~> listener (1) -> intercept (2) -> filter (3) -> real server (4)
<~ listener (8) <- intercept (7) <- filter (6) <- real server (5)
Listeners:
socks
forwarding
custom routing table
SSL:
generate SSL cert per host
for android emulator generate SSL cert according to the real target cert
select custom CA
accept HTTP and redirect to HTTP (arbitrary host via routing table (per host filter))
Intercept (all operations are bidirectional):
Filters:
(intercept is a special filter)
response normalization. custom rules that defines which request means that the file does (not) exists
cookie jar
active session maintaining
Throttle (max requests per time …)
data parsing (nonce extraction. VIEWSTATE)
time analysis for request-response (show the delta)
Vulnerability discovery:
http protocol fuzzing / content discovery (files, directories, http parameters)
inner protocol fuzzing (JSON, XML, REST, SOAP)
Data manipulation: