Loading presentation...

Present Remotely

Send the link below via email or IM


Present to your audience

Start remote presentation

  • Invited audience members will follow you as you navigate and present
  • People invited to a presentation do not need a Prezi account
  • This link expires 10 minutes after you close the presentation
  • A maximum of 30 users can follow your presentation
  • Learn more about this feature in our knowledge base article

Do you really want to delete this prezi?

Neither you, nor the coeditors you shared it with will be able to recover it again.


HoneyProxy @ HoneyNet Workshop Dubai 2013

No description

Maximilian Hils

on 25 February 2013

Comments (0)

Please log in to add your comment.

Report abuse

Transcript of HoneyProxy @ HoneyNet Workshop Dubai 2013

What's cool:
Save HTTP conversations
Make scripted changes to HTTP traffic using Python
multi-platform (Linux & OSX) Metadata What made us develop HoneyProxy? Introduction to HoneyProxy Demo HoneyProxy (GSoC 2012) Performing man-in-the-middle HTTP(S) traffic analysis with Maximilian Hils
February 14 2013 GSoC 2012 Student for HoneyProxy

Studying Information Systems (BSc.)
@ University of Münster, Germany
Front-End Web Developer with a passion for NetSec
@ AppWork GmbH (JDownloader) Maximilian Hils GSoC 2012 Mentor for HoneyProxy

French HoneyNet Chapter Co-Lead
Threat Analyst since 1997
@ Sekoia Guillaume Arcas Why do we need HTTP man-in-the-middle proxies? The browser is not the only user of HTTP
HTTP-using code is increasingly opaque
Large JavaScript applications
Mobile Platforms!

We want to see (and analyze) what's happening. SSL is end-to-end, right? Not as long as we are able to install our own root (CA) certificate... A closer look on mitmproxy mitmproxy mitmproxy HoneyProxy HoneyProxy is built on top of mitmproxy. Why did we pick mitmproxy? Open Source (GPL v3 + OpenSSL)
Well maintained
Passionate and helpful author What's not so cool:
Again, no built-in functionality to aggregate traffic
Limited UI (e.g. no search) Aldo Cortesi Coder and security consultant living in New Zealand
runs Nullcube, a small security consultancy What is HoneyProxy (technically)? HoneyProxy is...
an enhanced version of mitmproxy
some tweaks (e.g. directory tree dumper)
with HTML5 Web Application on top of it. Traffic Table Search/Filter Functionality
(with regex support) Content Preview Traffic Aggregation Download file contents View Headers,
POST Parameters,
Original Certificate Tree Browser Show raw HTTP request Open in new window Report Generator Report Output Report Editor Demo time! 1) Start HoneyProxy,
record some live traffic
and analyze it. What's next? HoneyProxy started as a GSoC project,
but that didn't stop us from continuing development. 1.1 Release with Report Editor (post GSoC) Possible next stops on the road:
Enhanced flow table
new Report Scripts
merge with mitmproxy possibly
GSoC 2013 For HTTP, that's easy.... Thanks! Most existing proxies...
have a weird name (BURP)
are targeted at Pentesting (BURP, ZAP, mitmproxy)
no way to aggregate or analyze traffic

GSoC 2012: HoneyProxy Why not using existing tools? All the mitmproxy functionality
+ our enhancements on top > honeyproxy.py --dump-dir ./dump/ Dumping into directory structure: Having fun with WinDirStat Google Summer of Code 2012: HoneyProxy SSL with our cert SSL with server cert cleartext honeyproxy.org
Full transcript