From Collaborative RCE Tool Library

Jump to: navigation, search

MitM-VM + Trudy

Tool name: MitM-VM + Trudy
Rating: 0.0 (0 votes)
Author: Kelby Ludwig / Praetorian                        
Website: https://www.praetorian.com/blog/trudy-a-dead-simple-tcp-intercepting-proxy-mitm-vm
Current version:
Last updated: January 28, 2016
Direct D/L link: N/A
License type: Free / Open source
Description: MitM-VM is a Vagrant virtual machine that can be used as a transparent proxy. For those who have not used Vagrant, deploying the virtual machine is very straightforward and the virtual machine will be configured to handle most proxying situations. A simplistic motivating example: before MitM-VM, I often used an OpenWRT router with tcpdump (or similar) to monitor the traffic of my target device. This works well in most cases, but suffers from two major issues: first, routers are equipped with inferior hardware when compared to my laptop; second, I now have two pieces of hardware to manage. MitM-VM can be configured to provide the same functionality as my multi-hardware setup. Aside from the added benefit of less physical hardware and better specifications, I now also have a fully-featured Debian box to handle my traffic. (I still love OpenWRT though!)

MitM-VM also installs and configures several utilities that can be used to monitor or modify traffic. MitM-VM’s documentation lists these tools.

---

Trudy is written in Golang and intended to be used within MitM-VM. Trudy is a transparent proxy that works for any TCP connection and allows for programmatic and manual modification of TCP packets. Trudy aims to be simple to configure, easy to install, and generic enough to provide value in unique situations.

It does this by creating a 2-way “pipe” for each connection it proxies. The device you are proxying (the “client”) connects to Trudy (but doesn’t know this) and Trudy connects to the client’s intended destination (the “server”). Traffic is then passed between these pipes. Users can create Go functions to mangle data between pipes.

To proxy TLS connections, the Trudy binary spins up a TLS server with an invalid certificate. Obviously, you will need a valid certificate or a client that does not validate certificates.

Trudy was designed for monitoring and modifying proxy-unaware devices that use non-HTTP protocols. If you want to intercept and modify HTTP(S) traffic, Burp Suite is probably the better option.
Related URLs: No related URLs have been submitted for this tool yet


RSS feed Feed containing all updates for this tool.

You are welcome to add your own useful notes about this tool, for others to see!



If you find that any information for the tool above is missing, outdated or incorrect, please edit it!
(please also edit it if you think it fits well in some additional category, since this can also be controlled)


Views
Category Navigation Tree
   Code Coverage Tools  (13)
   Code Ripping Tools  (2)
   Helper Tools  (3)
   Hex Editors  (13)
   Memory Patchers  (7)
   Packers  (20)
   Profiler Tools  (11)
   String Finders  (10)
   Tool Hiding Tools  (7)
   Tracers  (22)
   Needs New Category  (3)