hugsy / proxenet Goto Github PK

View Code? Open in Web Editor NEW

211.0 30.0 69.0 2.41 MB

The ONLY hacker friendly proxy for webapp pentests.

Home Page: https://proxenet.readthedocs.org/en/latest/

License: GNU General Public License v2.0

CMake 7.93% Python 9.37% C 79.55% Makefile 0.03% Groff 1.80% Shell 0.69% Objective-C 0.62%

pentest c webapp plugins scanner python ruby lua tcl http

proxenet's Introduction

Proxenet

What is it?

proxenet is a hacker friendly DIY web proxy for pentest(ers). It is a C-based proxy that allows you to interact with higher level languages (like Python, Ruby, Java, etc.) for modifying on-the-fly requests/responses sent by your Web browser.

How to start

$ git clone https://github.com/hugsy/proxenet.git
$ cd proxenet && cmake . && make
$ sudo make install

Status

Branch	Build status	Documentation
Master
Dev

Authors

proxenet was developed by hugsy with the help of the following contributors who are to be thanked.

proxenet's People

Contributors

Stargazers

Watchers

Forkers

aorimn steeve85 lanjelot willbengtson thorgul tourountzis johnhoder megabedder thetlk drptbl interspective firebitsbr cnlouts rkornmeyer milo2012 z0x010 lucabongiorni srozb wflk mrphishxxx buckshotwhoami olivierh59500 gsdu8g9 hax0rg1rl houcy h0k5 whb224117 r3p3r shellgh05t zorg1331 ykankaya krashman sundaysec mrmugiwara didix13 securityanalysts difcareer orf53975 seabreg trevenen santadata internety pbehnke lvmalware an0nym0u5101 elbal-code lolici123 zumb08 gavz hartl3y94 afwu userid9708 ajunlonglive ewitmayer timb-machine-mirrors

proxenet's Issues

make fails due to missing ctr_drbg_free function

$ make
[  8%] Building C object CMakeFiles/proxenet.dir/ssl.c.o
<command-line>:0:0: warning: "_FORTIFY_SOURCE" redefined [enabled by default]
<built-in>:0:0: note: this is the location of the previous definition
.../proxenet/ssl.c: In function ‘proxenet_ssl_free_structs’:
.../proxenet/ssl.c:367:9: error: implicit declaration of function ‘ctr_drbg_free’ [-Werror=implicit-function-declaration]
         ctr_drbg_free( &ssl->ctr_drbg );
         ^
cc1: some warnings being treated as errors
make[2]: *** [CMakeFiles/proxenet.dir/ssl.c.o] Error 1
make[1]: *** [CMakeFiles/proxenet.dir/all] Error 2
make: *** [all] Error 2

I'm using a version of polarssl that appears to match the doco at https://proxenet.readthedocs.org/en/latest/compil/ :

$ dpkg --status libpolarssl-dev | grep ^Version
Version: 1.3.4-1

Looking through historical tags for mbedtls, it looks like that function only appeared in 1.3.8 though.

Perl plugin template broken ?

Hello, it seems that the perl plugin template from the doc is broken.

I would really need to be able to use perl, can you help me fixing the template ?

On load error:
16:41:36-ERROR-[Perl5.26.2] Invalid number of response returned while loading '/home/evil/.proxenet/plugins/Test1.pl' (got 0, expected 1)
16:41:36-INFO-Plugin 2 'Test1' is now ACTIVE

After a request:
GET / HTTP/1.1
Host: example.com
User-Agent: curl/7.59.0
Accept: /
Proxy-Connection: Keep-Alive

[1] 2396 segmentation fault (core dumped) proxenet -4 -v

Test1.pl only contains the AddHeader template's code ...

BTW: extension would be .pm for a perl module

Cheers,
Michael

proxenet_xfree of NULL pointer

In proxenet_process_http_request

the following lines can cause a free of a NULL pointer :
req.data = proxenet_apply_plugins(&req);
[...]
proxenet_xfree(req.data);

A simple fix would be to do the following:
if (req.data) {
proxenet_xfree(req.data);
}

Return type for proxenet_apply_plugins()

Modify proxenet_apply_plugins() to return NULL upon failure (instead of old buffer)

proxenet does not support HTTP/1.1 100 Continue

Add a check in core.c

if (req.id > 0 && sock_from_browser) {
/* socket is already established */
/* no need to try to parse as an http request header */ 
}

[Perl] Plugin execution is broken

Crash every time a Perl plugin is executed :

hugsy:~/code/proxenet % ./proxenet
INFO: Control interface listening on '/tmp/proxenet-control-socket'
INFO: Listening on localhost:8008
zsh: segmentation fault (core dumped)  ./proxenet
hugsy:~/code/proxenet % gdb ./proxenet ./proxenet.11995.1000.1433284996.11.core
Core was generated by `./proxenet'.
Program terminated with signal SIGSEGV, Segmentation fault.
0  0x00007f16d86aec8a in strlen () from /lib/x86_64-linux-gnu/libc.so.6
gdb-peda$ bt
0  0x00007f16d86aec8a in strlen () from /lib/x86_64-linux-gnu/libc.so.6
1  0x00007f16d9d64065 in Perl_get_cv () from /usr/lib/x86_64-linux-gnu/libperl.so.5.20
2  0x00007f16d9d64835 in Perl_call_pv () from /usr/lib/x86_64-linux-gnu/libperl.so.5.20
3  0x00007f16db5eb88f in proxenet_perl_plugin ()
4  0x00007f16db5e2ed9 in proxenet_apply_plugins ()
5  0x00007f16db5e2a60 in proxenet_process_http_request ()
6  0x00007f16db5e40e3 in process_thread_job ()
7  0x00007f16db1a10a4 in start_thread () from /lib/x86_64-linux-gnu/libpthread.so.0
8  0x00007f16d871304d in clone () from /lib/x86_64-linux-gnu/libc.so.6

Plugin loading seem fine.

Add daemon mode

support openjdk / IcedTea

CMake Warning at cmake/FindJava.cmake:54 (message):
  regex not supported: openjdk version "1.8.0_101"

  OpenJDK Runtime Environment (IcedTea 3.1.0) (Gentoo icedtea-3.1.0-r1)

  OpenJDK 64-Bit Server VM (build 25.101-b13, mixed mode).  Please report
Call Stack (most recent call first):
  CMakeLists.txt:233 (find_package)


-- Java version .. found!
-- Found JAVA_HOME as /etc/java-config-2/current-system-vm

Add the possibility to disable SSL traffic interception

Use case : MITM attack
From @lanjelot

if (is_ssl && disable_ssl_intercept)
 goto send_to_server;

Can not load any python plugin

Can not load any python plugin. Only print File 'xxx.py' has not been added.

proxenet v0.4-master:c1b214c
Written by hugsy
Released under: GPLv2
Using library: PolarSSL 1.3.10
Compiled by GNU (Linux-3.10.0-229.1.2.el7.x86_64) with support for :
[+] 0x00 C (.so)
[+] 0x01 Python2.7.5 (.py)
[+] 0x02 Ruby2.0.0 (.rb)
[+] 0x03 Perl5.16.3 (.pl)
[+] 0x04 Lua5.1.4 (.lua)

Load only symlinks in autoload dir

Program relies at many places on the fact that plugins are "physically" located in cfg->plugins_path. The init phase also allow to load files from autoload sub-dir.

Fix it by only loading symlinks pointing to files in cfg->plugins_path

SOCKS proxy forward support

TODO:

add socks proxy forward support

Random crashes on Ruby VM

Intense use of Ruby plugins always produces a SEGV triggered by Ruby VM (abort() call)

/home/hugsy/tools/proxenet/plugins/3Hello.rb:8: [BUG] Segmentation fault
ruby 1.9.3p448 (2013-06-27 revision 41675) [x86_64-linux]

-- Control frame information -----------------------------------------------
c:0003 p:0017 s:0015 b:0010 l:000009 d:000009 METHOD /home/hugsy/tools/proxenet/plugins/3Hello.rb:8
c:0002 p:---- s:0004 b:0004 l:000003 d:000003 FINISH
c:0001 p:0000 s:0002 b:0002 l:000178 d:000178 TOP   

-- Ruby level backtrace information ----------------------------------------
/home/hugsy/tools/proxenet/plugins/3Hello.rb:8:in `proxenet_response_hook'

-- C level backtrace information -------------------------------------------
/usr/lib/libruby-1.9.1.so.1.9(+0x154d69) [0x7fbeb9bead69]
/usr/lib/libruby-1.9.1.so.1.9(+0x5961d) [0x7fbeb9aef61d] vfscanf.c:1777
[...]
/usr/lib/libruby-1.9.1.so.1.9(+0x149311) [0x7fbeb9bdf311] ../sysdeps/x86_64/multiarch/strcpy-ssse3.S:2954
./proxenet() [0x408057]
./proxenet() [0x4048b7]

-- Other runtime information -----------------------------------------------
/home/hugsy/tools/proxenet/plugins/3Hello.rb:8: [BUG] object allocation during garbage collection phase
ruby 1.9.3p448 (2013-06-27 revision 41675) [x86_64-linux]

Add support for WebSockets

Add support for network.http.proxy.keep-alive

http://kb.mozillazine.org/Network.http.proxy.keep-alive

Use autoconf

Migrate from standalone Makefile to Autoconf

Add option to forward SSL

Add the ability to forward CONNECTs based on regexp (on dest IP or hostname), just like a normal HTTP proxy would do. Sometimes I don't want or can't intercept the SSL traffic to specific hosts (client rejecting proxenet certificate, cert pinning, etc.).
Cheers!

proxenet_ssl_ioctl does not check for null parameters

proxenet_ssl_ioctl uses func, buf and ssl parameters without checking if they are NULL, as well as size with 0 and -1.

If one of those would occur, proxenet SIGSEGV. See the following stack trace:

gdb-peda$ bt
#0  0x00007ff6b82e5c45 in __memcpy_ssse3_back () from /lib64/libc.so.6
#1  0x00007ff6b98d0f10 in ssl_write () from /usr/lib64/libpolarssl.so.0
#2  0x000000000040892e in proxenet_ssl_ioctl (func=0x402cb0 <ssl_write@plt>, buf=0x0, count=0xffffffffffffffff, ssl=<optimized out>) at ssl.c:260
#3  0x0000000000408ecb in proxenet_ssl_write (sock=<optimized out>, buf=<optimized out>, count=<optimized out>, ssl_sess=<optimized out>) at ssl.c:310
#4  0x00000000004048c9 in proxenet_process_http_request (server_socket=0xe) at core.c:440
#5  0x0000000000404dc8 in process_thread_job (arg=0x6f32b0) at core.c:675
#6  0x00007ff6b9b02ef1 in start_thread () from /lib64/libpthread.so.0
#7  0x00007ff6b829e7ad in clone () from /lib64/libc.so.6

a simple fix would be to add the following before the main loop:

if (func == NULL || buf == NULL || ssl == NULL || size == 0 || size = -1)
 return retcode;

mbedtls does not build with -fPIC by default

mbedtls does not build with -fPIC in LOCAL_CFLAGS causing the linking of proxenet to fail.
Not that you can do anything about it but it might be a good idea to make people aware of the issue and how to fix it.

make: *** [Makefile:130: all] Error 2

cmake . && make
-- Found MBEDTLS: /usr/include
-- mbedTLS 2.13.0 found!
-- Found PkgConfig: /usr/bin/pkg-config (found version "0.29")
-- Checking for one of the modules 'lua53;lua-5.3;lua5.3;lua5.2;lua-5.2;lua52;lua5.1;lua-5.1;lua51;lua-5.0;lua5.0;lua50;lua'
-- Found Tclsh: /usr/bin/tclsh (found version "8.6")
CMake Warning at cmake/FindJava.cmake:54 (message):
  regex not supported: openjdk version "1.8.0_171"

  OpenJDK Runtime Environment (build 1.8.0_171-8u171-b11-2-b11)

  OpenJDK 64-Bit Server VM (build 25.171-b11, mixed mode).  Please report
Call Stack (most recent call first):
  CMakeLists.txt:233 (find_package)


-- Java version .. found!
-- Found JAVA_HOME as /usr/lib/jvm/java-8-openjdk-amd64
--------------------------------------------------------------------------
proxenet will be compiled with support for:
- C plugin
- Python plugin: 2.7.15
- Ruby plugin: 2.5.1
- Java plugin:
--------------------------------------------------------------------------
-- Configuring done
-- Generating done
-- Build files have been written to: /mytools/proxenet
Scanning dependencies of target proxenet
[  6%] Building C object CMakeFiles/proxenet.dir/control-server.c.o
In file included from /mytools/proxenet/core.h:25,
                 from /mytools/proxenet/control-server.h:5,
                 from /mytools/proxenet/control-server.c:24:
/mytools/proxenet/plugin.h:69:2: error: ‘_JAVA_VERSION_’ undeclared here (not in a function); did you mean ‘_SC_2_VERSION’?
  _JAVA_VERSION_,
  ^~~~~~~~~~~~~~
  _SC_2_VERSION
/mytools/proxenet/control-server.c: In function ‘version_cmd’:
/mytools/proxenet/control-server.c:226:21: error: expected ‘,’ or ‘;’ before ‘_JAVA_VERSION_’
                 "\""_JAVA_VERSION_"\","
                     ^~~~~~~~~~~~~~
make[2]: *** [CMakeFiles/proxenet.dir/build.make:63: CMakeFiles/proxenet.dir/control-server.c.o] Error 1
make[1]: *** [CMakeFiles/Makefile2:105: CMakeFiles/proxenet.dir/all] Error 2
make: *** [Makefile:130: all] Error 2

Add possibility to kill threads from web/cli interfaces

Add new language support

Reference

Go https://github.com/golang/go/wiki/cgo
Tcl http://tmml.sourceforge.net/doc/tcl/#DIVid81d4430
Scheme http://www.s48.org/0.57/manual/s48manual_59.html
Lisp (maybe) http://sbcl.org/1.0/manual/Calling-Lisp-From-C.html

Add transparent mode

Add the ability to proxy non-proxy aware clients by looking up the Host: header in the HTTP requests.

Add Java support

Reference:

JNI http://docs.oracle.com/javase/7/docs/technotes/guides/jni/spec/invocation.html

Add Scheme48 support

Reference:

Scheme http://www.s48.org/0.57/manual/s48manual_59.html

ImportError: No module named XXX

Writing a python plugin in proxenet-plugins/autoload dir, there is a error when start proxenet,:
ImportError: No module named XXX

The way recommand:

#First, put the python file XXX.py in proxenet-plugins
cd proxenet-plugins/autoload
mv  XXX.py  ../
#Then, create a symbol link
ln  -s  ../XXX.py  ./

Add invisible proxy mode

Hi,

it would be nice if proxenet would support an invisible proxy mode for clients that are not proxy-aware. I tried to just implement it in a plugin, but it seems like prexenet runs in circles before the request hits the plugin.

The easiest way for an invisible proxy mode (where requests arrive without a full URI in the first line) would be to grab the target host from the HTTP host header and reconstruct the first line. Here is what I tried in the plugin:

import re

host_header = re.compile(r"Host: (.*)\r\n")
uri_host = re.compile(r"://(.*):")

def proxenet_request_hook(rid, request, uri):
    _uri_host = uri_host.findall(uri)
    _host_header = host_header.findall(request)

    if not _uri_host or not _host_header:
        return request

    uri = uri.replace(_uri_host[0], _host_header[0])
    first, rest = request.split('\r\n', 1)
    request = 'GET {} HTTP/1.1\r\n'.format(uri) + rest

    return request


def proxenet_response_hook(rid, response, uri):
    return response

Thanks in advance!

CA generates certificates with the same serial.

CMake Deprecation Warning at CMakeLists.txt:7 ! Issue

Can someone please help with this one ?

cd proxenet && cmake . && make
CMake Deprecation Warning at CMakeLists.txt:7 (cmake_minimum_required):
Compatibility with CMake < 2.8.12 will be removed from a future version of
CMake.

Update the VERSION argument value or use a ... suffix to tell
CMake that the project does not need compatibility with older versions.

I cant find any solution !

Add SSL client certificate support

Improve plugin loading

Add autoload handling (directory autoload/ with symlinks)
Add control command to load at runtime