Proxies and MITM Tools
LEGAL DISCLAMER
The author does not hold any responsibility for the bad use of this tool, remember that attacking targets without prior consent it’s illegal and punished by law.
Charles proxy
Official website: https://www.charlesproxy.com/
Charles is an HTTP proxy / HTTP monitor / Reverse Proxy that enables a developer to view all of the HTTP and SSL / HTTPS traffic between their machine and the Internet. This includes requests, responses and the HTTP headers (which contain the cookies and caching information).
Bettercap
Official website: https://www.bettercap.org/
bettercap is the Swiss army knife for network attacks and monitoring.
$ go get github.com/bettercap/bettercap
Ettercap
Official website: http://www.ettercap-project.org/
Ettercap is a comprehensive suite for man in the middle attacks. It features sniffing of live connections, content filtering on the fly and many other interesting tricks. It supports active and passive dissection of many protocols and includes many features for network and host analysis.
Mallory
GitHub: https://github.com/justmao945/mallory
HTTP/HTTPS proxy over SSH
HoneyProxy
GitHub: https://github.com/mhils/HoneyProxy
HoneyProxy is a lightweight man-in-the-middle proxy that helps you analyze HTTP(S) traffic flows. It is tailored to the needs of security researchers and allows both real-time and log analysis. Being compatible with mitmproxy, it focuses on features that are useful in a forensic context and allows extended visualization capabilites.
(note: HoneyProxy is now part of mitmproxy)
EvilGrade
GitHub : https://github.com/infobyte/evilgrade
Evilgrade is a modular framework that allows the user to take advantage of poor upgrade implementations by injecting fake updates. It comes with pre-made binaries (agents), a working default configuration for fast pentests, and has it’s own WebServer and DNSServer modules. Easy to set up new settings, and has an autoconfiguration when new binary agents are set.
Telerik Fiddler
Official website: https://www.telerik.com/fiddler
Free web debugging proxy for any browser, system or platform
- web session manipulation
- security testing
- performance testing
- HTTP/HTTPS traffic recording
- customizable free tool
- web debugging
DNSChef
Official website: http://thesprawl.org/projects/dnschef/
GitHub: https://github.com/iphelix/dnschef
DNSChef is a highly configurable DNS proxy for Penetration Testers and Malware Analysts. A DNS proxy (aka “Fake DNS”) is a tool used for application network traffic analysis among other uses. For example, a DNS proxy can be used to fake requests for “badguy.com” to point to a local machine for termination or interception instead of a real host somewhere on the Internet.
morpheus
GitHub: https://github.com/r00t-3xp10it/morpheus
Morpheus it’s a Man-In-The-Middle (mitm) suite that allows users to manipulate tcp/udp data using ettercap, urlsnarf, msgsnarf and tcpkill as backend applications. but this tool main objective its not to provide an easy way to exploit/sniff targets, but ratter a call of attemption to tcp/udp manipulations technics (etter filters).
ssh-mitm
GitHub: https://github.com/jtesta/ssh-mitm
SSH man-in-the-middle tool
This penetration testing tool allows an auditor to intercept SSH connections. A patch applied to the OpenSSH v7.5p1 source code causes it to act as a proxy between the victim and their intended SSH server; all plaintext passwords and sessions are logged to disk.
mitmproxy
Official website: https://mitmproxy.org/
GitHub : https://github.com/mitmproxy/mitmproxy
An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.
OWASP Zed Attack Proxy (ZAP)
GitHub: https://github.com/zaproxy/zaproxy
The OWASP Zed Attack Proxy (ZAP) is one of the world’s most popular free security tools and is actively maintained by hundreds of international volunteers*. It can help you automatically find security vulnerabilities in your web applications while you are developing and testing your applications. Its also a great tool for experienced pentesters to use for manual security testing.
PAROS
Sourceforge: https://sourceforge.net/projects/paros/
A Java based HTTP/HTTPS proxy for assessing web application vulnerability. It supports editing/viewing HTTP messages on-the-fly. Other featuers include spiders, client certificate, proxy-chaining, intelligent scanning for XSS and SQL injections etc.