pappy proxy: An intercepting proxy for web application testing
The Pappy Proxy
The Pappy (Proxy Attack Proxy ProxY) Proxy is an intercepting proxy for performing web application security testing. Its features are often similar, or straight up rippoffs from Burp Suite. However, Burp Suite is neither open source nor a command line tool, thus making a proxy like Pappy inevitable.
Need a GUI? The Guppy Proxy is for you! Guppy offers just about the same amount of power as Pappy in a much easier to use interface. You may want to consider switching!
you can configure Burp to use Pappy as an upstream proxy server. That way, traffic will go through both Burp and Pappy and you can use whichever you want to do your testing.
How to have Burp forward traffic through Pappy:
- Configure Pappy to listen on port 8000 in your project’s config.json
- Open Burp
- Go to
Options -> Connections -> Upstream Proxy Servers - Click
Add - Leave
Destination Hostblank, but put127.0.0.1inProxy Hostand8000intoPort - Configure your browser to use Burp as a proxy
Features
Command Line Interface
The command line interface allows you to focus on performing the test instead of breaking your train of thought by clicking around a GUI.
New Interface, Familiar Workflow
Pappy has the standard features of Burp Suite and supports a similar workflow to Burp Suite for manual testing. Map the site, find interesting requests, send them to repeater, and poke.
Response Streaming
Pappy will stream data to the browser as it gets it instead of waiting for the full response to be downloaded first. This makes browsing through Pappy feel much faster than browsing through other proxies.
Powerful History Search
Pappy has a very powerful history search. By applying multiple filters in a row, you can continuously remove requests you don’t need from view. For example, you can find POST requests without a CSRF header in only 2 commands!
Self-Contained Project Directory
Pappy keeps everything related to a project (including proxy settings) contained in one directory. This makes switching between projects a breeze.
Python Macros
When creating automated attacks, Pappy prefers Python. Pappy allows you to generate the boilerplate for attack scripts so that you only have to write a few lines to perform scripted attacks.
How to Use It
Installation
Pappy supports OS X and Linux, and may or may not work in Cygwin or something on Windows. Installation depends on the following commands being available:
- python3
- pip
- virtualenv
- go
To install Pappy:
git clone https://github.com/roglew/pappy-proxy.git
cd pappy-proxy
./install.sh
Usage
Copyright (c) 2015 Robert Glew
Source: https://github.com/roglew/
