Exploit Development Framework Design

Perl, Ruby Python: use the language that suits your character. However, one of the things that differentiate python from the rest is its philosophy, which is: there should be one– and preferably only one –obvious way to do it (where it is a problem). This philosophy gives python some interesting advantages over other similar languages. That will be explained later on. [...]

more | comments | comments rss | posted by

Trapping HTTP Requests and Responses with Python

In my last post I showed my own implementation of n HTTPS Man-in-the-middle proxy written from scratch in Python. I’ve spent great deal of time to make the proxy as programmer-friendly as possible. In this post I am planning to show how you can use the code to write your own proxies in the spirit of Burp, Paros, WebScarab, RatProxy, etc.

Why is this interesting? Well, it is interesting to Python developers/hackers only. [...]

more | comments | comments rss | posted by

Python SSL Mitm Proxy and More

Lately I’ve been busy with putting together a python module which allows me to create man-in-the-middle (MITM) HTTP Proxies with a programmer-friendly extension interface and support for SSL. This kind of proxies can be used for many things ranging from creating your own tampering proxies to hijacking network traffic via a transparent proxy connection.

I am quite pleased with the end result! [...]

more | comments | comments rss | posted by

Jython Shell

Jython Shell is a python shell that works straight from your browser. This application can prove to be quite helpful in many situations. For example, you can use it when you don’t have access to your computer but you still want to test a few things in python. I’ve made use of it many times to test various kiosks or to launch python scripts where I have some sort of browser access.

In order to run the applet, you need Java and you have to approve the security warning. [...]

more | comments | comments rss | posted by