I have moved from Atom to Sublime. Atom is a nice editor with a lot of features but it has a lot of performance issues for what I want to do.
Below is my setup for reference. When I want to do it again in a year (or a new machine) I can just use everything here or just use the config files. You can find a repo with the config files here: https://github.com/parsiya/sublime-config
In order to create our own custom proxies, first we need to know how proxies work. When I wanted to write a custom proxy tool (it’s a simple Python script) in Hipchat part3, I had to go back and learn how they work. I did not find such a resource online that looked at proxies from an infosec perspective. Most talked about how to configure caching or forwarding proxies and not much about MitM ones. I have briefly talked about it in the section 2 of the same post named How does a Proxy Work?. In this post I am going to take a deep(er) dive. I actually read some RFCs and they were surprisingly well written.
If you want to skip the intro, go to section 3.
Back in March 2014, Garage4Hackers had a live stream with Gynvael Coldwind. His talk was named "Data, data, data! I can't make bricks without clay" or a few practical notes on reverse-engineering. You can see the recording on youtube.
Here are my notes that I discovered from 2014.
I thought I had found the Windows iptables with Portproxy but I was wrong. But I learned something neat in the process and I am documenting it to access it when I need it.
Portproxy allows you to listen on a certain port on one of your network interfaces (or all interfaces) and redirect all traffic to that interface (on your computer) to another port/IP address.
The to that interface is the limitation that unfortunately kills it. This will be a short post.
I have decided to learn Go (or Golang). I went through the Tour of Go and made some notes. Some of the items/code are directly copy pasted from there. The notes are just a cheatsheet to help me look things up quickly while learning. I will update that page as I learn more.
You can see the notes at https://parsiya.net/go/.
I have talked a lot about this and that but have done nothing in action. Now I will talk about proxying actual applications. I will start with something easy, the FileHippo App Manager. This app was chosen because it can be proxied with Burp, it does not use TLS and it has its own proxy settings (also works with Internet Explorer proxy settings). The requests are pretty simple to understand. I like the FileHippo website because it archives old versions of software. For example I loved the non-bloated Yahoo! Messenger 8.0 when I used it (it’s pretty popular in some places) and used FileHippo to download the old versions.
FileHippo App Manager turned out to be more interesting than I thought and this post turned into some .NET reverse engineering using dnSpy. Here’s what I talk about in this post:
AccessToken header which is generated client-side. We will discuss how it is generated.