Proxies & MITM Tools

Standard

Proxies and MITM Tools

LEGAL DISCLAMER

The author does not hold any responsibility for the bad use of this tool, remember that attacking targets without prior consent it’s illegal and punished by law.

Charles proxy

Official website: https://www.charlesproxy.com/

Charles is an HTTP proxy / HTTP monitor / Reverse Proxy that enables a developer to view all of the HTTP and SSL / HTTPS traffic between their machine and the Internet. This includes requests, responses and the HTTP headers (which contain the cookies and caching information).

charles-macosx

Bettercap

Official website: https://www.bettercap.org/

bettercap is the Swiss army knife for network attacks and monitoring.

$ go get github.com/bettercap/bettercap

Ettercap

Official website: http://www.ettercap-project.org/

Ettercap is a comprehensive suite for man in the middle attacks. It features sniffing of live connections, content filtering on the fly and many other interesting tricks. It supports active and passive dissection of many protocols and includes many features for network and host analysis.

 

Mallory

GitHub: https://github.com/justmao945/mallory

HTTP/HTTPS proxy over SSH

 

HoneyProxy

GitHub: https://github.com/mhils/HoneyProxy

HoneyProxy is a lightweight man-in-the-middle proxy that helps you analyze HTTP(S) traffic flows. It is tailored to the needs of security researchers and allows both real-time and log analysis. Being compatible with mitmproxy, it focuses on features that are useful in a forensic context and allows extended visualization capabilites.
(note: HoneyProxy is now part of mitmproxy)

EvilGrade

GitHub : https://github.com/infobyte/evilgrade

Evilgrade is a modular framework that allows the user to take advantage of poor upgrade implementations by injecting fake updates. It comes with pre-made binaries (agents), a working default configuration for fast pentests, and has it’s own WebServer and DNSServer modules. Easy to set up new settings, and has an autoconfiguration when new binary agents are set.

 

Telerik Fiddler

Official website: https://www.telerik.com/fiddler

Free web debugging proxy for any browser, system or platform

  • web session manipulation
  • security testing
  • performance testing
  • HTTP/HTTPS traffic recording
  • customizable free tool
  • web debugging

 

DNSChef

Official website: http://thesprawl.org/projects/dnschef/

GitHub: https://github.com/iphelix/dnschef

DNSChef is a highly configurable DNS proxy for Penetration Testers and Malware Analysts. A DNS proxy (aka “Fake DNS”) is a tool used for application network traffic analysis among other uses. For example, a DNS proxy can be used to fake requests for “badguy.com” to point to a local machine for termination or interception instead of a real host somewhere on the Internet.

morpheus

GitHub: https://github.com/r00t-3xp10it/morpheus

Morpheus it’s a Man-In-The-Middle (mitm) suite that allows users to manipulate tcp/udp data using ettercap, urlsnarf, msgsnarf and tcpkill as backend applications. but this tool main objective its not to provide an easy way to exploit/sniff targets, but ratter a call of attemption to tcp/udp manipulations technics (etter filters).

 

ssh-mitm

GitHub: https://github.com/jtesta/ssh-mitm

SSH man-in-the-middle tool

This penetration testing tool allows an auditor to intercept SSH connections. A patch applied to the OpenSSH v7.5p1 source code causes it to act as a proxy between the victim and their intended SSH server; all plaintext passwords and sessions are logged to disk.

 

mitmproxy

Official website: https://mitmproxy.org/
GitHub : https://github.com/mitmproxy/mitmproxy

An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.

 

OWASP Zed Attack Proxy (ZAP)

GitHub: https://github.com/zaproxy/zaproxy

The OWASP Zed Attack Proxy (ZAP) is one of the world’s most popular free security tools and is actively maintained by hundreds of international volunteers*. It can help you automatically find security vulnerabilities in your web applications while you are developing and testing your applications. Its also a great tool for experienced pentesters to use for manual security testing.

 

PAROS

Sourceforge: https://sourceforge.net/projects/paros/

A Java based HTTP/HTTPS proxy for assessing web application vulnerability. It supports editing/viewing HTTP messages on-the-fly. Other featuers include spiders, client certificate, proxy-chaining, intelligent scanning for XSS and SQL injections etc.