Cyber security

CLay – Enhancing Web Security hrough Deceptive Reverse Proxies

CLay offers a unique and powerful feature that goes beyond traditional security measures.

CLay takes deception to a new level by mimicking the appearance of a website with information from a different framework.

The primary objective is to mislead and deceive potential attackers, leading them to gather false information about the web application.

Features

  • Request filtering by User Agent
  • HTML Comment Filtering
  • Informative Response Header Filtering
  • Adding Dummy HTML Comments
  • Adding Decoy Informative Response Headers
  • Adding Decoy Cookies
  • Error Template Changing

Supported Decoy Frameworks

  • PHP
  • Laravel
  • Microsoft ASP.NET
  • Flask
  • Django

Supported Decoy Webservers

  • Nginx
  • Apache HTTP Server

Requirements

  • Python 3.11+
  • mitmproxy is a set of tools that provide an interactive, SSL/TLS-capable intercepting proxy for HTTP/1, HTTP/2, and WebSockets. CLay utilizes mitmproxy‘s capabilities to intercept and modify HTTP/HTTPS traffics on the fly.
  • Jinja is a fast, expressive, extensible templating engine.

Quick Start

  1. Fetch and start CLay package installation.
git clone https://github.com/kisanakkkkk/CLay.git
cd CLay
pip3 install .

2. Generate new configuration file. On the menu prompt, choose [1] Run CLay (default config), then enter the target URL for which you’d like to set up the CLay.

CLay -g

For more information click here.

Varshini

Varshini is a Cyber Security expert in Threat Analysis, Vulnerability Assessment, and Research. Passionate about staying ahead of emerging Threats and Technologies.

Recent Posts

Log Analysis Fundamentals

Introduction In cybersecurity and IT operations, logging fundamentals form the backbone of monitoring, forensics, and…

2 hours ago

Networking Devices 101: Understanding Routers, Switches, Hubs, and More

What is Networking? Networking brings together devices like computers, servers, routers, and switches so they…

16 hours ago

Sock Puppets in OSINT: How to Build and Use Research Accounts

Introduction In the world of Open Source Intelligence (OSINT), anonymity and operational security (OPSEC) are…

17 hours ago

What is SIEM? Complete Guide to Security Information and Event Management

Introduction As cyber threats grow more sophisticated, organizations need more than just firewalls and antivirus…

1 day ago

Website OSINT: Tools and Techniques for Reconnaissance

Introduction When it comes to cybersecurity and ethical hacking, one of the most effective ways…

2 days ago

Top OSINT Tools to Find Emails, Usernames and Passwords

Introduction In the world of cybersecurity, knowledge is power. One of the most powerful skillsets…

2 days ago