BinProxy – BinProxy is a proxy for arbitrary TCP connections
Ruby 2.3 or later
A C compiler, Ruby headers, etc., are needed to compile several dependencies.
On Ubuntu, sudo apt install build-essential ruby-dev should do it.
If you’ve installed a custom Ruby (e.g. with RVM), you probably already have what you need.
openssl binary for –tls without an explicit cert/key.
To build the UI, node.js and npm. (Not needed at runtime)
gem install binproxy
You may need to use sudo , depending on your Ruby installation.From Source
git clone http://ift.tt/2eXmyyz binproxycd binproxy# Install ruby dependencies.# Depending on your setup, one or both of these may require sudo.gem install bundler && bundle# The UI is built with a webpack/babel toolchain:(cd ui && npm install) \ && rake build-ui# Confirm that everything works# run.sh sets up the environment and passes all args to binproxy./run.sh –help
To build and install the gem package:
gem build binproxy.gemspec# Again, you may need sudo heregem install binproxy-1.0.0.gem
Bug reports on installation issues are welcome!UsageBasic Usage
Run binproxy with no arguments.
Browse to http://localhost:4567/
Enter local and remote hostnames or IP addresses and ports, and click ‘update’
Point a client at the local service, and watch the packets flow.
Command Line Flags
See –help for the complete list, but in short:
binproxy -c 
If you leave out the -c argument, a simple hex dump is shown.
If you leave out the local host, binproxy assumes localhost.
With the –socks-proxy or –http-proxy options, the remote host and port are determined dynamically, and should not be specified.Examples
# Proxy from localhost:9000 -> example.com:9000binproxy localhost 9000 example.com 9000# Act as a SOCKS proxy on localhost:1080# MITM and unwrap TLS on the proxied traffic, using a self-signed cert and keybinproxy -S –tls 1080# “Poor substitute for Burp” mode:## HTTP proxy; MITM TLS w/ pre-generated cert; simple header parsing# Note: this will only work on HTTPS traffic, not plain HTTP!# If you’re working with the source repo, you generate the certs with:# rake makecert[example.com]# And then import certs/ca-cert.pem into your browser or OS’s trust store.binproxy -H –tls \ –tls-cert certs/example.com-cert.pem \ –tls-key certs/example.com-key.pem \ –class-name DumbHttp::Message \ localhost 8080
By default, the proxy uses the built-in RawMessage class, which just gives you a hexdump of each message (assuming 1:1 between messages and TCP packets)
You can view parsed protocol information by specifying a BinData::Record subclass† with the –class command line argument.
You may also wish to define the following in your class:
def summary # return a single-line description of this recordend# currently supported options are# – nil : use default display# – “anon” : for structs, show contents directly# – “hex” : for numbers, display as 0x1234ABCD# – “hexdump” : for strings, display like `hexdump -C`default_parameter display_as: “…”# TODO: document state stuffdef self.initial_stateenddef current_stateenddef update_stateend
† Technically, any subclass of BinData::Base will work.Dynamic Proxying
By default, BinProxy relays all traffic to a static upstream host and port. It can also be configured to act as a SOCKS (v4 or v4a) or HTTP proxy with the –socks-proxy and –http-proxy flags, respectively.Note: Currently, the HTTP proxy only supports connections tunneled with the HTTP CONNNECT verb; it cannot proxy raw HTTP GET , POST , etc., requests. In practice, this means that HTTPS traffic will work, but plain HTTP traffic will not unless the client supports a flag to force tunneling, like curl -p .TLS / SSL
Use the –tls flag to unwrap TLS encryption before processing messages. By default, BinProxy will generate a self-signed certificate. You can sepecify PEM files containing a certificate and key with –tls-cert and –tls-key . (If you’ve cloned the source repo, use rake makecert[example.com] to generate a static CA and a certificate with the appropriate hostname.)
Download BinProxy http://ift.tt/2e4vrr3 http://ift.tt/2aM8QhC