PyProx is a simple protocol analysis & penetration testing tool that provides a TCP socket proxy between one or more clients and a server. It is useful for pivoting within a restrictive network and/or for monitoring traffic where common tools such as
ncat are not available, prohibited or undesirable. PyProx also supports regular expression based MITM modification of unencrypted network traffic content (e.g. HTTP or Telnet).
Ultimately this is slow and simplistic network security tool which is totally inferior to the ubiquitous Netcat. However it does have some advantages which occasionally make it useful, such as colourised hexdump output, handling multiple clients and easy manipulation of traffic content.
PyProx requires Python 2.7 and the 3rd party colored library. PyProx will work in both Windows and Linux environments but has been developed with Windows environments in mind.
If the colourisation option is enabled, the console used for printing stdout must support ANSI colour codes otherwise the output will appear garbled (e.g. ConEmu on Windows).
The user account running PyProx must have OS permissions required to bind to the specified local listener port.
The usage stanza for this program is shown below:
For example, to start a listener on the local TCP port 5050 which will proxy traffic to a HTTP service at server42.evilcorp.com:
The proxy can be very slow in operation as it uses ‘blocking sockets’. A more sophisticated non-blocking implementation may be released at some point in the future.
This script can be packaged as a standalone Windows EXE using the PyInstaller tool with the following command:
This can make the tool more portable/useful in penetration testing and CTF activities.
I have released this script under the MIT licence. It can be downloaded from the pyprox GitHub repository.
Did you like this article? Please consider supporting this site.
Page last updated: