How to build a TCP proxy in python

Follow by Email

In this article I am going to show you how to build a TCP proxy in python.

There are a number of reasons to have a TCP proxy in your tool belt, both for forwarding traffic to bounce from host to host, but also when assessing network-based software. When performing penetration tests in enterprise environments, you’ll commonly be faced with the fact that you can’t run Wireshark, that you can’t load drivers to sniff the loopback on Windows, or that network segmentation prevents you from running your tools directly against your target host. I have employed a simple Python proxy in a number of cases to help understand unknown protocols, modify traffic being sent to an application, and create test cases for fuzzers.

import sys

import socket

import threading

def server_loop(local_host,local_port,remote_host,remote_port,receive_first):

server = socket.socket(socket.AF_INET, socket.SOCK_STREAM)




print "[!!] Failed to listen on %s:%d" % (local_host,local_ port)

print "[!!] Check for other listening sockets or correct permissions."                sys.exit(0)

print "[*] Listening on %s:%d" % (local_host,local_port)

while True:

client_socket, addr = server.accept()

# print out the local connection information

print "[==>] Received incoming connection from %s:%d" % (addr[0],addr[1])

# start a thread to talk to the remote host

proxy_thread = threading.Thread(target=proxy_handler, args=(client_socket,remote_host,remote_port,receive_first)) proxy_thread.start()

def main():

# no fancy command-line parsing here

if len(sys.argv[1:]) != 5:

print "Usage: ./ [localhost] [localport] [remotehost] [remoteport] [receive_first]"

print "Example: ./ 9000 9000 True" sys.exit(0)

# setup local listening parameters

local_host = sys.argv[1] local_port = int(sys.argv[2])

# setup remote target

remote_host = sys.argv[3] remote_port = int(sys.argv[4])

# this tells our proxy to connect and receive data

# before sending to the remote host receive_first = sys.argv[5]
if "True" in receive_first:

receive_first = True


receive_first = False
# now spin up our listening socket server_loop(local_host,local_port,remote_host,remote_port,receive_first) main()

Most of this should look familiar: we take in some command-line arguments and then fire up a server loop that listens for connections. When a fresh connection request comes in, we hand it off to our proxy_handler, which does all of the sending and receiving of juicy bits to either side of the data stream.

Take your time to comment on this article.


Follow by Email

Like the article? please consider sharing it. Thank you

Advertisment ad adsense adlogger