Pappy Proxy (Proxy Attack Proxy ProxY) is an open source intercepting proxy for performing web application security tests. It is similar to BurpSuite, ZAP and so on. The benefit is the command line!
Installation
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 |
# update system $ yum update -y # install epel $ yum -y install epel-release # install needed packages $ yum install -y git python-pip python-devel gcc libffi-devel libxml2 libxml2-devel libxslt libxslt-devel openssl-devel # clone repository $ git clone --recursive https://github.com/roglew/pappy-proxy.git # change directory $ cd pappy-proxy/ # install pappy-proxy $ pip install . # run help $ pappy --help # start up in lite mode $ pappy -l # generate certificates pappy> gencerts # test proxy from other terminal $ curl -x http://localhost:8000 -L http://google.com # list requests pappy> ls # prints the full response to a request pappy> vfs <id> # exit pappy-proxy lite mode pappy> quit |
Prepare a project
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 |
# create project directory $ mkdir myProject # change directory $ cd myProject # start pappy-proxy $ pappy # exit pappy-proxy pappy> quit # show directory content $ ls -la # modify settings $ vim config.json # start up pappy-proxy $ pappy ... |
Note: By default the proxy is running on port 8000 – bound to localhost. You need to modify the config.json. For more information read the docs.