Posts Tagged ‘web’

Quick tiny python web proxy

Posted: April 14, 2013 in MemoToSelf
Tags: , ,

Python just keeps amazing me, the following code is all you need to have a proxy up and running in like 10 seconds

 

from flask import Flask
from flask import request

import requests

app = Flask(__name__)


hosttorequest = 'www.cnn.com'

@app.route('/')
def root():
    r = requests.get('http://'+hosttorequest+'/')
    return r.content

@app.route('/<path:other>')
def other(other):
    r = requests.get('http://'+hosttorequest+'/'+other)
    return r.content
    
if __name__ == '__main__':
    app.run(host='0.0.0.0', port=80)

Now this sure makes it easy to start hiding some stuff in there. To get it up and running just do: sudo python filename.py

Advertisements

Intercepting proxies and other intercepting software like tamperdata are ideal tools to modify a http request or response when you are taking a peek into the nice world of web application hacking.

Burp suite is not free like webscarab but I like it because the interface is more intuitive. It seems though that wescarab-ng is doing a pretty good job on the interface part. So what is burp suite exactly?

From the burp suite website:

Burp Suite is an integrated platform for attacking web applications. It contains all of the Burp tools with numerous interfaces between them designed to facilitate and speed up the process of attacking an application. All tools share the same robust framework for handling HTTP requests, authentication, downstream proxies, logging, alerting and extensibility.

The best thing? It can be extended!

(more…)