Skip to content

Automatically exported from code.google.com/p/proxystrike

Notifications You must be signed in to change notification settings

qunxyz/proxystrike

Repository files navigation

*************************************
* ProxyStrike v2.1                  *
* Coded by:                         *
* Carlos del ojo                    *
*   - deepbit@gmail.com             *
*************************************

Run proxystrike with one of the following:

		# python proxystrike.py
		
		or
		
		.:\> proxistrike.exe


What is this?
-------------

ProxyStrike is a tool designed to find Sql injection and xss vulnerabilities
while browsing an application.

The process is very simple, ProxyStrike runs like a passive proxy listening in
port 8008 by default, so you have to browse the desired web site using
ProxyStrike as proxy and it will attack all the paremeters in background mode.

Features:

	* Plugin engine (Create your own plugins!)
	* Request interceptor
	* Request diffing
	* Request repeater
	* Automatic crawl process
	* Save/restore session
	* Http request/response history
	* Request parameter stats
	* Request parameter values stats
	* Request url parameter signing and header field signing
	* Use of an alternate proxy (tor for example ;D )
	* Sql attacks
	* Xss attacks
	* Attack logs
	* Export results to HTML or XML 

Todo:

	???
	* Maybe a web-GUI based on CherryPy ;) (ajax+python)


Platforms:
----------

ProxyStrike runs in windows/linux/OSX

Windows: proxystrike.exe
Linux/OSX: python proxystrike.py

for console mode: (python proxystrike.py -c / proxystrike.exe -c)

Dependencies:
------------

On *nix systems, need pycurl,pyopenssl,pyqt4,pyopenssl
On Windows just run the proxystrike.exe

Thanks:
-------

    * DarkRaver (ProxyStrike sql engine is a python port of sqlibf)
    * Javier Mendez for XSS engine improvement
    * Christian Matorella and Vicente Diaz
    * All S21sec team

About

Automatically exported from code.google.com/p/proxystrike

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages