proxify v0.0.5 releases: Swiss Army knife Proxy tool for HTTP/HTTPS traffic capture, manipulation
Swiss Army Knife Proxy for rapid deployments. Supports multiple operations such as request/response dump, filtering, and manipulation via DSL language, upstream HTTP/Socks5 proxy. Additionally, a replay utility allows to import the dumped traffic (request/responses with correct domain name) into burp or any other proxy by simply setting the upstream proxy to proxify.
- Simple and modular code base making it easy to contribute.
- HTTP and SOCKS5 support for upstream proxy
- Native MITM support
- Full traffic dump (request/responses)
- Traffic Match / Filter with DSL language
- Traffic Match and Replace support
- Traffic replay in Burp
Installing an SSL Certificate
A certificate authority is generated for proxify which is stored in the folder ~/.config/proxify/ as default, manually can be specified by -config flag. The generated certificate can be imported by visiting http://proxify/cacert.crt in a browser connected to proxify.
Installation steps for the Root Certificate are similar to other proxy tools which include adding the cert to the system trusted root store.
Use Upstream proxy
Open a local proxy on port 8081 and forward the traffic to burp on port 8080
proxify -addr ":8081" -http-proxy http://127.0.0.1:8080
Open a local proxy on port 8080 and forward the traffic to the TOR network
proxify -socks5-proxy socks5://127.0.0.1:9050
Dump all the HTTP/HTTPS traffic
Dump all the traffic into separate files with request followed by the response, as default proxify listen to http://127.0.0.0:8080. Custom address and port can be defined using the addr flag.
As a default, proxied request/resposed are stored in the logs folder.
proxify -output db
Hostname mapping with Local DNS resolver
Proxify supports embedding DNS resolver to map hostnames to specific addresses and define an upstream dns server for any other domain name
start a local http proxy on port 8080 using an embedded dns server listening on port 53 and resolving www.google.it to 192.168.1.1, all other fqdn are forwarded upstream to 184.108.40.206
proxify -dns-addr ":53" -dns-mapping "www.google.it:192.168.1.1" -dns-resolver "220.127.116.11:53"
This feature is used for example by the replay utility to hijack the connections and simulate responses. It may be useful during internal assessments with private dns servers. Using * as domain name matches all dns requests.
Match/Filter traffic with DSL language.
If the request or response matches the filters the dump is tagged with .match.txt suffix:
proxify -request-dsl "contains(request,'firefox')" -response-dsl "contains(response, md5('test'))"
Match and Replace on the fly
Proxify supports modifying Request and Responses on the fly with DSL language.
Replay all traffic into burp
Replay all the dumped requests/responses into the destination URL (http://127.0.0.1:8080) if not specified. For this, to work it’s necessary to configure burp to use proxify as an upstream proxy, as it will take care to hijack the dns resolutions and simulate the remote server with the dumped request. This allows having in the burp history exactly all requests/responses as if they were originally sent through it, allowing for example to perform a remote interception on a cloud, and merge all results locally within burp.
replay -output "logs/"
- Added multiple upstream proxies support by @Mzack9999 in #66
- Added elastic / kafka export support by @parrasajad in #70
- Added socks5 proxy support by @Mzack9999 in #68
- Added goflags support by @Mzack9999 in #65
- Fixed bug with match & replace rule by @LuitelSamikshya in #49
- Fixed bug with match & replace rule in URL path by @LuitelSamikshya in #63
- Fixed bug to discard binary content from response flag modification by @LuitelSamikshya in #61
- Updated Github workflows by @Mzack9999 in #69
Copyright (c) Exposed Atoms Pvt Ltd