Skip to content
/ ponieproxy Public

Simple proxy which applies filters (default or custom) to your requests and responses, while you browse a website.

License

MIT license
8 stars 6 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

ctoyan/ponieproxy

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

33 Commits
cmd/ponieproxy
cmd/ponieproxy
 
 
filters
filters
 
 
internal
internal
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
ca.crt
ca.crt
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
release.sh
release.sh
 
 

Repository files navigation

ponieproxy

Simple proxy which applies filters (default or custom) to your requests and responses, while you browse a website. It uses goproxy.

It's useful to collect(saves js files, saves raw requests and resesponses, detects HUNT params and notifies you on slack, etc.) and manipulate data, while you browse a website and it does them using the filters mentioned above.

Install certificate

Create your own ca certificate and replace ca.crt, located in the root of this repository (or alternatively use the default ca.crt). Then add it as a trusted certificate either in you browser or in your system, in order to be able to intercept TLS traffic.

Configure browser

First of all, in order to use ponieproxy, you should set your browser to use ponieproxy as an HTTP proxy.

Install

If you don't plan to write your own filters, you can just download it and run it like a normal tool.

Since it's written in Go and you can install it using:

go get -u github.com/ctoyan/ponieproxy/cmd/ponieproxy

Or you can download a binary.

Basic Usage

With default filters

Create a inscope.txt file with regex for scoped URLs and run the proxy:

ponieproxy -u URLS_FILE -o OUTPUT_DIR

Note: The default filters add the regex lines between parens. For example - (REGEX_ON_LINE_ONE)|(REGEX_ON_LINE_TWO)

With custom filters

Clone/Fork this repository. Write your filters. Then cd into the cloned repo in cmd/ponieproxy and run:

go install
ponieproxy -o OUTPUT_DIR -u URLS_FILE

Arguments

Usage of ponieproxy:
  -h string
    	Host and port (default ":8080")
  -hem
    	Exact match for hunt params (case insensitive) (default true)
  -ho
    	Creates a checksumed file with the .hunt extension (default true)
  -is string
    	Path to a file, which contains a list of URL regexes to filter. Requires an existing file (default "./inscope.txt")
  -o string
    	Path to a folder, which will contain uniquely named files with requests and responses.Every request and response have the same hash, but different extensions (default "./http")
  -sj string
    	Path to a folder, which will contain all unique js files (default "./js")
  -su string
    	Path to a file, which will contain all unique, in-scope URLs, that you've requested. (default "./urls.txt")
  -sw string
    	URL to slack webhook

What's different than Burp or ZAP?

With ponieproxy you can use the power of Go to write filters and manipulate the requests and responses, however you like. Depends on your skills and creativity.

The other key difference is the way you use it - it's meant to be ran in the background and do whatever you program/set it to do and save everything in files, so you can analyze them later with other tools.

Upcoming features/filters

  • write filters with YAML, instead of Go (IN PROGRESS)
  • add results to db instead of files
  • reflected parameters detection
  • find and replace in requests

About

Simple proxy which applies filters (default or custom) to your requests and responses, while you browse a website.

Resources

Readme

License

MIT license
Activity

Stars

8 stars

Watchers

2 watching

Forks

6 forks
Report repository

Releases 12

ponieproxy v0.7.0 Latest
Sep 12, 2020
+ 11 releases

Packages

No packages published

Languages