlMmY0ODI2NGM0MmNiNzk0MjcxZTAwMDM5YjZhNWNmMTA1ZDVlOQ==
 SHA512:
   metadata.gz: !binary |-
-    YTY0N2I2YWFhNjUzODYyODQzN2QyOTliMjZlN2Y1YjJmYzQ4ZTZhNjQxNmNh
-    MGM2Y2RiZThmY2I5YzBlOTE4Nzk2ZWU5YTI1YzViOGNhMTE4YjUzMjYwOTc5
-    NjVmOGVjYTJhYThmYjZkZDYxNmIzYzk5N2I2NTVhMzhiZDcxMjA=
+    MGI5ZTA1NDAyNGJiMGM3ODdlMmU3M2VlZGRlODAwN2MwNmM0YzIzZjllM2Qw
+    ZjBlM2RjMzc5ODZhNDYwNTk2MTgwN2NmOTJiNWJjYmFlZjI2YTM0YjNlMzc2
+    MWEwZWYwMDI5YjFiNmUyM2I5ODY1NWE2OTY0Y2M5NTY5ODBjMDA=
   data.tar.gz: !binary |-
-    NWY4ZjI4NTllZTViYzZlYzZmNDhjNzMzYzgxNjY1YjU1OWUyNzcwMmM3OWFi
-    N2FjZGU4ZTc2OGUxOWVlYWNlMjlmY2I1ZmI4YzBlMjZkZThlZjkxMzIwYTli
-    ZWU4YzIxYzI4MDAyNGFjYmNiOWFhNDIxZTJjYTE4YjlmN2NjMGE=
+    MWVmZTJlYTRmZDk3NjdjOWNmYjY0MGZhYzM3ODhiMjRhZGJkN2Q0ZDEzODQ5
+    MzI0ZjkwNzMwYTllZjVlNmVjMWJjZWUxOThlMTg2OWUxZDhmOGJhZjlkODc0
+    OTA3ZmZjODRiYTYxMTQwNjY3YjE3NWQwODBjYWYyYTZhNTJkYzc=

data/LICENSE.md

@@ -1,6 +1,6 @@
 The MIT License (MIT)
 
-Copyright (c) 2015-2016 Brendan Coles <bcoles@gmail.com>
+Copyright (c) 2015-2017 Brendan Coles <bcoles@gmail.com>
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

data/README.md

@@ -1,7 +1,7 @@
 # SSRF Proxy
 
 <a href="https://github.com/bcoles/ssrf_proxy" target="_blank">
-  <img src="https://img.shields.io/badge/version-0.0.3-brightgreen.svg"/>
+  <img alt="Version 0.0.4" src="https://img.shields.io/badge/version-0.0.4-brightgreen.svg"/>
 </a>
 <a href="https://travis-ci.org/bcoles-ci/ssrf_proxy" target="_blank">
   <img src="https://api.travis-ci.org/bcoles-ci/ssrf_proxy.svg?branch=master"/>
@@ -22,12 +22,13 @@
   <img src="https://inch-ci.org/github/bcoles/ssrf_proxy.svg?branch=master"/>
 </a>
 <a href="https://github.com/bcoles/ssrf_proxy/blob/master/LICENSE.md" target="_blank">
-  <img src="https://img.shields.io/badge/license-MIT-brightgreen.svg"/>
+  <img alt="MIT License" src="https://img.shields.io/badge/license-MIT-brightgreen.svg"/>
 </a>
 
+
 **SSRF Proxy** is a multi-threaded HTTP proxy server designed
 to tunnel client HTTP traffic through HTTP servers vulnerable
-to HTTP Server-Side Request Forgery (SSRF).
+to Server-Side Request Forgery (SSRF).
 
 Once configured, SSRF Proxy attempts to format client HTTP
 requests appropriately for the vulnerable server. Likewise,
@@ -35,8 +36,8 @@ the server's response is parsed and formatted for the client.
 
 By correctly formatting the client request and stripping
 unwanted junk from the response it is possible to use
-SSRF Proxy as a HTTP proxy for web browsers and scanning
-tools such as sqlmap and nikto.
+SSRF Proxy as a HTTP proxy for web browsers, proxychains,
+and scanning tools such as sqlmap, nmap, dirb and nikto.
 
 SSRF Proxy also assists with leveraging blind SSRF
 vulnerabilities to perform time-based attacks, such
@@ -45,7 +46,11 @@ as blind time-based SQL injection with sqlmap.
 <table>
   <tr>
     <th>Version</th>
-    <td>0.0.3</td>
+    <td>
+      <a href="https://github.com/bcoles/ssrf_proxy" target="_blank">
+        <img alt="Version 0.0.4" src="https://img.shields.io/badge/version-0.0.4-brightgreen.svg"/>
+      </a>
+    </td>
   </tr>
   <tr>
     <th>Github</th>
@@ -55,7 +60,9 @@ as blind time-based SQL injection with sqlmap.
   </tr>
   <tr>
     <th>Wiki</th>
-    <td><a href="https://github.com/bcoles/ssrf_proxy/wiki">https://github.com/bcoles/ssrf_proxy/wiki</a></td>
+    <td>
+      <a href="https://github.com/bcoles/ssrf_proxy/wiki">https://github.com/bcoles/ssrf_proxy/wiki</a>
+    </td>
   </tr>
   <tr>
     <th>Documentation</th>
@@ -69,18 +76,22 @@ as blind time-based SQL injection with sqlmap.
   </tr>
   <tr>
     <th>Copyright</th>
-    <td>2015-2016 Brendan Coles</td>
+    <td>2015-2017 Brendan Coles</td>
   </tr>
   <tr>
     <th>License</th>
-    <td>MIT - (see <a href="https://github.com/bcoles/ssrf_proxy/blob/master/LICENSE.md">LICENSE.md</a> file)</td>
+    <td>
+      <a href="https://github.com/bcoles/ssrf_proxy/blob/master/LICENSE.md" target="_blank">
+        <img alt="MIT License" src="https://img.shields.io/badge/license-MIT-brightgreen.svg"/>
+      </a>
+    </td>
   </tr>
 </table>
 
 
 ## Requirements
 
-Ruby 1.9.3 or newer
+Ruby 2.2.2 or newer.
 
 Ruby Gems:
 
@@ -92,6 +103,7 @@ Ruby Gems:
 - base32
 - htmlentities
 - socksify
+- mimemagic
 
 ## Installation
 
@@ -107,24 +119,34 @@ Example: ssrf-proxy -u http://target/?url=xxURLxx
 Options:
 
    -h, --help             Help
+       --version          Display version
+
+  Output options:
    -v, --verbose          Verbose output
    -d, --debug            Debugging output
+       --no-color         Disable colored output
 
   Server options:
    -p, --port=PORT        Listen port (Default: 8081)
        --interface=IP     Listen interface (Default: 127.0.0.1)
 
   SSRF request options:
-   -u, --url=URL          SSRF URL with 'xxURLxx' placeholder
-       --method=METHOD    HTTP method (GET/HEAD/DELETE/POST/PUT)
+   -u, --url=URL          Target URL vulnerable to SSRF.
+   -f, --file=FILE        Load HTTP request from a file.
+       --placeholder=STR  Placeholder indicating SSRF insertion point.
+                          (Default: xxURLxx)
+       --method=METHOD    HTTP method (GET/HEAD/DELETE/POST/PUT/OPTIONS)
                           (Default: GET)
        --post-data=DATA   HTTP post data
        --cookie=COOKIE    HTTP cookies (separated by ';')
-       --user-agent=AGENT HTTP user-agent (Default: Mozilla/5.0)
-       --rules=RULES      Rules for parsing client request for xxURLxx
+       --user=USER[:PASS] HTTP basic authentication credentials.
+       --user-agent=AGENT HTTP user-agent (Default: none)
+       --rules=RULES      Rules for parsing client request
                           (separated by ',') (Default: none)
+       --no-urlencode     Do not URL encode client request
 
   SSRF connection options:
+       --ssl              Connect using SSL/TLS.
        --proxy=PROXY      Use a proxy to connect to the server.
                           (Supported proxies: http, https, socks)
        --insecure         Skip server SSL certificate validation.
@@ -136,83 +158,85 @@ Options:
        --strip=HEADERS    Headers to remove from the response.
                           (separated by ',') (Default: none)
        --decode-html      Decode HTML entities in response body.
+       --unescape         Unescape special characters in response body.
        --guess-status     Replaces response status code and message
                           headers (determined by common strings in the
                           response body, such as 404 Not Found.)
        --guess-mime       Replaces response content-type header with the
                           appropriate mime type (determined by the file
                           extension of the requested resource.)
-       --ask-password     Prompt for password on authentication failure.
-                          Adds a 'WWW-Authenticate' HTTP header to the
-                          response if the response code is 401.
+       --sniff-mime       Replaces response content-type header with the
+                          appropriate mime type (determined by magic bytes
+                          in the response body.)
+       --timeout-ok       Replaces timeout HTTP status code 504 with 200.
+       --detect-headers   Replaces response headers if response headers
+                          are identified in the response body.
+       --fail-no-content  Return HTTP status 502 if the response body
+                          is empty.
+       --cors             Adds a 'Access-Control-Allow-Origin: *' header.
 
   Client request modification:
-       --forward-cookies  Forward client HTTP cookies through proxy to
-                          SSRF server.
-       --cookies-to-uri   Add client request cookies to URI query.
-       --body-to-uri      Add client request body to URI query.
+       --forward-method   Forward client request method.
+       --forward-headers  Forward all client request headers.
+       --forward-body     Forward client request body.
+       --forward-cookies  Forward client request cookies.
+       --cookies-to-uri   Add client request cookies to URI query string.
+       --body-to-uri      Add client request body to URI query string.
        --auth-to-uri      Use client request basic authentication
                           credentials in request URI.
        --ip-encoding=MODE Encode client request host IP address.
                           (Modes: int, ipv6, oct, hex, dotted_hex)
-
+       --cache-buster     Append a random value to the client request
+                          query string.
 
 ```
 
 
 ## Usage (ruby)
 
-First, create a new SSRFProxy::HTTP object:
+Load the ```ssrf_proxy``` library:
 
+```ruby
+  require 'ssrf_proxy'
 ```
-  # SSRF URL with 'xxURLxx' placeholder
-  url = 'http://example.local/index.php?url=xxURLxx'
-  # options
-  opts = {
-    'proxy'          => '',
-    'method'         => 'GET',
-    'post_data'      => '',
-    'rules'          => '',
-    'ip_encoding'    => '',
-    'match'          => "\\A(.+)\\z",
-    'strip'          => '',
-    'decode_html'    => false,
-    'guess_mime'     => false,
-    'guess_status'   => false,
-    'ask_password'   => false,
-    'forward_cookies'=> false,
-    'body_to_uri'    => false,
-    'auth_to_uri'    => false,
-    'cookies_to_uri' => false,
-    'cookie'         => '',
-    'timeout'        => 10,
-    'user_agent'     => 'Mozilla/5.0',
-    'insecure'       => false
-  }
-  # create SSRFProxy::HTTP object
-  ssrf = SSRFProxy::HTTP.new(url, opts)
-  # set log level (optional)
-  ssrf.logger.level = Logger::DEBUG
-```
 
-Then send HTTP requests via the SSRF:
+Initialize the `SSRFProxy::HTTP` object:
+
+```ruby
+  # Initialize with a URL containing 'xxURLxx' placeholder
+  ssrf = SSRFProxy::HTTP.new(url: 'http://example.local/?url=xxURLxx')
+
+  # Or, provide the placeholder elsewhere in the request
+  ssrf = SSRFProxy::HTTP.new(url: 'http://example.local/', method: 'POST', post_data: 'xxURLxx')
+
+  # Alternatively, the object can be initialized
+  # with a file containing a raw HTTP request:
+  ssrf = SSRFProxy::HTTP.new(file: 'ssrf.txt')
 
+  # Or, initialized with a StringIO object containing a raw HTTP request:
+  http = StringIO.new("GET http://example.local/?url=xxURLxx HTTP/1.1\n\n")
+  ssrf = SSRFProxy::HTTP.new(file: http)
 ```
-  # fetch http://127.0.0.1/ via SSRF by String
-  uri = 'http://127.0.0.1/'
-  ssrf.send_uri(uri)
 
+Refer to the documentation for additional configuration options.
 
-  # fetch http://127.0.0.1/ via SSRF by URI
-  uri = URI.parse('http://127.0.0.1/')
-  ssrf.send_uri(uri)
+Once initialized, the `SSRFProxy::HTTP` object can be used to send HTTP
+requests via the SSRF using the ```send_uri``` and ```send_request``` methods.
 
+```ruby
+  # GET via SSRF
+  ssrf.send_uri('http://127.0.0.1/')
 
-  # fetch http://127.0.0.1/ via SSRF using a raw HTTP request
-  http = "GET http://127.0.0.1/ HTTP/1.1\n\n"
-  ssrf.send_request(http)
+  # POST via SSRF
+  ssrf.send_uri('http://127.0.0.1/', method: 'POST', headers: {}, body: '')
+
+  # GET via SSRF (using a raw HTTP request)
+  ssrf.send_request("GET http://127.0.0.1/ HTTP/1.1\n\n")
 ```
 
+Refer to the documentation for additional request options.
+
+
 ## Documentation
 
 Refer to the wiki for more information and example usage:
@@ -220,3 +244,4 @@ https://github.com/bcoles/ssrf_proxy/wiki
 
 Refer to RubyDoc for code documentation:
 http://www.rubydoc.info/github/bcoles/ssrf_proxy
+

data/bin/console

@@ -1,24 +1,26 @@
 #!/usr/bin/env ruby
 #
-# Copyright (c) 2015-2016 Brendan Coles <bcoles@gmail.com>
+# Copyright (c) 2015-2017 Brendan Coles <bcoles@gmail.com>
 # SSRF Proxy - https://github.com/bcoles/ssrf_proxy
 # See the file 'LICENSE.md' for copying permission
 #
 
 require 'irb'
 require 'irb/completion'
+require 'ssrf_proxy'
 
 begin
-  puts "\n_________________________________________________________\n"
-  puts SSRFProxy::BANNER
+  puts "\n_________________________________________________________".blue
+  puts SSRFProxy::BANNER.blue
   puts "\n                    SSRF Proxy v#{SSRFProxy::VERSION}"
   puts "          https://github.com/bcoles/ssrf_proxy\n"
-  puts "\n_________________________________________________________\n\n"
+  puts "\n_________________________________________________________\n".blue
 
-  puts "SSRFProxy[#{SSRFProxy::VERSION}], " \
-       "Ruby[#{RUBY_VERSION}], " \
-       "Platform[#{RUBY_PLATFORM}]"
+  puts "SSRFProxy[#{SSRFProxy::VERSION.yellow}], " \
+       "Ruby[#{RUBY_VERSION.yellow}], " \
+       "Platform[#{RUBY_PLATFORM.yellow}]"
+  puts
 rescue => e
-  puts "Error: Could not load SSRFProxy: #{e.message}"
+  puts "Error: Could not load SSRF Proxy: #{e.message}"
 end
 IRB.start

data/bin/ssrf-proxy

@@ -1,6 +1,6 @@
 #!/usr/bin/env ruby
 #
-# Copyright (c) 2015-2016 Brendan Coles <bcoles@gmail.com>
+# Copyright (c) 2015-2017 Brendan Coles <bcoles@gmail.com>
 # SSRF Proxy - https://github.com/bcoles/ssrf_proxy
 # See the file 'LICENSE.md' for copying permission
 #
@@ -22,29 +22,40 @@ end
 # @note output usage
 #
 def usage
+  banner
   puts 'Usage:   ssrf-proxy [options] -u <SSRF URL>'
   puts 'Example: ssrf-proxy -u http://target/?url=xxURLxx'
   puts 'Options:'
   puts "
    -h, --help             Help
+       --version          Display version
+
+  Output options:
    -v, --verbose          Verbose output
    -d, --debug            Debugging output
+       --no-color         Disable colored output
 
   Server options:
    -p, --port=PORT        Listen port (Default: 8081)
        --interface=IP     Listen interface (Default: 127.0.0.1)
 
   SSRF request options:
-   -u, --url=URL          SSRF URL with 'xxURLxx' placeholder
-       --method=METHOD    HTTP method (GET/HEAD/DELETE/POST/PUT)
+   -u, --url=URL          Target URL vulnerable to SSRF.
+   -f, --file=FILE        Load HTTP request from a file.
+       --placeholder=STR  Placeholder indicating SSRF insertion point.
+                          (Default: xxURLxx)
+       --method=METHOD    HTTP method (GET/HEAD/DELETE/POST/PUT/OPTIONS)
                           (Default: GET)
        --post-data=DATA   HTTP post data
        --cookie=COOKIE    HTTP cookies (separated by ';')
-       --user-agent=AGENT HTTP user-agent (Default: Mozilla/5.0)
-       --rules=RULES      Rules for parsing client request for xxURLxx
+       --user=USER[:PASS] HTTP basic authentication credentials.
+       --user-agent=AGENT HTTP user-agent (Default: none)
+       --rules=RULES      Rules for parsing client request
                           (separated by ',') (Default: none)
+       --no-urlencode     Do not URL encode client request
 
   SSRF connection options:
+       --ssl              Connect using SSL/TLS.
        --proxy=PROXY      Use a proxy to connect to the server.
                           (Supported proxies: http, https, socks)
        --insecure         Skip server SSL certificate validation.
@@ -56,25 +67,36 @@ def usage
        --strip=HEADERS    Headers to remove from the response.
                           (separated by ',') (Default: none)
        --decode-html      Decode HTML entities in response body.
+       --unescape         Unescape special characters in response body.
        --guess-status     Replaces response status code and message
                           headers (determined by common strings in the
                           response body, such as 404 Not Found.)
        --guess-mime       Replaces response content-type header with the
                           appropriate mime type (determined by the file
                           extension of the requested resource.)
-       --ask-password     Prompt for password on authentication failure.
-                          Adds a 'WWW-Authenticate' HTTP header to the
-                          response if the response code is 401.
+       --sniff-mime       Replaces response content-type header with the
+                          appropriate mime type (determined by magic bytes
+                          in the response body.)
+       --timeout-ok       Replaces timeout HTTP status code 504 with 200.
+       --detect-headers   Replaces response headers if response headers
+                          are identified in the response body.
+       --fail-no-content  Return HTTP status 502 if the response body
+                          is empty.
+       --cors             Adds a 'Access-Control-Allow-Origin: *' header.
 
   Client request modification:
-       --forward-cookies  Forward client HTTP cookies through proxy to
-                          SSRF server.
-       --cookies-to-uri   Add client request cookies to URI query.
-       --body-to-uri      Add client request body to URI query.
+       --forward-method   Forward client request method.
+       --forward-headers  Forward all client request headers.
+       --forward-body     Forward client request body.
+       --forward-cookies  Forward client request cookies.
+       --cookies-to-uri   Add client request cookies to URI query string.
+       --body-to-uri      Add client request body to URI query string.
        --auth-to-uri      Use client request basic authentication
                           credentials in request URI.
        --ip-encoding=MODE Encode client request host IP address.
                           (Modes: int, ipv6, oct, hex, dotted_hex)
+       --cache-buster     Append a random value to the client request
+                          query string.
 
 "
   exit 1
@@ -87,34 +109,52 @@ def start_server
   # get args
   opts = GetoptLong.new(
     ['-h', '--help',      GetoptLong::NO_ARGUMENT],
+    ['--version',         GetoptLong::NO_ARGUMENT],
+
     ['-v', '--verbose',   GetoptLong::NO_ARGUMENT],
     ['-d', '--debug',     GetoptLong::NO_ARGUMENT],
+    ['--no-color',        GetoptLong::NO_ARGUMENT],
 
     ['-p', '--port',      GetoptLong::REQUIRED_ARGUMENT],
     ['--interface',       GetoptLong::REQUIRED_ARGUMENT],
-    ['--proxy',           GetoptLong::REQUIRED_ARGUMENT],
 
     ['-u', '--url',       GetoptLong::REQUIRED_ARGUMENT],
+    ['-f', '--file',      GetoptLong::REQUIRED_ARGUMENT],
+    ['--placeholder',     GetoptLong::REQUIRED_ARGUMENT],
     ['--method',          GetoptLong::REQUIRED_ARGUMENT],
     ['--post-data',       GetoptLong::REQUIRED_ARGUMENT],
     ['--cookie',          GetoptLong::REQUIRED_ARGUMENT],
+    ['--user',            GetoptLong::REQUIRED_ARGUMENT],
     ['--user-agent',      GetoptLong::REQUIRED_ARGUMENT],
+
+    ['--ssl',             GetoptLong::NO_ARGUMENT],
+    ['--proxy',           GetoptLong::REQUIRED_ARGUMENT],
     ['--insecure',        GetoptLong::NO_ARGUMENT],
     ['--timeout',         GetoptLong::REQUIRED_ARGUMENT],
 
-    ['--ip-encoding',     GetoptLong::REQUIRED_ARGUMENT],
     ['--rules',           GetoptLong::REQUIRED_ARGUMENT],
+    ['--no-urlencode',    GetoptLong::NO_ARGUMENT],
+    ['--forward-method',  GetoptLong::NO_ARGUMENT],
+    ['--forward-headers', GetoptLong::NO_ARGUMENT],
+    ['--forward-body',    GetoptLong::NO_ARGUMENT],
     ['--forward-cookies', GetoptLong::NO_ARGUMENT],
+    ['--cookies-to-uri',  GetoptLong::NO_ARGUMENT],
     ['--body-to-uri',     GetoptLong::NO_ARGUMENT],
     ['--auth-to-uri',     GetoptLong::NO_ARGUMENT],
-    ['--cookies-to-uri',  GetoptLong::NO_ARGUMENT],
+    ['--cache-buster',    GetoptLong::NO_ARGUMENT],
+    ['--ip-encoding',     GetoptLong::REQUIRED_ARGUMENT],
 
     ['--match',           GetoptLong::REQUIRED_ARGUMENT],
     ['--strip',           GetoptLong::REQUIRED_ARGUMENT],
     ['--decode-html',     GetoptLong::NO_ARGUMENT],
+    ['--unescape',        GetoptLong::NO_ARGUMENT],
     ['--guess-status',    GetoptLong::NO_ARGUMENT],
     ['--guess-mime',      GetoptLong::NO_ARGUMENT],
-    ['--ask-password',    GetoptLong::NO_ARGUMENT]
+    ['--sniff-mime',      GetoptLong::NO_ARGUMENT],
+    ['--cors',            GetoptLong::NO_ARGUMENT],
+    ['--detect-headers',  GetoptLong::NO_ARGUMENT],
+    ['--fail-no-content', GetoptLong::NO_ARGUMENT],
+    ['--timeout-ok',      GetoptLong::NO_ARGUMENT]
   )
 
   # local proxy server defaults
@@ -123,114 +163,188 @@ def start_server
 
   # ssrf defaults
   url = nil
-  rules = ''
-  ip_encoding = ''
+  file = nil
+  rules = nil
+  ip_encoding = nil
+  placeholder = 'xxURLxx'
   method = 'GET'
-  post_data = ''
+  post_data = nil
   match = '\\A(.*)\\z'
-  strip = ''
+  strip = nil
+  no_urlencode = false
   decode_html = false
+  unescape = false
   guess_status = false
   guess_mime = false
-  ask_password = false
+  sniff_mime = false
+  cors = false
+  timeout_ok = false
+  detect_headers = false
+  fail_no_content = false
+  forward_method = false
+  forward_headers = false
+  forward_body = false
   forward_cookies = false
   body_to_uri = false
   auth_to_uri = false
   cookies_to_uri = false
+  cache_buster = false
 
   # http connection defaults
-  cookie = ''
+  cookie = nil
+  user = nil
   timeout = 10
+  ssl = false
   upstream_proxy = nil
-  user_agent = 'Mozilla/5.0'
+  user_agent = nil
   insecure = false
 
   # logging
   log_level = ::Logger::WARN
 
   # handle args
-  opts.each do |opt, arg|
-    case opt
-    when '-p', '--port'
-      port = arg
-    when '--interface'
-      interface = arg
-    when '-u', '--url'
-      url = arg
-    when '--ip-encoding'
-      ip_encoding = arg
-    when '--rules'
-      rules = arg
-    when '--proxy'
-      upstream_proxy = URI.parse(arg)
-    when '--cookie'
-      cookie = arg
-    when '--timeout'
-      timeout = arg.to_i
-    when '--user-agent'
-      user_agent = arg
-    when '--insecure'
-      insecure = true
-    when '--method'
-      method = arg
-    when '--post-data'
-      post_data = arg
-    when '--match'
-      match = arg
-    when '--strip'
-      strip = arg
-    when '--decode-html'
-      decode_html = true
-    when '--guess-status'
-      guess_status = true
-    when '--guess-mime'
-      guess_mime = true
-    when '--ask-password'
-      ask_password = true
-    when '--forward-cookies'
-      forward_cookies = true
-    when '--body-to-uri'
-      body_to_uri = true
-    when '--auth-to-uri'
-      auth_to_uri = true
-    when '--cookies-to-uri'
-      cookies_to_uri = true
-    when '-h', '--help'
-      usage
-    when '-v', '--verbose'
-      log_level = ::Logger::INFO unless log_level == ::Logger::DEBUG
-    when '-d', '--debug'
-      log_level = ::Logger::DEBUG
+  begin
+    opts.each do |opt, arg|
+      case opt
+      when '-p', '--port'
+        port = arg
+      when '--interface'
+        interface = arg
+      when '-u', '--url'
+        url = arg
+      when '-f', '--file'
+        file = arg
+      when '--ip-encoding'
+        ip_encoding = arg
+      when '--rules'
+        rules = arg
+      when '--no-urlencode'
+        no_urlencode = true
+      when '--ssl'
+        ssl = true
+      when '--proxy'
+        upstream_proxy = URI.parse(arg)
+      when '--cookie'
+        cookie = arg
+      when '--user'
+        user = arg
+      when '--timeout'
+        timeout = arg.to_i
+      when '--user-agent'
+        user_agent = arg
+      when '--insecure'
+        insecure = true
+      when '--placeholder'
+        placeholder = arg
+      when '--method'
+        method = arg
+      when '--post-data'
+        post_data = arg
+      when '--match'
+        match = arg
+      when '--strip'
+        strip = arg
+      when '--decode-html'
+        decode_html = true
+      when '--unescape'
+        unescape = true
+      when '--guess-status'
+        guess_status = true
+      when '--guess-mime'
+        guess_mime = true
+      when '--sniff-mime'
+        sniff_mime = true
+      when '--cors'
+        cors = true
+      when '--timeout-ok'
+        timeout_ok = true
+      when '--detect-headers'
+        detect_headers = true
+      when '--fail-no-content'
+        fail_no_content = true
+      when '--forward-method'
+        forward_method = true
+      when '--forward-headers'
+        forward_headers = true
+      when '--forward-body'
+        forward_body = true
+      when '--forward-cookies'
+        forward_cookies = true
+      when '--body-to-uri'
+        body_to_uri = true
+      when '--auth-to-uri'
+        auth_to_uri = true
+      when '--cookies-to-uri'
+        cookies_to_uri = true
+      when '--cache-buster'
+        cache_buster = true
+      when '-h', '--help'
+        usage
+      when '-v', '--verbose'
+        log_level = ::Logger::INFO unless log_level == ::Logger::DEBUG
+      when '-d', '--debug'
+        log_level = ::Logger::DEBUG
+      when '--no-color'
+        String.disable_colorization = true
+      when '--version'
+        puts "SSRF Proxy v#{SSRFProxy::VERSION}"
+        exit
+      end
     end
+  rescue GetoptLong::InvalidOption, GetoptLong::MissingArgument
+    puts "Error: Invalid usage. Try '#{$PROGRAM_NAME} --help' for usage information."
+    exit 1
   end
 
   opts = {
-    'proxy'           => upstream_proxy.to_s,
-    'method'          => method.to_s,
-    'post_data'       => post_data.to_s,
-    'rules'           => rules.to_s,
-    'ip_encoding'     => ip_encoding.to_s,
-    'match'           => match.to_s,
-    'strip'           => strip.to_s,
-    'decode_html'     => decode_html,
-    'guess_mime'      => guess_mime,
-    'guess_status'    => guess_status,
-    'ask_password'    => ask_password,
-    'forward_cookies' => forward_cookies,
-    'body_to_uri'     => body_to_uri,
-    'auth_to_uri'     => auth_to_uri,
-    'cookies_to_uri'  => cookies_to_uri,
-    'cookie'          => cookie.to_s,
-    'timeout'         => timeout.to_s,
-    'user_agent'      => user_agent.to_s,
-    'insecure'        => insecure.to_s
+    url:              url,
+    file:             file,
+    proxy:            upstream_proxy,
+    ssl:              ssl,
+    method:           method,
+    placeholder:      placeholder,
+    post_data:        post_data,
+    rules:            rules,
+    no_urlencode:     no_urlencode,
+    ip_encoding:      ip_encoding,
+    match:            match,
+    strip:            strip,
+    decode_html:      decode_html,
+    unescape:         unescape,
+    guess_mime:       guess_mime,
+    sniff_mime:       sniff_mime,
+    guess_status:     guess_status,
+    cors:             cors,
+    timeout_ok:       timeout_ok,
+    detect_headers:   detect_headers,
+    fail_no_content:  fail_no_content,
+    forward_method:   forward_method,
+    forward_headers:  forward_headers,
+    forward_body:     forward_body,
+    forward_cookies:  forward_cookies,
+    body_to_uri:      body_to_uri,
+    auth_to_uri:      auth_to_uri,
+    cookies_to_uri:   cookies_to_uri,
+    cache_buster:     cache_buster,
+    cookie:           cookie,
+    user:             user,
+    timeout:          timeout,
+    user_agent:       user_agent,
+    insecure:         insecure
   }
 
-  # setup ssrf
-  ssrf = SSRFProxy::HTTP.new(url, opts)
-  ssrf.logger.level = log_level
-  # start server
   begin
+    banner
+
+    %w[INT QUIT TERM].each do |s|
+      Signal.trap(s) { exit }
+    end
+
+    # setup ssrf
+    ssrf = SSRFProxy::HTTP.new(opts)
+    ssrf.logger.level = log_level
+
+    # start server
     ssrf_proxy = SSRFProxy::Server.new(ssrf, interface, port)
     ssrf_proxy.logger.level = log_level
     ssrf_proxy.serve
@@ -239,6 +353,5 @@ def start_server
   end
 end
 
-banner
 usage if ARGV.empty?
 start_server