Security and Technology

BinProxy – BinProxy is a proxy for arbitrary TCP connections

BinProxy is a proxy for arbitrary TCP connections. You can define custom message formats using the BinData gem.InstallationPrerequisites

Ruby 2.3 or later

A C compiler, Ruby headers, etc., are needed to compile several dependencies.

On Ubuntu, sudo apt install build-essential ruby-dev should do it.

If you’ve installed a custom Ruby (e.g. with RVM), you probably already have what you need.

openssl binary for –tls without an explicit cert/key.

To build the UI, node.js and npm. (Not needed at runtime)

From Rubygems

gem install binproxy

You may need to use sudo , depending on your Ruby installation.From Source

git clone http://ift.tt/2eXmyyz binproxycd binproxy# Install ruby dependencies.# Depending on your setup, one or both of these may require sudo.gem install bundler && bundle# The UI is built with a webpack/babel toolchain:(cd ui && npm install) \ && rake build-ui# Confirm that everything works# run.sh sets up the environment and passes all args to binproxy./run.sh –help

To build and install the gem package:

gem build binproxy.gemspec# Again, you may need sudo heregem install binproxy-1.0.0.gem

Bug reports on installation issues are welcome!UsageBasic Usage

Run binproxy with no arguments.

Browse to http://localhost:4567/

Enter local and remote hostnames or IP addresses and ports, and click ‘update’

Point a client at the local service, and watch the packets flow.

Command Line Flags
See –help for the complete list, but in short:

binproxy -c []

If you leave out the -c argument, a simple hex dump is shown.
If you leave out the local host, binproxy assumes localhost.
With the –socks-proxy or –http-proxy options, the remote host and port are determined dynamically, and should not be specified.Examples

# Proxy from localhost:9000 -> example.com:9000binproxy localhost 9000 example.com 9000# Act as a SOCKS proxy on localhost:1080# MITM and unwrap TLS on the proxied traffic, using a self-signed cert and keybinproxy -S –tls 1080# “Poor substitute for Burp” mode:## HTTP proxy; MITM TLS w/ pre-generated cert; simple header parsing# Note: this will only work on HTTPS traffic, not plain HTTP!# If you’re working with the source repo, you generate the certs with:# rake makecert[example.com]# And then import certs/ca-cert.pem into your browser or OS’s trust store.binproxy -H –tls \ –tls-cert certs/example.com-cert.pem \ –tls-key certs/example.com-key.pem \ –class-name DumbHttp::Message \ localhost 8080

Customizing
By default, the proxy uses the built-in RawMessage class, which just gives you a hexdump of each message (assuming 1:1 between messages and TCP packets)
You can view parsed protocol information by specifying a BinData::Record subclass† with the –class command line argument.
You may also wish to define the following in your class:

def summary # return a single-line description of this recordend# currently supported options are# – nil : use default display# – “anon” : for structs, show contents directly# – “hex” : for numbers, display as 0x1234ABCD# – “hexdump” : for strings, display like `hexdump -C`default_parameter display_as: “…”# TODO: document state stuffdef self.initial_stateenddef current_stateenddef update_stateend

† Technically, any subclass of BinData::Base will work.Dynamic Proxying
By default, BinProxy relays all traffic to a static upstream host and port. It can also be configured to act as a SOCKS (v4 or v4a) or HTTP proxy with the –socks-proxy and –http-proxy flags, respectively.Note: Currently, the HTTP proxy only supports connections tunneled with the HTTP CONNNECT verb; it cannot proxy raw HTTP GET , POST , etc., requests. In practice, this means that HTTPS traffic will work, but plain HTTP traffic will not unless the client supports a flag to force tunneling, like curl -p .TLS / SSL
Use the –tls flag to unwrap TLS encryption before processing messages. By default, BinProxy will generate a self-signed certificate. You can sepecify PEM files containing a certificate and key with –tls-cert and –tls-key . (If you’ve cloned the source repo, use rake makecert[example.com] to generate a static CA and a certificate with the appropriate hostname.)
Download BinProxy http://ift.tt/2e4vrr3 http://ift.tt/2aM8QhC

Deixe uma resposta

Preencha os seus dados abaixo ou clique em um ícone para log in:

Logotipo do WordPress.com

Você está comentando utilizando sua conta WordPress.com. Sair / Alterar )

Imagem do Twitter

Você está comentando utilizando sua conta Twitter. Sair / Alterar )

Foto do Facebook

Você está comentando utilizando sua conta Facebook. Sair / Alterar )

Foto do Google+

Você está comentando utilizando sua conta Google+. Sair / Alterar )

Conectando a %s