Skip to main content

Multi-Protocol Proxy Over TCP & UDP

By admin

Many years ago I programed a console based multi protocol proxy (the sha0proxy) lately I created in dotnet a graphical verison of the tool, but due to the form referesh speed finally I implemented it in C++ with Qt.

This tool useful for reversing, exploiting & pentesting was finally called rproxy, and its a multi-protocol proxy over TCP or UDP.





Being in the middle of the communication you can view and modify the bytes before being sent to the client or server.

In the tools tab right now its possible to open the blob on radare2 for further reversing of the data structures or code.


A basic mutation based fuzzer is implemented for bug-hunting, just set the % ratio of mutation and the bytes will be modified during specific communications phase.

One of the powerful things of this tool is the scripting, it is possible to automate a modification in specific moment of the traffic flow.



For example a script with a single line: "IN 3 20 3F" will write a 0x3f on the offset 20 only on the third packet received from the server. I have used this feature for triggering vulnerabilities.

Regarding the saving and loading data from disk, it's possible to save and load data in raw and hex formats. Also can be configured for save all the communications or only specific emission.


Find the source code and binaries at github: https://github.com/sha0coder/reproxy



Related links


Comments

Post a Comment

Popular posts from this blog

The Base Blockchain Airdrop: Hidden Opportunities You Don’t Want to Miss!

By admin
The Base blockchain, supported by Coinbase, is making waves in the crypto space with its surging Total Value Locked (TVL) and potential airdrop opportunities. In this article, we'll dive deep into Base's ecosystem, its key protocols, and strategies for maximizing potential rewards. We'll also explore SynFutures, a standout perpetual protocol, and other exciting opportunities that could set the stage for a lucrative airdrop. Base Blockchain: A Rising Star Current Status Base has climbed to the sixth position among blockchains in terms of TVL, surpassing even Arbitrum, the long-time leader in Ethereum Layer 2 solutions. With $4 billion+ in TVL , Base's rapid growth is drawing attention from the crypto community. Why the Excitement Around a Potential Airdrop? Coinbase Backing: As a leading exchange, Coinbase's involvement ensures credibility and innovation. Changing Regulations: With evolving regulatory clarity, there's renewed optimism for potential rewards lik...
Post a Comment
Read more

Reversing C++ String And QString

By admin
After the rust string overview of its internal substructures, let's see if c++ QString storage is more light, but first we'r going to take a look to the c++ standard string object: At first sight we can see the allocation and deallocation created by the clang++ compiler, and the DAT_00400d34 is the string. If we use same algorithm than the rust code but in c++: We have a different decompilation layout. Note that the Ghidra scans very fast the c++ binaries, and with  rust binaries gets crazy for a while. Locating main is also very simple in a c++ compiled binary, indeed is more  low-level than rust. The byte array is initialized with a simply move instruction:         00400c4b 48 b8 68        MOV        RAX,0x6f77206f6c6c6568 And basic_string generates the string, in the case of  rust this was carazy endless set of calls, detected by ghidra as a runtime, but nevertheless the basic_str...
Post a Comment
Read more

When Berachain Meets AI: 9 Projects Riding the Next Big Wave

By admin
Artificial Intelligence (AI) and blockchain are arguably two of the hottest narratives in tech today. With Berachain's mainnet launch just around the corner, combining AI with this innovative blockchain opens up exciting possibilities. In this article, we'll dive into nine AI-driven projects on Berachain, each offering unique use cases and solutions. Baosdotfun 1. Baosdotfun: The Launchpad for AI DAOs Baosdotfun acts as an incubator for AI-driven DAOs, focusing on areas like yield farming and trading strategies. Their "DAO seasons" introduce new AI agents every few months, providing fresh opportunities for users. Key features: Supports multiple AI agents. Focus on decentralized autonomous organizations (DAOs). Official Links: Baosdotfun Website Baosdotfun on Twitter Beradigm 2. Beradigm: Maximizing BGT Farming Beradigm specializes in yield farming to accumulate BGT, a governance token central to Berachain's ecosystem. Using AI, Beradigm optimizes farming strategie...
Post a Comment
Read more