From Collaborative RCE Tool Library

Jump to: navigation, search

TCP Proxy Tools


Tool name: Interactive TCP Relay
Rating: 0.0 (0 votes)
Author: WebCohort                        
Website: http://download.cnet.com/Interactive-TCP-Relay/3000-2383_4-10239124.html
Current version: 1.0
Last updated: February 12, 2003
Direct D/L link: Locally archived copy
License type: Free
Description: This application security test tool gives developers an environment for testing non-HTTP Client/Server applications, similar to that provided by interactive HTTP proxies. When started, ITR operates as a simple TCP tunnel, listening on a specific port, and forwarding all the traffic to the remote host and port. By configuring the client to treat the ITR as its server, all traffic between a client and a server can be tunneled and logged. The true power of ITR, however, lies in its ability to intercept and edit the traffic passing through it. When invoking intercept mode, the ITR stops every message sent through it (client to server and/or server to client). The traffic can then be edited freely using a built-in hex Editor, providing a comfortable environment for testing Client/Server applications. To provide support and compatibility for various systems, the ITR can operate both its logs and hex editor using different types of character encoding, such as ASCII or EBCDIC.
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Malcode Analysis Pack
Rating: 0.0 (0 votes)
Author: David Zimmer (iDefense Labs)                        
Website: http://sandsprite.com/blogs/index.php?uid=7&pid=185
Current version:
Last updated: May 5, 2012
Direct D/L link: http://sandsprite.com/CodeStuff/map_setup.exe
License type: GPL2
Description: Update: This is no longer available through the iDefense website. An updated package has been made available by the author.

The Malcode Analyst Pack contains a series of utilities that were found to be necessary tools while doing rapid malcode analysis.

Included in this package are:

• ShellExt - 5 explorer shell extensions
• socketTool - manual TCP Client for probing functionality.
• MailPot - mail server capture pot
• fakeDNS - spoofs dns responses to controlled ip's
• sniff_hit - HTTP, IRC, and DNS sniffer
• sclog - Shellcode research and analysis application
• IDCDumpFix - aids in quick RE of packed applications
• Shellcode2Exe - embeds multiple shellcode formats in exe husk
• GdiProcs - detect hidden processes
• finddll - scan processes for loaded dll by name
• Virustotal - virus reports for single and bulk hash lookups. Explorer integration
Also listed in: API Monitoring Tools, Import Editors, Malware Analysis Tools, Network Sniffers, Network Tools, Process Monitoring Tools, Reverse Engineering Frameworks
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Matasano Port Forwarding Interceptor
Rating: 0.0 (0 votes)
Author: Matasano / s7ephen                        
Website: http://github.com/s7ephen/projects/tree/master
Current version:
Last updated: May 22, 2009
Direct D/L link: Locally archived copy
License type: Free / Open Source
Description: Do you ever find yourself on a reversing or pen-testing project with the need to peek into a TCP stream and modify a little bit of data?

Do you find yourself annoyed, feeling that you’ve hacked together code to do this many times before, but simply can’t find it?

Do you find yourself hobbling together other tools to do what you need? Do you find yourself wishing you had a Burp for raw TCP connections?

No MORE! Using Matasano’s Port Forwarding Interceptor you have the tool you need right at your fingertips!
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: MitM-VM + Trudy
Rating: 0.0 (0 votes)
Author: Kelby Ludwig / Praetorian                        
Website: https://www.praetorian.com/blog/trudy-a-dead-simple-tcp-intercepting-proxy-mitm-vm
Current version:
Last updated: January 28, 2016
Direct D/L link: N/A
License type: Free / Open source
Description: MitM-VM is a Vagrant virtual machine that can be used as a transparent proxy. For those who have not used Vagrant, deploying the virtual machine is very straightforward and the virtual machine will be configured to handle most proxying situations. A simplistic motivating example: before MitM-VM, I often used an OpenWRT router with tcpdump (or similar) to monitor the traffic of my target device. This works well in most cases, but suffers from two major issues: first, routers are equipped with inferior hardware when compared to my laptop; second, I now have two pieces of hardware to manage. MitM-VM can be configured to provide the same functionality as my multi-hardware setup. Aside from the added benefit of less physical hardware and better specifications, I now also have a fully-featured Debian box to handle my traffic. (I still love OpenWRT though!)

MitM-VM also installs and configures several utilities that can be used to monitor or modify traffic. MitM-VM’s documentation lists these tools.

---

Trudy is written in Golang and intended to be used within MitM-VM. Trudy is a transparent proxy that works for any TCP connection and allows for programmatic and manual modification of TCP packets. Trudy aims to be simple to configure, easy to install, and generic enough to provide value in unique situations.

It does this by creating a 2-way “pipe” for each connection it proxies. The device you are proxying (the “client”) connects to Trudy (but doesn’t know this) and Trudy connects to the client’s intended destination (the “server”). Traffic is then passed between these pipes. Users can create Go functions to mangle data between pipes.

To proxy TLS connections, the Trudy binary spins up a TLS server with an invalid certificate. Obviously, you will need a valid certificate or a client that does not validate certificates.

Trudy was designed for monitoring and modifying proxy-unaware devices that use non-HTTP protocols. If you want to intercept and modify HTTP(S) traffic, Burp Suite is probably the better option.
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)


RSS feed Feed containing all updates and additions for this category.

RSS feed Feed containing all updates and additions for this category, including sub-categories.





Views
Category Navigation Tree
   Code Coverage Tools  (13)
   Code Ripping Tools  (2)
   Helper Tools  (3)
   Hex Editors  (13)
   Memory Patchers  (7)
   Packers  (20)
   Profiler Tools  (11)
   String Finders  (10)
   Tool Hiding Tools  (7)
   Tracers  (22)
   Needs New Category  (3)