Proxying Your First Request with Marasi
By default, Marasi starts a proxy listener on 127.0.0.1:8080 and automatically opens a persistent scratchpad project.
You can change the listener address and port by clicking the listener button, or pressing ⌘/Ctrl+L.
Tips
- If
scratchpad.marasiis not detected, Marasi will automatically create it on launch. - If the listener fails to start, a red dot will appear to indicate something prevented it from listening on that configuration..
Some of the common issues may be:
-
The port is already in use by another process.
-
Insufficient privileges to bind on this port or interface (try a higher port number).
If you’ve just started Marasi, you will be greeted with the dashboard screen after going through the onboarding guide.
Option 1: Using the preconfigured Chrome browser
One of the easiest ways to start seeing your traffic on Marasi is to use the preconfigured Chrome browser.
- Click the Start Chrome button in Marasi
- Browse normally and watch the traffic as it appears in the Ledger view
The preconfigured browser uses the following flags to setup the automatic proxying:
-
--user-data-dirto specify the custom Chrome profile path. -
--proxy-serverto automatically set the proxy address and port. -
--ignore-certificate-errors-spki-listto ignore TLS errors only for whitelisted SPKI hashes. -
chrome.go contains the remaining flags used.
Option 2: Proxying different clients
Proxying other clients depends on your OS or browser. You will be able to get the Marasi certificate with one of these options:
- Configure your client to proxy through Marasi and visit
http://marasi.cert. - Press ⌘/Ctrl+D to download the certificate
- Press ⌘/Ctrl+, to copy the certificate
- Press the Download Certificate button on the dashboard
Once the certificate is downloaded, ensure it is added to the required certificate store.
Marasi can be used as an invisible proxy for clients that are not proxy-aware.
Application Data Directory
The default application directory will depend on your OS:
| OS | Location |
|---|---|
| Windows | %AppData%\Marasi |
| macOS | ~/Library/Application Support/Marasi |
| Linux | ~/.config/Marasi |
Inside the application directory, you will find your projects, proxy certificates, configurations and default test cases.
├── chrome-profile
├── config.yaml
├── marasi_appconfig.yaml
├── marasi_cert.pem
├── marasi_config.yaml
├── marasi_key.pem
├── scratchpad.marasi
└── test_cases.ymlFor now we will only be working with the certificates and the scratchpad project
Next Steps
Now that you are capturing traffic in Marasi, you can start using some of the other features.
Note: Documentation for the following is being developed:
- Using the Compass to define your scope: Configure include/exclude rules and define your testing boundaries.
- Intercept and modify traffic with Checkpoint: Pause in-flight traffic, modify the contents and forward them through Marasi.
- Replay and iterate requests with Launchpad: Tweak and iterate on requests for manual testing.
- Track your findings and test cases with Logbook: Document and write-up your findings and test cases .
- Supercharge your testing with Lua in the Workshop: Write custom Lua scripts to perform complex tests and extend the Marasi GUI.
- Navigating with the Marasi Menu and Keyboard Shortcuts: Speed up your testing by leveraging the global menu and hotkeys.
- Define host overrides with Waypoints: Map specific domains to custom IP addresses.
- Other Settings: Modify Marasi’s default settings, toggle options and add custom Chrome paths.