Python just keeps amazing me, the following code is all you need to have a proxy up and running in like 10 seconds
from flask import Flask
from flask import request
app = Flask(__name__)
hosttorequest = 'www.cnn.com'
r = requests.get('http://'+hosttorequest+'/')
r = requests.get('http://'+hosttorequest+'/'+other)
if __name__ == '__main__':
Now this sure makes it easy to start hiding some stuff in there. To get it up and running just do: sudo python filename.py
Intercepting proxies and other intercepting software like tamperdata are ideal tools to modify a http request or response when you are taking a peek into the nice world of web application hacking.
Burp suite is not free like webscarab but I like it because the interface is more intuitive. It seems though that wescarab-ng is doing a pretty good job on the interface part. So what is burp suite exactly?
From the burp suite website:
Burp Suite is an integrated platform for attacking web applications. It contains all of the Burp tools with numerous interfaces between them designed to facilitate and speed up the process of attacking an application. All tools share the same robust framework for handling HTTP requests, authentication, downstream proxies, logging, alerting and extensibility.
The best thing? It can be extended!
Continue reading “Extending burp proxy”