project:interceraptor
Differences
This shows you the differences between two versions of the page.
| Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
| project:interceraptor [2012/11/14 15:12] – biiter | project:interceraptor [2025/03/13 14:20] (current) – fix templatere plugin invocation root | ||
|---|---|---|---|
| Line 1: | Line 1: | ||
| + | ====== Interceraptor ====== | ||
| + | {{template> | ||
| + | name=EDITME| | ||
| + | image=EDITME| | ||
| + | sw=-| | ||
| + | hw=-| | ||
| + | founder=[[user: | ||
| + | interested=[[user: | ||
| + | status=active | ||
| + | }} | ||
| + | |||
| + | < | ||
| + | ~> listener (1) -> intercept (2) -> filter (3) -> real server (4) | ||
| + | <~ listener (8) <- intercept (7) <- filter (6) <- real server (5) | ||
| + | </ | ||
| + | |||
| + | Listeners: | ||
| + | * socks | ||
| + | * forwarding | ||
| + | * custom routing table | ||
| + | |||
| + | SSL: | ||
| + | * generate SSL cert per host | ||
| + | * for android emulator generate SSL cert according to the real target cert | ||
| + | * select custom CA | ||
| + | * accept HTTP and redirect to HTTP (arbitrary host via routing table (per host filter)) | ||
| + | |||
| + | Intercept (all operations are bidirectional): | ||
| + | * hand examination/ | ||
| + | * automatic data modification | ||
| + | |||
| + | Filters: | ||
| + | * (intercept is a special filter) | ||
| + | * response normalization. custom rules that defines which request means that the file does (not) exists | ||
| + | * cookie jar | ||
| + | * active session maintaining | ||
| + | * Throttle (max requests per time ...) | ||
| + | * data parsing (nonce extraction. VIEWSTATE) | ||
| + | * time analysis for request-response (show the delta) | ||
| + | |||
| + | Vulnerability discovery: | ||
| + | * http protocol fuzzing / content discovery (files, directories, | ||
| + | * inner protocol fuzzing (JSON, XML, REST, SOAP) | ||
| + | |||
| + | Data manipulation: | ||
| + | * base64 | ||
| + | * hex/ascii | ||
| + | * data validation (html-tidy, json validator, xml validator) | ||
| + | |||
| + | ==== GUI ==== | ||
| + | * HTML5 rest client | ||
| + | |||
| + | ==== module ==== | ||
| + | |||
| + | === dataflow === | ||
| + | |||
| + | - c-s input match | ||
| + | - c-s perform action (modify input / invoke external script or whatever) | ||
| + | - c-s send data | ||
| + | - s-c recieve data | ||
| + | - s-c match output | ||
| + | - s-c perform final action | ||
| + | |||
| + | <note tip> | ||
| + | < | ||
| + | data flow direction: | ||
| + | c-s -- client to server | ||
| + | s-c -- server to client | ||
| + | </ | ||
| + | </ | ||
| + | |||
| + | |||
| + | === module interconnection === | ||
| + | * do it like they do it in apache mod_rewrite rules | ||
| + | |||
| + | ===== roadplan ===== | ||
| + | - accept HTTP connection, redirect to SLL service, rule match per HTTP.host | ||
| + | - accept SSL connection, fake SLL.CommonName by the target service | ||
| + | |||
| + | ===== performance ===== | ||
| + | * multithread | ||
| + | * fast backend without gui | ||
| + | * ability to cancel pending request | ||
| + | * each tab can be separated to standalone window | ||
| + | * window plugin-like eclipse/ | ||
| + | |||
| + | |||
| + | ===== scanner ===== | ||
| + | * passive | ||
| + | * active | ||
| + | |||
| + | ===== schemas ===== | ||
| + | |||
| + | {{ : | ||
| + | {{ : | ||
| + | {{ : | ||
| + | ===== references ===== | ||
| + | * http:// | ||
| + | * http:// | ||
| + | * https:// | ||
| + | * http:// | ||
| + | * http:// | ||
| + | * http:// | ||
| + | * www.fiddler2.com | ||
| + | * http:// | ||