Virus.Org IT Security News and Information Portal. We offer the latest IT security news, updates, product reviews, books, and articles for all you IT security professionals out there. Enter and get the best IT security information on the Internet.

 
. Welcome to the Virus.Org Mailing List Archive  
.
.


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]


PenProxy - an extremely simple web pen-test proxy
.

  • To: bogus
  • Subject: PenProxy - an extremely simple web pen-test proxy
  • From: [EMAIL PROTECTED] (Sverre H. Huseby)
  • Date: Fri, 27 Sep 2002 14:17:59 +0200
.
 

I spent five hours yesterday creating a very simple, untested, Java
based proxy, mostly because I miss programming (I haven't programmed
Java for two years.  That's my excuse for the messy code (which is
included in the .zip)).  It probably won't be helpful for anyone. :)

  http://shh.thathost.com/pub-java/#PenProxy

The README is included below.

<p>Sverre.

<p>--------------------------------------------------------------------
PenProxy
========

  Sverre H. Huseby
  [EMAIL PROTECTED]

An untested, feature-lacking proxy that may be of help for people who
are pen-testing web applications.  This is something I just hurried
together in five hours.

Run like this:

  java -jar penproxy.jar 8088

to create a proxy that accepts connections on port 8088.  Or do it
like this:

  java -jar penproxy.jar 8088 other-proxy-name:port

if you want to chain it trough another web-proxy.

Configure your browser to surf through localhost:8088, and start
browsing.  Most requests sent by your browser will result in the proxy
popping up a window.  In this window you may edit any parameters
(including those that are hidden in the HTML) and header fields
(including cookies).  When you press "Ok" in the proxy window, the
proxy will forward the modified request.

<p>What's Bad
----------

PenProxy is a five hour "hack" made mainly for fun.  It's not fully
functional.

* This program does not support HTTPS, only plain HTTP.

* It is not very standard compliant.

* Anchors (#) will be removed from URLs.

<p>License
-------

This program is released under the Artistic License:

  http://www.opensource.org/licenses/artistic-license.html

Comments (even as simple as "I use your program") are very welcome.
If you extend the program, please send me your patches.
--------------------------------------------------------------------


-- 
[EMAIL PROTECTED]		Computer Geek?  Try my Nerd Quiz
http://shh.thathost.com/	http://nerdquiz.thathost.com/
 
.
.
 
Copyright (c) Virus.Org 1997-2006.
All Trademarks Acknowledged.
Please view our Terms and Conditions and our Privacy Policy.