proxenet: Friendly proxy for web application pentests
Proxenet is a hacker-friendly DIY web proxy for pentest(ers). It is a C-based proxy that allows you to interact with higher level languages (like Python, Ruby, Java, etc.) for modifying on-the-fly requests/responses sent by your Web browser.
proxenet will allow you to make fine grain plugins to manipulate HTTP requests and/or responses in the language of your choice; that other existing tools (
ZAP, etc.) can by design never allow you to do.
Proxenet is a multi-threaded proxy which allows you to manipulate HTTP requests and responses using your favorite scripting language. No need to learn Java (like for Burp), or Python (like for mitmproxy). Proxenet supports many languages (see the section “Language Versions”) and more can be easily added.
Proxenet is not script kiddie friendly. While the tool can be configured to use a web interface, it is not packaged with a GUI.
The idea behind proxenet came after much frustration from attempting to write extensions for Burp. Moreover, only a few existing proxies support the possibility to add new extensions, and when they do, they typically only support one language. This is not ideal for a penetration tester, as it compromises usability despite Burp’s persistent attempts to make unnatural bindings (Python over Java, or worse: Ruby over Java).
Proxenet is written in pure C, so it is fast, efficient and easily pluggable to everything else. It is the ultimate real DIY web proxy for pentesters.
- Written in C
- Fast (heavy thread use)
- Efficient (POSIX compatible)
- Low memory footprint (for the core)
- Can interact with any language
- Provides plugins support for the following languages:
- Full SSL/TLS interception (internal CA)
- SSL/TLS client certificate authentication
- HTTP(s)/SOCKS4(a) Proxy forwarding
- White-list/Black-list host filtering
- Command interface out-of-band
- Nice TTY colors 😀
- 100% Open-Source … and more!
$ git clone https://github.com/hugsy/proxenet.git
$ cd proxenet && cmake . && make
$ sudo make install
Copyright (C) 2015 hugsy