A Python http(s) server designed to assist in red teaming activities such as receiving intercepted data via POST requests and serving content dynamically (e.g. payloads).
I find this tool handy when performing USB-based attacks during physical pentests (Rubber ducky / BadUSB / ATtiny85, etc). Check out the ATtiny85_templates folder for some handy .ino templates to load on your microcontrollers. Credits: My templates are inspired by this repo -> CedArctic/DigiSpark-Scripts.
🎥 How to turn your ATtiny85 into a rubber ducky
This tool was explicitly developed and tested on kali linux. I doubt it will work properly on Windows.
pip3 install -r requirements.txt
python3 synergy_httpx.py [-h] [-c CERT] [-k KEY] [-p PORT] [-q] [-i INTERFACE]
- If you provide cert.pem and key.pem files when you execute
synergy_httpx.py, the server will run with SSL (https). - You can use the "serve" and "release" prompt commands to associate/disassociate server path names with local files to be used as a response body to GET/POST requests, while the server is running. There are two standard hardcoded endpoints, 1 x GET mainly for connectivity tests and 1 x POST that will print the request body to the stdout, useful for intercepting data and sending them to your server via http(s).
- You can predifine endpoints (server paths mapped to local files) by editting the
user_defined_endpointsdict insynergy_httpx.py(there are examples). - Use the "endpoints" prompt command to list all of the server's active endpoints.