Prezi

Present Remotely

Send the link below via email or IM

Copy

Present to your audience

Start remote presentation

  • Invited audience members will follow you as you navigate and present
  • People invited to a presentation do not need a Prezi account
  • This link expires 10 minutes after you close the presentation
  • A maximum of 30 users can follow your presentation
  • Learn more about this feature in the manual

Do you really want to delete this prezi?

Neither you, nor the coeditors you shared it with will be able to recover it again.

DeleteCancel

Make your likes visible on Facebook?

Connect your Facebook account to Prezi and let your likes appear on your timeline.
You can change this under Settings & Account at any time.

No, thanks

HoneyProxy @ HoneyNet Workshop Dubai 2013

No description
by Maximilian Hils on 25 February 2013

Comments (0)

Please log in to add your comment.

Report abuse

Transcript of HoneyProxy @ HoneyNet Workshop Dubai 2013

What's cool:
Save HTTP conversations
Make scripted changes to HTTP traffic using Python
multi-platform (Linux & OSX) Metadata What made us develop HoneyProxy? Introduction to HoneyProxy Demo HoneyProxy (GSoC 2012) Performing man-in-the-middle HTTP(S) traffic analysis with Maximilian Hils
February 14 2013 GSoC 2012 Student for HoneyProxy

Studying Information Systems (BSc.)
@ University of Münster, Germany
Front-End Web Developer with a passion for NetSec
@ AppWork GmbH (JDownloader) Maximilian Hils GSoC 2012 Mentor for HoneyProxy

French HoneyNet Chapter Co-Lead
Threat Analyst since 1997
@ Sekoia Guillaume Arcas Why do we need HTTP man-in-the-middle proxies? The browser is not the only user of HTTP
HTTP-using code is increasingly opaque
Large JavaScript applications
Malware
Mobile Platforms!

We want to see (and analyze) what's happening. SSL is end-to-end, right? Not as long as we are able to install our own root (CA) certificate... A closer look on mitmproxy mitmproxy mitmproxy HoneyProxy HoneyProxy is built on top of mitmproxy. Why did we pick mitmproxy? Open Source (GPL v3 + OpenSSL)
Well maintained
Passionate and helpful author What's not so cool:
Again, no built-in functionality to aggregate traffic
Limited UI (e.g. no search) Aldo Cortesi Coder and security consultant living in New Zealand
runs Nullcube, a small security consultancy What is HoneyProxy (technically)? HoneyProxy is...
an enhanced version of mitmproxy
some tweaks (e.g. directory tree dumper)
JSON API
with HTML5 Web Application on top of it. Traffic Table Search/Filter Functionality
(with regex support) Content Preview Traffic Aggregation Download file contents View Headers,
POST Parameters,
Original Certificate Tree Browser Show raw HTTP request Open in new window Report Generator Report Output Report Editor Demo time! 1) Start HoneyProxy,
record some live traffic
and analyze it. What's next? HoneyProxy started as a GSoC project,
but that didn't stop us from continuing development. 1.1 Release with Report Editor (post GSoC) Possible next stops on the road:
Enhanced flow table
new Report Scripts
merge with mitmproxy possibly
GSoC 2013 For HTTP, that's easy.... Thanks! Most existing proxies...
have a weird name (BURP)
are targeted at Pentesting (BURP, ZAP, mitmproxy)
no way to aggregate or analyze traffic

GSoC 2012: HoneyProxy Why not using existing tools? All the mitmproxy functionality
+ our enhancements on top > honeyproxy.py --dump-dir ./dump/ Dumping into directory structure: Having fun with WinDirStat Google Summer of Code 2012: HoneyProxy SSL with our cert SSL with server cert cleartext honeyproxy.org
honeyproxy.org/demo
See the full transcript