*************************************
* ProxyStrike v2.1 *
* Coded by: *
* Carlos del ojo *
* - deepbit@gmail.com *
*************************************
Run proxystrike with one of the following:
# python proxystrike.py
or
.:\> proxistrike.exe
What is this?
-------------
ProxyStrike is a tool designed to find Sql injection and xss vulnerabilities
while browsing an application.
The process is very simple, ProxyStrike runs like a passive proxy listening in
port 8008 by default, so you have to browse the desired web site using
ProxyStrike as proxy and it will attack all the paremeters in background mode.
Features:
* Plugin engine (Create your own plugins!)
* Request interceptor
* Request diffing
* Request repeater
* Automatic crawl process
* Save/restore session
* Http request/response history
* Request parameter stats
* Request parameter values stats
* Request url parameter signing and header field signing
* Use of an alternate proxy (tor for example ;D )
* Sql attacks
* Xss attacks
* Attack logs
* Export results to HTML or XML
Todo:
???
* Maybe a web-GUI based on CherryPy ;) (ajax+python)
Platforms:
----------
ProxyStrike runs in windows/linux/OSX
Windows: proxystrike.exe
Linux/OSX: python proxystrike.py
for console mode: (python proxystrike.py -c / proxystrike.exe -c)
Dependencies:
------------
On *nix systems, need pycurl,pyopenssl,pyqt4,pyopenssl
On Windows just run the proxystrike.exe
Thanks:
-------
* DarkRaver (ProxyStrike sql engine is a python port of sqlibf)
* Javier Mendez for XSS engine improvement
* Christian Matorella and Vicente Diaz
* All S21sec team