BinProxy – A Proxy Tool For TCP Connections

BinProxy is a proxy tool for arbitrary TCP connections. It gives you a TCP proxy and an interface to write protocol-specific parsers in Ruby using the BinData library This tool understands and manipulates binary network traffic. BinProxy can operate as a simple transparent proxy with a static upstream or a socks/httpsproxy.

The tool has the desire to leverage the convenience of using an intercepting proxy instead of manual requests and the realization of writing a lot of the baseline networking and proxying code over and over.

 

Requirements:

  • Ruby 2.3 or later
  • A C compiler, Ruby headers, etc., are needed to compile several dependencies.
  • openssl binary for –tls without an explicit cert/key.
  • To build the UI, node.js and npm,

 

Installation:

From Rubygems

gem install binproxy

From Source

git clone https://github.com/nccgroup/BinProxy.git binproxy
cd binproxy

# Install ruby dependencies.
# Depending on your setup, one or both of these may require sudo.
gem install bundler && bundle

# The UI is built with a webpack/babel toolchain:
(cd ui && npm install) \
  && rake build-ui

# Confirm that everything works
# run.sh sets up the environment and passes all args to binproxy
./run.sh --help

To build and install the gem package:

gem build binproxy.gemspec

# Again, you may need sudo here
gem install binproxy-1.0.0.gem

 

How to use:

  • Run binproxy with no arguments.
  • Browse to http://localhost:4567/
  • Enter local and remote hostnames or IP addresses and ports, and click ‘update’
  • Point a client at the local service, and watch the packets flow.

 

Command Line:

binproxy -c <class> [<local-host>] <local-port> <remote-host> <remote-port>

-c argument, a simple hex dump is shown.
local-host , binproxy assumes localhost.
–socks-proxy or –http-proxy options shows that the remote host and ports are determined dynamically, and should not be specified.

Note: Currently, the HTTP proxy only supports connections tunneled with the HTTP CONNNECT verb; it cannot proxy raw HTTP GET , POST , etc., requests. In practice, this means that HTTPS traffic will work, but plain HTTP traffic will not unless the client supports a flag to force tunneling, like curl -p .

BinProxy

Related posts

How to Improve Your Cyber Resilience by Strengthening User Privileges

The Dark Side of Viral Content: How Negative Reviews Can Snowball

Testing Gaming Monetization: Walking the Line Between Profit and Player Experience