In this article I am going to show you how to build a TCP proxy in python.
There are a number of reasons to have a TCP proxy in your tool belt, both for forwarding traffic to bounce from host to host, but also when assessing network-based software. When performing penetration tests in enterprise environments, you’ll commonly be faced with the fact that you can’t run Wireshark, that you can’t load drivers to sniff the loopback on Windows, or that network segmentation prevents you from running your tools directly against your target host. I have employed a simple Python proxy in a number of cases to help understand unknown protocols, modify traffic being sent to an application, and create test cases for fuzzers.
import sys import socket import threading def server_loop(local_host,local_port,remote_host,remote_port,receive_first): server = socket.socket(socket.AF_INET, socket.SOCK_STREAM) try: server.bind((local_host,local_port)) except: print "[!!] Failed to listen on %s:%d" % (local_host,local_ port) print "[!!] Check for other listening sockets or correct permissions." sys.exit(0) print "[*] Listening on %s:%d" % (local_host,local_port) server.listen(5) while True: client_socket, addr = server.accept() # print out the local connection information print "[==>] Received incoming connection from %s:%d" % (addr,addr) # start a thread to talk to the remote host proxy_thread = threading.Thread(target=proxy_handler, args=(client_socket,remote_host,remote_port,receive_first)) proxy_thread.start() def main(): # no fancy command-line parsing here if len(sys.argv[1:]) != 5: print "Usage: ./proxy.py [localhost] [localport] [remotehost] [remoteport] [receive_first]" print "Example: ./proxy.py 127.0.0.1 9000 10.12.132.1 9000 True" sys.exit(0) # setup local listening parameters local_host = sys.argv local_port = int(sys.argv) # setup remote target remote_host = sys.argv remote_port = int(sys.argv) # this tells our proxy to connect and receive data # before sending to the remote host receive_first = sys.argv if "True" in receive_first: receive_first = True else: receive_first = False # now spin up our listening socket server_loop(local_host,local_port,remote_host,remote_port,receive_first) main()
Most of this should look familiar: we take in some command-line arguments and then fire up a server loop that listens for connections. When a fresh connection request comes in, we hand it off to our proxy_handler, which does all of the sending and receiving of juicy bits to either side of the data stream.
Take your time to comment on this article.