From Collaborative RCE Tool Library

Jump to: navigation, search

Network Proxy Tools


Tool name: Burp Suite
Rating: 5.0 (2 votes)
Author: PortSwigger                        
Website: http://www.portswigger.net/suite/
Current version: 1.1
Last updated:
Direct D/L link: http://portswigger.net/suite/download.html
License type: Free / Open Source
Description: Burp Suite is an integrated platform for attacking web applications. It contains all of the Burp tools with numerous interfaces between them designed to facilitate and speed up the process of attacking an application. All tools share the same robust framework for handling HTTP requests, authentication, downstream proxies, logging, alerting and extensibility.

Burp Suite allows you to combine manual and automated techniques to enumerate, analyse, attack and exploit web applications. The various Burp tools work together effectively to share information and allow findings identified within one tool to form the basis of an attack using another.

Key features unique to Burp Suite include:

* Ability to "passively" spider an application in a non-intrusive manner, with all requests originating from the user's browser.
* One-click transfer of interesting requests between tools, e.g. from the Burp Proxy request history, or the Burp Spider results tree.
* Detailed analysis and rendering of requests and responses.
* Extensibility via the IBurpExtender interface, which allows third-party code to extend the functionality of Burp Suite. Data processed by one tool can be used in arbitrary ways to affect the behaviour and results of other tools.
* Centrally configured settings for downstream proxies, web and proxy authentication, and logging.
* Tools can run in a single tabbed window, or be detached in individual windows.
* All tool and suite configuration is optionally persistent across program loads.
* Runs in both Linux and Windows.

New features in version 1.1 include:

* Improved analysis of HTTP requests and responses wherever they appear, with browser-quality HTML and media rendering.
* Burp Sequencer, a new tool for analysing session token randomness.
* Burp Decoder, a new tool for performing manual and intelligent decoding and encoding of application data.
* Burp Comparer, a new utility for performing a visual diff of any two data items.
* Support for custom client and server SSL certificates.
* Ability to follow 3xx redirects in Burp Intruder and Repeater attacks.
* Improved interception and match-and-replace rules in Burp Proxy.
* A "lean mode", for users who prefer less functionality and a smaller resource footprint.

Burp Suite is a Java application, and runs on any platform for which a Java Runtime Environment is available. It requires version 1.5 or later. The JRE can be obtained for free from java.sun.com.
Also listed in: Web Application Tools, HTTP Proxy Tools, SSL Proxy Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Interactive TCP Relay
Rating: 0.0 (0 votes)
Author: WebCohort                        
Website: http://download.cnet.com/Interactive-TCP-Relay/3000-2383_4-10239124.html
Current version: 1.0
Last updated: February 12, 2003
Direct D/L link: Locally archived copy
License type: Free
Description: This application security test tool gives developers an environment for testing non-HTTP Client/Server applications, similar to that provided by interactive HTTP proxies. When started, ITR operates as a simple TCP tunnel, listening on a specific port, and forwarding all the traffic to the remote host and port. By configuring the client to treat the ITR as its server, all traffic between a client and a server can be tunneled and logged. The true power of ITR, however, lies in its ability to intercept and edit the traffic passing through it. When invoking intercept mode, the ITR stops every message sent through it (client to server and/or server to client). The traffic can then be edited freely using a built-in hex Editor, providing a comfortable environment for testing Client/Server applications. To provide support and compatibility for various systems, the ITR can operate both its logs and hex editor using different types of character encoding, such as ASCII or EBCDIC.
Also listed in: TCP Proxy Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Malcode Analysis Pack
Rating: 0.0 (0 votes)
Author: David Zimmer (iDefense Labs)                        
Website: http://sandsprite.com/blogs/index.php?uid=7&pid=185
Current version:
Last updated: May 5, 2012
Direct D/L link: http://sandsprite.com/CodeStuff/map_setup.exe
License type: GPL2
Description: Update: This is no longer available through the iDefense website. An updated package has been made available by the author.

The Malcode Analyst Pack contains a series of utilities that were found to be necessary tools while doing rapid malcode analysis.

Included in this package are:

• ShellExt - 5 explorer shell extensions
• socketTool - manual TCP Client for probing functionality.
• MailPot - mail server capture pot
• fakeDNS - spoofs dns responses to controlled ip's
• sniff_hit - HTTP, IRC, and DNS sniffer
• sclog - Shellcode research and analysis application
• IDCDumpFix - aids in quick RE of packed applications
• Shellcode2Exe - embeds multiple shellcode formats in exe husk
• GdiProcs - detect hidden processes
• finddll - scan processes for loaded dll by name
• Virustotal - virus reports for single and bulk hash lookups. Explorer integration
Also listed in: API Monitoring Tools, Import Editors, Malware Analysis Tools, Network Sniffers, Network Tools, Process Monitoring Tools, Reverse Engineering Frameworks, TCP Proxy Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Matasano Port Forwarding Interceptor
Rating: 0.0 (0 votes)
Author: Matasano / s7ephen                        
Website: http://github.com/s7ephen/projects/tree/master
Current version:
Last updated: May 22, 2009
Direct D/L link: Locally archived copy
License type: Free / Open Source
Description: Do you ever find yourself on a reversing or pen-testing project with the need to peek into a TCP stream and modify a little bit of data?

Do you find yourself annoyed, feeling that you’ve hacked together code to do this many times before, but simply can’t find it?

Do you find yourself hobbling together other tools to do what you need? Do you find yourself wishing you had a Burp for raw TCP connections?

No MORE! Using Matasano’s Port Forwarding Interceptor you have the tool you need right at your fingertips!
Also listed in: TCP Proxy Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: MitM-VM + Trudy
Rating: 0.0 (0 votes)
Author: Kelby Ludwig / Praetorian                        
Website: https://www.praetorian.com/blog/trudy-a-dead-simple-tcp-intercepting-proxy-mitm-vm
Current version:
Last updated: January 28, 2016
Direct D/L link: N/A
License type: Free / Open source
Description: MitM-VM is a Vagrant virtual machine that can be used as a transparent proxy. For those who have not used Vagrant, deploying the virtual machine is very straightforward and the virtual machine will be configured to handle most proxying situations. A simplistic motivating example: before MitM-VM, I often used an OpenWRT router with tcpdump (or similar) to monitor the traffic of my target device. This works well in most cases, but suffers from two major issues: first, routers are equipped with inferior hardware when compared to my laptop; second, I now have two pieces of hardware to manage. MitM-VM can be configured to provide the same functionality as my multi-hardware setup. Aside from the added benefit of less physical hardware and better specifications, I now also have a fully-featured Debian box to handle my traffic. (I still love OpenWRT though!)

MitM-VM also installs and configures several utilities that can be used to monitor or modify traffic. MitM-VM’s documentation lists these tools.

---

Trudy is written in Golang and intended to be used within MitM-VM. Trudy is a transparent proxy that works for any TCP connection and allows for programmatic and manual modification of TCP packets. Trudy aims to be simple to configure, easy to install, and generic enough to provide value in unique situations.

It does this by creating a 2-way “pipe” for each connection it proxies. The device you are proxying (the “client”) connects to Trudy (but doesn’t know this) and Trudy connects to the client’s intended destination (the “server”). Traffic is then passed between these pipes. Users can create Go functions to mangle data between pipes.

To proxy TLS connections, the Trudy binary spins up a TLS server with an invalid certificate. Obviously, you will need a valid certificate or a client that does not validate certificates.

Trudy was designed for monitoring and modifying proxy-unaware devices that use non-HTTP protocols. If you want to intercept and modify HTTP(S) traffic, Burp Suite is probably the better option.
Also listed in: TCP Proxy Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Paros Proxy
Rating: 0.0 (0 votes)
Author: Chinotec Technologies Company                        
Website: http://www.parosproxy.org
Current version: 3.2.13
Last updated: August 8, 2006
Direct D/L link: Locally archived copy
License type: Free / Open Source
Description: A Java based HTTP/HTTPS proxy for assessing web application vulnerability. It supports editing/viewing HTTP messages on-the-fly. Other featuers include spiders, client certificate, proxy-chaining, intelligent scanning for XSS and SQL injections etc.
Also listed in: HTTP Proxy Tools, Web Application Tools, SSL Proxy Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Stunnel
Rating: 0.0 (0 votes)
Author:                         
Website: http://www.stunnel.org
Current version: 4.20
Last updated: November 30, 2006
Direct D/L link: Locally archived copy
License type: Free / Open Source
Description: Stunnel -- Universal SSL Wrapper

Stunnel is a program that allows you to encrypt arbitrary TCP connections inside SSL (Secure Sockets Layer) available on both Unix and Windows. Stunnel can allow you to secure non-SSL aware daemons and protocols (like POP, IMAP, LDAP, etc) by having Stunnel provide the encryption, requiring no changes to the daemon's code.

The Stunnel source code is not a complete product -- you still require a functioning SSL library such as OpenSSL or SSLeay in order to compile stunnel. This means that stunnel can support whatever (and only) that which your SSL library can, without making any changes in the Stunnel code.

The Stunnel source code is available under the GNU General Public License, meaning it is free to use in both commercial and non commercial applications as you see fit, as long as you provide source code (and any modifications) with the software. Your compiled Stunnel binary is 'restricted' by whatever license your chosen SSL library is under, however both OpenSSL and SSLeay are open source and similarly liberal in their licensing.
Also listed in: SSL Proxy Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)


RSS feed Feed containing all updates and additions for this category.

RSS feed Feed containing all updates and additions for this category, including sub-categories.


Subcategories

There are 4 subcategories to this category.





Views
Category Navigation Tree
   Code Coverage Tools  (13)
   Code Ripping Tools  (2)
   Helper Tools  (3)
   Hex Editors  (13)
   Memory Patchers  (7)
   Packers  (20)
   Profiler Tools  (11)
   String Finders  (10)
   Tool Hiding Tools  (7)
   Tracers  (22)
   Needs New Category  (3)