Send the link below via email or IMCopy
Present to your audienceStart remote presentation
- Invited audience members will follow you as you navigate and present
- People invited to a presentation do not need a Prezi account
- This link expires 10 minutes after you close the presentation
- A maximum of 30 users can follow your presentation
- Learn more about this feature in the manual
Do you really want to delete this prezi?
Neither you, nor the coeditors you shared it with will be able to recover it again.
Make your likes visible on Facebook?
Connect your Facebook account to Prezi and let your likes appear on your timeline.
You can change this under Settings & Account at any time.
HoneyProxy @ HoneyNet Workshop Dubai 2013
Maximilian Hilson 25 February 2013
Transcript of HoneyProxy @ HoneyNet Workshop Dubai 2013
Save HTTP conversations
Make scripted changes to HTTP traffic using Python
multi-platform (Linux & OSX) Metadata What made us develop HoneyProxy? Introduction to HoneyProxy Demo HoneyProxy (GSoC 2012) Performing man-in-the-middle HTTP(S) traffic analysis with Maximilian Hils
February 14 2013 GSoC 2012 Student for HoneyProxy
Studying Information Systems (BSc.)
@ University of Münster, Germany
Front-End Web Developer with a passion for NetSec
@ AppWork GmbH (JDownloader) Maximilian Hils GSoC 2012 Mentor for HoneyProxy
French HoneyNet Chapter Co-Lead
Threat Analyst since 1997
@ Sekoia Guillaume Arcas Why do we need HTTP man-in-the-middle proxies? The browser is not the only user of HTTP
HTTP-using code is increasingly opaque
We want to see (and analyze) what's happening. SSL is end-to-end, right? Not as long as we are able to install our own root (CA) certificate... A closer look on mitmproxy mitmproxy mitmproxy HoneyProxy HoneyProxy is built on top of mitmproxy. Why did we pick mitmproxy? Open Source (GPL v3 + OpenSSL)
Passionate and helpful author What's not so cool:
Again, no built-in functionality to aggregate traffic
Limited UI (e.g. no search) Aldo Cortesi Coder and security consultant living in New Zealand
runs Nullcube, a small security consultancy What is HoneyProxy (technically)? HoneyProxy is...
an enhanced version of mitmproxy
some tweaks (e.g. directory tree dumper)
with HTML5 Web Application on top of it. Traffic Table Search/Filter Functionality
(with regex support) Content Preview Traffic Aggregation Download file contents View Headers,
Original Certificate Tree Browser Show raw HTTP request Open in new window Report Generator Report Output Report Editor Demo time! 1) Start HoneyProxy,
record some live traffic
and analyze it. What's next? HoneyProxy started as a GSoC project,
but that didn't stop us from continuing development. 1.1 Release with Report Editor (post GSoC) Possible next stops on the road:
Enhanced flow table
new Report Scripts
merge with mitmproxy possibly
GSoC 2013 For HTTP, that's easy.... Thanks! Most existing proxies...
have a weird name (BURP)
are targeted at Pentesting (BURP, ZAP, mitmproxy)
no way to aggregate or analyze traffic
GSoC 2012: HoneyProxy Why not using existing tools? All the mitmproxy functionality
+ our enhancements on top > honeyproxy.py --dump-dir ./dump/ Dumping into directory structure: Having fun with WinDirStat Google Summer of Code 2012: HoneyProxy SSL with our cert SSL with server cert cleartext honeyproxy.org