Skip to content

dvlinuxx-max/proxyscope

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

proxyscope

An intercepting HTTP/HTTPS proxy with a web UI, in the spirit of Burp Suite and mitmproxy. Route a browser through it to capture every request and response, decrypt HTTPS on the fly, inspect traffic, replay and modify requests, and hold requests for manual review before they go out.

Use it only against applications you own or are authorized to test.

proxyscope UI

What it does

  • Proxy + history - forwards HTTP and HTTPS and records every flow (method, URL, status, timing, headers, bodies).
  • HTTPS interception - acts as a man-in-the-middle using a locally generated CA. It mints a certificate per host on the fly, so once you trust the CA the proxy can read TLS traffic.
  • Inspector - click any flow to read the full request and response.
  • Repeater - send a captured request to an editable form, change anything, and replay it; the result lands back in the history.
  • Intercept - toggle intercept to pause outgoing requests in a queue, edit the body, then forward or drop each one.

Install

pip install -r requirements.txt   # cryptography, for certificate generation

Run

python proxyscope.py
# or: python -m proxyscope

It starts two servers and prints where:

proxyscope 1.0.0
  proxy   127.0.0.1:8080   (set this as your browser's HTTP/HTTPS proxy)
  ui      http://127.0.0.1:8081
  ca cert C:\Users\you\.proxyscope\ca-cert.pem

Ports are configurable: --proxy-port, --ui-port, --host, --cert-dir.

Setup for HTTPS

  1. Point your browser (or system) HTTP/HTTPS proxy at 127.0.0.1:8080.
  2. Download the CA certificate from the UI ("download CA cert", or the printed path) and install it as a trusted root in your browser/OS.
  3. Browse. HTTPS requests now appear decrypted in the history.

Without trusting the CA you will get certificate warnings on HTTPS - that is the proxy substituting its own certificate, which is exactly how this class of tool works. Only install the CA on a machine you control, and remove it when done.

How it works

proxyscope.py        run without installing
proxyscope/
  cli.py             starts the proxy and UI servers
  proxy.py           forward proxy; CONNECT + per-host TLS MITM
  certs.py           local CA and on-the-fly leaf certificates (cryptography)
  store.py           thread-safe flow history and the intercept queue
  ui.py              web UI, JSON API, repeater, CA download

The proxy is threaded (one thread per connection). For HTTP it rewrites absolute-form requests and relays them. For HTTPS it answers CONNECT, presents a certificate generated for the requested host and signed by the local CA, then speaks HTTP over the decrypted channel and forwards upstream over real TLS.

Limitations

  • HTTP/1.1; WebSocket and HTTP/2 frames are tunneled or unsupported, not parsed.
  • In-memory history (capped); nothing is written to disk except the CA and the per-host certificate cache.
  • Some clients (notably Windows curl using schannel) will not trust a file-based CA - install the CA in the system/browser store instead.

Requirements

Python 3.9+ and cryptography (see requirements.txt).

License

MIT

About

Intercepting HTTP/HTTPS proxy with a web UI, in the spirit of Burp Suite: traffic history, TLS man-in-the-middle decryption, request inspector, repeater, and an intercept queue. Python.

Topics

Resources

License

Stars

0 stars

Watchers

0 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors

Languages