PyProx, the Simple Python TCP Proxy

PyProx is a simple protocol analysis & penetration testing tool that provides a TCP socket proxy between one or more clients and a server. It is useful for pivoting within a restrictive network and/or for monitoring traffic where common tools such as tcpdump or ncat are not available, prohibited or undesirable. PyProx also supports regular expression based MITM modification of unencrypted network traffic content (e.g. HTTP or Telnet).

Screenshot of the PrProx.py simple TCP proxy in operation.

Ultimately this is slow and simplistic network security tool which is totally inferior to the ubiquitous Netcat. However it does have some advantages which occasionally make it useful, such as colourised hexdump output, handling multiple clients and easy manipulation of traffic content.

Dependencies

PyProx requires Python 2.7 and the 3rd party colored library. PyProx will work in both Windows and Linux environments but has been developed with Windows environments in mind.

If the colourisation option is enabled, the console used for printing stdout must support ANSI colour codes otherwise the output will appear garbled (e.g. ConEmu on Windows).

The user account running PyProx must have OS permissions required to bind to the specified local listener port.

Usage

The usage stanza for this program is shown below:

usage: pyprox.py [-h] [-r] [-x] [-c] [-mc CMOD CMOD] [-ms SMOD SMOD]
[-w HEXWIDTH] [-t TIMEOUT]
localaddr remoteaddr
PyProx is a simple protocol analysis & penetration testing tool that provides
a TCP socket proxy between one or more clients and a server.
positional arguments:
localaddr local address to listen on, e.g. 127.0.0.1:8081.
remoteaddr remote address to proxy traffic to, e.g. mybox:23.
optional arguments:
-h, --help show this help message and exit
-r receive from server immediately after connect.
-x display hex-dump of message payloads.
-c produce colourised output.
-mc CMOD CMOD search and replace strings in client traffic.
-ms SMOD SMOD search and replace strings in server traffic.
-w HEXWIDTH number of hex bytes shown per line (default = 16).
-t TIMEOUT socket timeout value in seconds (default = 4).

For example, to start a listener on the local TCP port 5050 which will proxy traffic to a HTTP service at server42.evilcorp.com:

python pyprox.py localhost:5050 server42.evilcorp.com:80

Known Issues

The proxy can be very slow in operation as it uses ‘blocking sockets’. A more sophisticated non-blocking implementation may be released at some point in the future.

Packaging as a Windows EXE

This script can be packaged as a standalone Windows EXE using the PyInstaller tool with the following command:

pyinstaller --onefile pyprox.py

This can make the tool more portable/useful in penetration testing and CTF activities.

More Information

I have released this script under the MIT licence. It can be downloaded from the pyprox GitHub repository.

Did you like this article? Please consider supporting this site.

Page last updated: