SlideShare a Scribd company logo

Invisible Proxy Automation Tool SOS_Proxy

L
Lorenzo Comi

This presentation introduces a simple but effective tool that I developed in order to automate the invisible proxy technique and manage to intercept the HTTP traffic of any non proxy-aware devices. Video DEMO: https://www.youtube.com/watch?v=R9VAWpXcXAw Source Code: https://github.com/c0mix/SOS_Proxy

Software
1 of 17
SOS_Proxy Invisible Proxying Automation Lorenzo Comi - End Summer Camp 2019
Who Am I? Lorenzo Comi • IT Security Consultant @ Minded Security • Focused on WebApp&Mobile Penetration Test • Python lover -> NOT a professional/serious DEVELOPER… But I like to automate boring stuff • Coffee addicted 2
3https://me.me/embed/i/9d18af78efae44849d65f96030b1b23d
Why am I here? • Explain a technique to intercept HTTP traffic of a NON-proxy aware device • Introduce SOS_Proxy tool to automate and scale this technique 4
The Problem Is it possible to proxy a device that does not support this functionality? 5
Invisible proxy technique “Burp's support for invisible proxying allows non-proxy-aware clients to connect directly to a Proxy listener. […] Often, these clients don't support HTTP proxies, or don't provide an easy way to configure them to use one.” 6https://portswigger.net/burp/documentation/desktop/tools/proxy/options/invisible
Invisible proxy technique with one domain Example: we want to intercept the HTTP traffic made by a specific app that send requests only to a specific domain. WiFi Hotspot + Burp Proxy Device connected to WiFi Hotspot Internet, of course 7
How it works 1. Intercept device DNS request in order to know which domains is calling. 2. For each domain create a new virtual interface. 3. Alter the hostname resolution through your hosts file. 4. Create a separate Proxy listener for each interface/domain. 5. Start intercepting! 8
Invisible proxy technique with one domain 1. Mitm the device & log DNS traffic (es. With tcpdump) $ sudo tcpdump -n -i wlan0 udp dst port 53 and src 10.42.0.228 -l tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on wlan0, link-type EN10MB (Ethernet), capture size 262144 bytes 12:42:21.928193 IP 10.42.0.228.51456 > 10.42.0.1.53: 13894+ A? googleads.g.doubleclick.net. (45) 12:42:22.788217 IP 10.42.0.228.18212 > 10.42.0.1.53: 2757+ A? pagead2.googlesyndication.com. (47) 12:42:28.400256 IP 10.42.0.228.52262 > 10.42.0.1.53: 37110+ A? secure-it.imrworldwide.com. (44) 12:42:28.427984 IP 10.42.0.228.37159 > 10.42.0.1.53: 27312+ A? www.corriere.it. (33) 12:42:29.697983 IP 10.42.0.228.52981 > 10.42.0.1.53: 30840+ A? images2.corriereobjects.it. (44) 9
Invisible proxy technique with one domain 2. Create a virtual interface for any domain that you want to intercept $ sudo ifconfig eth0:1 100.100.100.1 $ ifconfig | grep eth0 -A1 eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.178.104 netmask 255.255.255.0 broadcast 192.168.178.255 -- eth0:1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 100.100.100.1 netmask 255.0.0.0 broadcast 100.255.255.255 10
Invisible proxy technique with one domain 3. Perform a nslookup of the domain and set www.corriere.it resolution on your /etc/hosts config file $ nslookup www.corriere.it | grep Address | grep -v '#' Address: 151.101.241.50 $ echo '100.100.100.1 www.corriere.it' >> /etc/hosts $ tail –n1 /etc/hosts 100.100.100.1 www.corriere.it 11
Invisible proxy technique with one domain 4. Set Burp proxy to redirect the traffic to the correct host 12
Invisible proxy technique with one domain 5. Start Intercepting! 13
SOS_Proxy is a simple Python tool that automates the invisible proxy technique with the following features: • DNS traffic sniffing == Domain_monitor • Virtual interfaces creator • Print information to set Burp’s proxies • Possibility to choose which domain has to be intercepted • Possibility to backup and restore a hosts file configuration Automation and Scaling with SOS_Proxy 14
Demo Time 15
1. Burp extension to automate proxies setup 2. DNS Poisoning?! 3. Python3 4. <Your_Idea_HERE> SOS_Proxy possible improvements/ideas 16
Questions? Thank You! • https://github.com/c0mix/SOS_Proxy • https://c0mix.github.io/ 17Lorenzo Comi - End Summer Camp 2019

Recommended

Malware Analysis For The Enterprise
Malware Analysis For The EnterpriseMalware Analysis For The Enterprise
Malware Analysis For The EnterpriseJason Ross
 
Cfgmgmt Challenges aren't technical anymore
Cfgmgmt Challenges aren't technical anymoreCfgmgmt Challenges aren't technical anymore
Cfgmgmt Challenges aren't technical anymoreJulien Pivotto
 
WebRTC: A front-end perspective
WebRTC: A front-end perspectiveWebRTC: A front-end perspective
WebRTC: A front-end perspectiveshwetank
 
Feldo: Function Event Listing and Dynamic Observing for Detecting and Prevent...
Feldo: Function Event Listing and Dynamic Observing for Detecting and Prevent...Feldo: Function Event Listing and Dynamic Observing for Detecting and Prevent...
Feldo: Function Event Listing and Dynamic Observing for Detecting and Prevent...Tzung-Bi Shih
 
Threat Con 2021: What's Hitting my Honeypots
Threat Con 2021: What's Hitting my HoneypotsThreat Con 2021: What's Hitting my Honeypots
Threat Con 2021: What's Hitting my HoneypotsAPNIC
 
Edge computing in practice using IoT, Tensorflow and Google Cloud
Edge computing in practice using IoT, Tensorflow and Google CloudEdge computing in practice using IoT, Tensorflow and Google Cloud
Edge computing in practice using IoT, Tensorflow and Google CloudAlvaro Viebrantz
 
Country domination - Causing chaos and wrecking havoc
Country domination - Causing chaos and wrecking havocCountry domination - Causing chaos and wrecking havoc
Country domination - Causing chaos and wrecking havocTiago Henriques
 
CNCF Québec Meetup du 16 Novembre 2023
CNCF Québec Meetup du 16 Novembre 2023CNCF Québec Meetup du 16 Novembre 2023
CNCF Québec Meetup du 16 Novembre 2023Anthony Dahanne
 

Recommended

Malware Analysis For The Enterprise
Malware Analysis For The EnterpriseMalware Analysis For The Enterprise
Malware Analysis For The EnterpriseJason Ross
 
Cfgmgmt Challenges aren't technical anymore
Cfgmgmt Challenges aren't technical anymoreCfgmgmt Challenges aren't technical anymore
Cfgmgmt Challenges aren't technical anymoreJulien Pivotto
 
WebRTC: A front-end perspective
WebRTC: A front-end perspectiveWebRTC: A front-end perspective
WebRTC: A front-end perspectiveshwetank
 
Feldo: Function Event Listing and Dynamic Observing for Detecting and Prevent...
Feldo: Function Event Listing and Dynamic Observing for Detecting and Prevent...Feldo: Function Event Listing and Dynamic Observing for Detecting and Prevent...
Feldo: Function Event Listing and Dynamic Observing for Detecting and Prevent...Tzung-Bi Shih
 
Threat Con 2021: What's Hitting my Honeypots
Threat Con 2021: What's Hitting my HoneypotsThreat Con 2021: What's Hitting my Honeypots
Threat Con 2021: What's Hitting my HoneypotsAPNIC
 
Edge computing in practice using IoT, Tensorflow and Google Cloud
Edge computing in practice using IoT, Tensorflow and Google CloudEdge computing in practice using IoT, Tensorflow and Google Cloud
Edge computing in practice using IoT, Tensorflow and Google CloudAlvaro Viebrantz
 
Country domination - Causing chaos and wrecking havoc
Country domination - Causing chaos and wrecking havocCountry domination - Causing chaos and wrecking havoc
Country domination - Causing chaos and wrecking havocTiago Henriques
 
CNCF Québec Meetup du 16 Novembre 2023
CNCF Québec Meetup du 16 Novembre 2023CNCF Québec Meetup du 16 Novembre 2023
CNCF Québec Meetup du 16 Novembre 2023Anthony Dahanne
 
No more Dockerfiles? Buildpacks to help you ship your image!
No more Dockerfiles? Buildpacks to help you ship your image!No more Dockerfiles? Buildpacks to help you ship your image!
No more Dockerfiles? Buildpacks to help you ship your image!Anthony Dahanne
 
Azure Container Services​
Azure Container Services​Azure Container Services​
Azure Container Services​Pedro Sousa
 
Continuous integration with Docker
Continuous integration with DockerContinuous integration with Docker
Continuous integration with DockerRondinelli Mesquita
 
KubeCrash 22: Debugging Microservices "Remocally" in Kubernetes with Telepres...
KubeCrash 22: Debugging Microservices "Remocally" in Kubernetes with Telepres...KubeCrash 22: Debugging Microservices "Remocally" in Kubernetes with Telepres...
KubeCrash 22: Debugging Microservices "Remocally" in Kubernetes with Telepres...Daniel Bryant
 
Dev and Ops Collaboration and Awareness at Etsy and Flickr
Dev and Ops Collaboration and Awareness at Etsy and FlickrDev and Ops Collaboration and Awareness at Etsy and Flickr
Dev and Ops Collaboration and Awareness at Etsy and FlickrJohn Allspaw
 
VizzMaintenance Eclipse Plugin Metrics
VizzMaintenance Eclipse Plugin MetricsVizzMaintenance Eclipse Plugin Metrics
VizzMaintenance Eclipse Plugin MetricsZarko Acimovic
 
IoThings you don't even need to hack
IoThings you don't even need to hackIoThings you don't even need to hack
IoThings you don't even need to hackSlawomir Jasek
 
Building IoT infrastructure on edge with .net, Raspberry PI and ESP32 to conn...
Building IoT infrastructure on edge with .net, Raspberry PI and ESP32 to conn...Building IoT infrastructure on edge with .net, Raspberry PI and ESP32 to conn...
Building IoT infrastructure on edge with .net, Raspberry PI and ESP32 to conn...Marco Parenzan
 
Azure Container Services​
Azure Container Services​Azure Container Services​
Azure Container Services​Pedro Sousa
 
Analyzing the Performance of Mobile Web
Analyzing the Performance of Mobile WebAnalyzing the Performance of Mobile Web
Analyzing the Performance of Mobile WebAriya Hidayat
 
Interconnection Automation For All - Extended - MPS 2023
Interconnection Automation For All - Extended - MPS 2023Interconnection Automation For All - Extended - MPS 2023
Interconnection Automation For All - Extended - MPS 2023Chris Grundemann
 
38th TWNIC OPM: Observations and mitigation of Mozi botnet
38th TWNIC OPM: Observations and mitigation of Mozi botnet 38th TWNIC OPM: Observations and mitigation of Mozi botnet
38th TWNIC OPM: Observations and mitigation of Mozi botnet APNIC
 
.NET Fest 2019. Леонид Молотиевский. DotNet Core in production
.NET Fest 2019. Леонид Молотиевский. DotNet Core in production.NET Fest 2019. Леонид Молотиевский. DotNet Core in production
.NET Fest 2019. Леонид Молотиевский. DotNet Core in productionNETFest
 
Operating Docker
Operating DockerOperating Docker
Operating DockerJen Andre
 
Kubernetes Networking 101
Kubernetes Networking 101Kubernetes Networking 101
Kubernetes Networking 101Weaveworks
 
Gluing the IoT world with Java and LoRaWAN
Gluing the IoT world with Java and LoRaWANGluing the IoT world with Java and LoRaWAN
Gluing the IoT world with Java and LoRaWANPance Cavkovski
 
Cold front - bridging the web and the physical world
Cold front - bridging the web and the physical worldCold front - bridging the web and the physical world
Cold front - bridging the web and the physical worldKenneth Rohde Christiansen
 
Dipping Your Toes Into Cloud Native Application Development
Dipping Your Toes Into Cloud Native Application DevelopmentDipping Your Toes Into Cloud Native Application Development
Dipping Your Toes Into Cloud Native Application DevelopmentMatthew Farina
 
From Duke of DevOps to Queen of Chaos - Api days 2018
From Duke of DevOps to Queen of Chaos - Api days 2018From Duke of DevOps to Queen of Chaos - Api days 2018
From Duke of DevOps to Queen of Chaos - Api days 2018Christophe Rochefolle
 
Securing the Internet of Things
Securing the Internet of ThingsSecuring the Internet of Things
Securing the Internet of ThingsPaul Fremantle
 
What is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWhat is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWave PLM
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...MyIntelliSource, Inc.
 

More Related Content

Similar to Invisible Proxy Automation Tool SOS_Proxy

No more Dockerfiles? Buildpacks to help you ship your image!
No more Dockerfiles? Buildpacks to help you ship your image!No more Dockerfiles? Buildpacks to help you ship your image!
No more Dockerfiles? Buildpacks to help you ship your image!Anthony Dahanne
 
Azure Container Services​
Azure Container Services​Azure Container Services​
Azure Container Services​Pedro Sousa
 
Continuous integration with Docker
Continuous integration with DockerContinuous integration with Docker
Continuous integration with DockerRondinelli Mesquita
 
KubeCrash 22: Debugging Microservices "Remocally" in Kubernetes with Telepres...
KubeCrash 22: Debugging Microservices "Remocally" in Kubernetes with Telepres...KubeCrash 22: Debugging Microservices "Remocally" in Kubernetes with Telepres...
KubeCrash 22: Debugging Microservices "Remocally" in Kubernetes with Telepres...Daniel Bryant
 
Dev and Ops Collaboration and Awareness at Etsy and Flickr
Dev and Ops Collaboration and Awareness at Etsy and FlickrDev and Ops Collaboration and Awareness at Etsy and Flickr
Dev and Ops Collaboration and Awareness at Etsy and FlickrJohn Allspaw
 
VizzMaintenance Eclipse Plugin Metrics
VizzMaintenance Eclipse Plugin MetricsVizzMaintenance Eclipse Plugin Metrics
VizzMaintenance Eclipse Plugin MetricsZarko Acimovic
 
IoThings you don't even need to hack
IoThings you don't even need to hackIoThings you don't even need to hack
IoThings you don't even need to hackSlawomir Jasek
 
Building IoT infrastructure on edge with .net, Raspberry PI and ESP32 to conn...
Building IoT infrastructure on edge with .net, Raspberry PI and ESP32 to conn...Building IoT infrastructure on edge with .net, Raspberry PI and ESP32 to conn...
Building IoT infrastructure on edge with .net, Raspberry PI and ESP32 to conn...Marco Parenzan
 
Azure Container Services​
Azure Container Services​Azure Container Services​
Azure Container Services​Pedro Sousa
 
Analyzing the Performance of Mobile Web
Analyzing the Performance of Mobile WebAnalyzing the Performance of Mobile Web
Analyzing the Performance of Mobile WebAriya Hidayat
 
Interconnection Automation For All - Extended - MPS 2023
Interconnection Automation For All - Extended - MPS 2023Interconnection Automation For All - Extended - MPS 2023
Interconnection Automation For All - Extended - MPS 2023Chris Grundemann
 
38th TWNIC OPM: Observations and mitigation of Mozi botnet
38th TWNIC OPM: Observations and mitigation of Mozi botnet 38th TWNIC OPM: Observations and mitigation of Mozi botnet
38th TWNIC OPM: Observations and mitigation of Mozi botnet APNIC
 
.NET Fest 2019. Леонид Молотиевский. DotNet Core in production
.NET Fest 2019. Леонид Молотиевский. DotNet Core in production.NET Fest 2019. Леонид Молотиевский. DotNet Core in production
.NET Fest 2019. Леонид Молотиевский. DotNet Core in productionNETFest
 
Operating Docker
Operating DockerOperating Docker
Operating DockerJen Andre
 
Kubernetes Networking 101
Kubernetes Networking 101Kubernetes Networking 101
Kubernetes Networking 101Weaveworks
 
Gluing the IoT world with Java and LoRaWAN
Gluing the IoT world with Java and LoRaWANGluing the IoT world with Java and LoRaWAN
Gluing the IoT world with Java and LoRaWANPance Cavkovski
 
Cold front - bridging the web and the physical world
Cold front - bridging the web and the physical worldCold front - bridging the web and the physical world
Cold front - bridging the web and the physical worldKenneth Rohde Christiansen
 
Dipping Your Toes Into Cloud Native Application Development
Dipping Your Toes Into Cloud Native Application DevelopmentDipping Your Toes Into Cloud Native Application Development
Dipping Your Toes Into Cloud Native Application DevelopmentMatthew Farina
 
From Duke of DevOps to Queen of Chaos - Api days 2018
From Duke of DevOps to Queen of Chaos - Api days 2018From Duke of DevOps to Queen of Chaos - Api days 2018
From Duke of DevOps to Queen of Chaos - Api days 2018Christophe Rochefolle
 
Securing the Internet of Things
Securing the Internet of ThingsSecuring the Internet of Things
Securing the Internet of ThingsPaul Fremantle
 

Similar to Invisible Proxy Automation Tool SOS_Proxy (20)

No more Dockerfiles? Buildpacks to help you ship your image!
No more Dockerfiles? Buildpacks to help you ship your image!No more Dockerfiles? Buildpacks to help you ship your image!
No more Dockerfiles? Buildpacks to help you ship your image!
 
Azure Container Services​
Azure Container Services​Azure Container Services​
Azure Container Services​
 
Continuous integration with Docker
Continuous integration with DockerContinuous integration with Docker
Continuous integration with Docker
 
KubeCrash 22: Debugging Microservices "Remocally" in Kubernetes with Telepres...
KubeCrash 22: Debugging Microservices "Remocally" in Kubernetes with Telepres...KubeCrash 22: Debugging Microservices "Remocally" in Kubernetes with Telepres...
KubeCrash 22: Debugging Microservices "Remocally" in Kubernetes with Telepres...
 
Dev and Ops Collaboration and Awareness at Etsy and Flickr
Dev and Ops Collaboration and Awareness at Etsy and FlickrDev and Ops Collaboration and Awareness at Etsy and Flickr
Dev and Ops Collaboration and Awareness at Etsy and Flickr
 
VizzMaintenance Eclipse Plugin Metrics
VizzMaintenance Eclipse Plugin MetricsVizzMaintenance Eclipse Plugin Metrics
VizzMaintenance Eclipse Plugin Metrics
 
IoThings you don't even need to hack
IoThings you don't even need to hackIoThings you don't even need to hack
IoThings you don't even need to hack
 
Building IoT infrastructure on edge with .net, Raspberry PI and ESP32 to conn...
Building IoT infrastructure on edge with .net, Raspberry PI and ESP32 to conn...Building IoT infrastructure on edge with .net, Raspberry PI and ESP32 to conn...
Building IoT infrastructure on edge with .net, Raspberry PI and ESP32 to conn...
 
Azure Container Services​
Azure Container Services​Azure Container Services​
Azure Container Services​
 
Analyzing the Performance of Mobile Web
Analyzing the Performance of Mobile WebAnalyzing the Performance of Mobile Web
Analyzing the Performance of Mobile Web
 
Interconnection Automation For All - Extended - MPS 2023
Interconnection Automation For All - Extended - MPS 2023Interconnection Automation For All - Extended - MPS 2023
Interconnection Automation For All - Extended - MPS 2023
 
38th TWNIC OPM: Observations and mitigation of Mozi botnet
38th TWNIC OPM: Observations and mitigation of Mozi botnet 38th TWNIC OPM: Observations and mitigation of Mozi botnet
38th TWNIC OPM: Observations and mitigation of Mozi botnet
 
.NET Fest 2019. Леонид Молотиевский. DotNet Core in production
.NET Fest 2019. Леонид Молотиевский. DotNet Core in production.NET Fest 2019. Леонид Молотиевский. DotNet Core in production
.NET Fest 2019. Леонид Молотиевский. DotNet Core in production
 
Operating Docker
Operating DockerOperating Docker
Operating Docker
 
Kubernetes Networking 101
Kubernetes Networking 101Kubernetes Networking 101
Kubernetes Networking 101
 
Gluing the IoT world with Java and LoRaWAN
Gluing the IoT world with Java and LoRaWANGluing the IoT world with Java and LoRaWAN
Gluing the IoT world with Java and LoRaWAN
 
Cold front - bridging the web and the physical world
Cold front - bridging the web and the physical worldCold front - bridging the web and the physical world
Cold front - bridging the web and the physical world
 
Dipping Your Toes Into Cloud Native Application Development
Dipping Your Toes Into Cloud Native Application DevelopmentDipping Your Toes Into Cloud Native Application Development
Dipping Your Toes Into Cloud Native Application Development
 
From Duke of DevOps to Queen of Chaos - Api days 2018
From Duke of DevOps to Queen of Chaos - Api days 2018From Duke of DevOps to Queen of Chaos - Api days 2018
From Duke of DevOps to Queen of Chaos - Api days 2018
 
Securing the Internet of Things
Securing the Internet of ThingsSecuring the Internet of Things
Securing the Internet of Things
 

Recently uploaded

What is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWhat is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWave PLM
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...MyIntelliSource, Inc.
 
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...stazi3110
 
Intelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalmIntelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalmSujith Sukumaran
 
Unveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsUnveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsAhmed Mohamed
 
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio, Inc.
 
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxKnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxTier1 app
 
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideBuilding Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideChristina Lin
 
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...soniya singh
 
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataAdobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataBradBedford3
 
Folding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a seriesFolding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a seriesPhilip Schwarz
 
software engineering Chapter 5 System modeling.pptx
software engineering Chapter 5 System modeling.pptxsoftware engineering Chapter 5 System modeling.pptx
software engineering Chapter 5 System modeling.pptxnada99848
 
MYjobs Presentation Django-based project
MYjobs Presentation Django-based projectMYjobs Presentation Django-based project
MYjobs Presentation Django-based projectAnoyGreter
 
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdfGOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdfAlina Yurenko
 
EY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityEY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityNeo4j
 
Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...OnePlan Solutions
 
Asset Management Software - Infographic
Asset Management Software - InfographicAsset Management Software - Infographic
Asset Management Software - InfographicHr365.us smith
 
Salesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantSalesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantAxelRicardoTrocheRiq
 

Recently uploaded (20)

What is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWhat is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need It
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
 
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
 
Intelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalmIntelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalm
 
Unveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsUnveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML Diagrams
 
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
 
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxKnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
 
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
 
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideBuilding Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
 
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
 
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataAdobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
 
Folding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a seriesFolding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a series
 
software engineering Chapter 5 System modeling.pptx
software engineering Chapter 5 System modeling.pptxsoftware engineering Chapter 5 System modeling.pptx
software engineering Chapter 5 System modeling.pptx
 
MYjobs Presentation Django-based project
MYjobs Presentation Django-based projectMYjobs Presentation Django-based project
MYjobs Presentation Django-based project
 
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdfGOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
 
EY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityEY_Graph Database Powered Sustainability
EY_Graph Database Powered Sustainability
 
Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...
 
Asset Management Software - Infographic
Asset Management Software - InfographicAsset Management Software - Infographic
Asset Management Software - Infographic
 
Hot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort Service
Hot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort ServiceHot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort Service
Hot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort Service
 
Salesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantSalesforce Certified Field Service Consultant
Salesforce Certified Field Service Consultant
 

Invisible Proxy Automation Tool SOS_Proxy

  • 2. Who Am I? Lorenzo Comi • IT Security Consultant @ Minded Security • Focused on WebApp&Mobile Penetration Test • Python lover -> NOT a professional/serious DEVELOPER… But I like to automate boring stuff • Coffee addicted 2
  • 4. Why am I here? • Explain a technique to intercept HTTP traffic of a NON-proxy aware device • Introduce SOS_Proxy tool to automate and scale this technique 4
  • 5. The Problem Is it possible to proxy a device that does not support this functionality? 5
  • 6. Invisible proxy technique “Burp's support for invisible proxying allows non-proxy-aware clients to connect directly to a Proxy listener. […] Often, these clients don't support HTTP proxies, or don't provide an easy way to configure them to use one.” 6https://portswigger.net/burp/documentation/desktop/tools/proxy/options/invisible
  • 7. Invisible proxy technique with one domain Example: we want to intercept the HTTP traffic made by a specific app that send requests only to a specific domain. WiFi Hotspot + Burp Proxy Device connected to WiFi Hotspot Internet, of course 7
  • 8. How it works 1. Intercept device DNS request in order to know which domains is calling. 2. For each domain create a new virtual interface. 3. Alter the hostname resolution through your hosts file. 4. Create a separate Proxy listener for each interface/domain. 5. Start intercepting! 8
  • 9. Invisible proxy technique with one domain 1. Mitm the device & log DNS traffic (es. With tcpdump) $ sudo tcpdump -n -i wlan0 udp dst port 53 and src 10.42.0.228 -l tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on wlan0, link-type EN10MB (Ethernet), capture size 262144 bytes 12:42:21.928193 IP 10.42.0.228.51456 > 10.42.0.1.53: 13894+ A? googleads.g.doubleclick.net. (45) 12:42:22.788217 IP 10.42.0.228.18212 > 10.42.0.1.53: 2757+ A? pagead2.googlesyndication.com. (47) 12:42:28.400256 IP 10.42.0.228.52262 > 10.42.0.1.53: 37110+ A? secure-it.imrworldwide.com. (44) 12:42:28.427984 IP 10.42.0.228.37159 > 10.42.0.1.53: 27312+ A? www.corriere.it. (33) 12:42:29.697983 IP 10.42.0.228.52981 > 10.42.0.1.53: 30840+ A? images2.corriereobjects.it. (44) 9
  • 10. Invisible proxy technique with one domain 2. Create a virtual interface for any domain that you want to intercept $ sudo ifconfig eth0:1 100.100.100.1 $ ifconfig | grep eth0 -A1 eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.178.104 netmask 255.255.255.0 broadcast 192.168.178.255 -- eth0:1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 100.100.100.1 netmask 255.0.0.0 broadcast 100.255.255.255 10
  • 11. Invisible proxy technique with one domain 3. Perform a nslookup of the domain and set www.corriere.it resolution on your /etc/hosts config file $ nslookup www.corriere.it | grep Address | grep -v '#' Address: 151.101.241.50 $ echo '100.100.100.1 www.corriere.it' >> /etc/hosts $ tail –n1 /etc/hosts 100.100.100.1 www.corriere.it 11
  • 12. Invisible proxy technique with one domain 4. Set Burp proxy to redirect the traffic to the correct host 12
  • 13. Invisible proxy technique with one domain 5. Start Intercepting! 13
  • 14. SOS_Proxy is a simple Python tool that automates the invisible proxy technique with the following features: • DNS traffic sniffing == Domain_monitor • Virtual interfaces creator • Print information to set Burp’s proxies • Possibility to choose which domain has to be intercepted • Possibility to backup and restore a hosts file configuration Automation and Scaling with SOS_Proxy 14
  • 16. 1. Burp extension to automate proxies setup 2. DNS Poisoning?! 3. Python3 4. <Your_Idea_HERE> SOS_Proxy possible improvements/ideas 16
  • 17. Questions? Thank You! • https://github.com/c0mix/SOS_Proxy • https://c0mix.github.io/ 17Lorenzo Comi - End Summer Camp 2019