Table of Contents
Interceraptor
~> listener (1) -> intercept (2) -> filter (3) -> real server (4) <~ listener (8) <- intercept (7) <- filter (6) <- real server (5)
Listeners:
- socks
- forwarding
- custom routing table
SSL:
- generate SSL cert per host
- for android emulator generate SSL cert according to the real target cert
- select custom CA
- accept HTTP and redirect to HTTP (arbitrary host via routing table (per host filter))
Intercept (all operations are bidirectional):
- hand examination/modification
- automatic data modification
Filters:
- (intercept is a special filter)
- response normalization. custom rules that defines which request means that the file does (not) exists
- cookie jar
- active session maintaining
- Throttle (max requests per time …)
- data parsing (nonce extraction. VIEWSTATE)
- time analysis for request-response (show the delta)
Vulnerability discovery:
- http protocol fuzzing / content discovery (files, directories, http parameters)
- inner protocol fuzzing (JSON, XML, REST, SOAP)
Data manipulation:
- base64
- hex/ascii
- data validation (html-tidy, json validator, xml validator)
GUI
- HTML5 rest client
module
dataflow
- c-s input match
- c-s perform action (modify input / invoke external script or whatever)
- c-s send data
- s-c recieve data
- s-c match output
- s-c perform final action
data flow direction: c-s -- client to server s-c -- server to client
module interconnection
- do it like they do it in apache mod_rewrite rules
roadplan
- accept HTTP connection, redirect to SLL service, rule match per HTTP.host
- accept SSL connection, fake SLL.CommonName by the target service
performance
- multithread
- fast backend without gui
- ability to cancel pending request
- each tab can be separated to standalone window
- window plugin-like eclipse/netbeans/visalstudio…
scanner
- passive
- active
schemas
