BinProxy is a proxy tool for arbitrary TCP connections. It gives you a TCP proxy and an interface to write protocol-specific parsers in Ruby using the BinData library This tool understands and manipulates binary network traffic. BinProxy can operate as a simple transparent proxy with a static upstream or a socks/https proxy.
The tool has the desire to leverage the convenience of using an intercepting proxy instead of manual requests and the realization of writing a lot of the baseline networking and proxying code over and over.
Requirements:
- Ruby 2.3 or later
- A C compiler, Ruby headers, etc., are needed to compile several dependencies.
- openssl binary for –tls without an explicit cert/key.
- To build the UI, node.js and npm,
Installation:
From Rubygems
gem install binproxy
From Source
git clone https://github.com/nccgroup/BinProxy.git binproxy cd binproxy # Install ruby dependencies. # Depending on your setup, one or both of these may require sudo. gem install bundler && bundle # The UI is built with a webpack/babel toolchain: (cd ui && npm install) \ && rake build-ui # Confirm that everything works # run.sh sets up the environment and passes all args to binproxy ./run.sh --help
To build and install the gem package:
gem build binproxy.gemspec # Again, you may need sudo here gem install binproxy-1.0.0.gem
How to use:
- Run binproxy with no arguments.
- Browse to http://localhost:4567/
- Enter local and remote hostnames or IP addresses and ports, and click ‘update’
- Point a client at the local service, and watch the packets flow.
Command Line:
binproxy -c <class> [<local-host>] <local-port> <remote-host> <remote-port>
-c argument, a simple hex dump is shown.
local-host , binproxy assumes localhost.
–socks-proxy or –http-proxy options shows that the remote host and ports are determined dynamically, and should not be specified.
Note: Currently, the HTTP proxy only supports connections tunneled with the HTTP CONNNECT verb; it cannot proxy raw HTTP GET , POST , etc., requests. In practice, this means that HTTPS traffic will work, but plain HTTP traffic will not unless the client supports a flag to force tunneling, like curl -p .
