Week 42 - ProxyChains
Last updated
Last updated
Running into issues getting your HTTP requests to play nicely with your #AppSec tools?
I’ve encountered connection/request/formatting problems with tools like SQLMap, EyeWitness, Hydra and especially custom python scripts. Most of the time, it's because I forget to add a matching quote or a necessary request header.
My favorite way to debug these issues is to proxy the tool through BurpSuite! Some tools (like SQLMap) have this feature available as a command (--proxy). But what happens when they don’t?
Use ProxyChains! It’s super simple to setup (see screenshot) and will save you a ton of time when trying to figure out why your HTTP Requests are not working as planned. Just change the last line of the ‘/etc/proxychains4.conf’ file to:
http 127.0.0.1 8080
This will tell proxychains to send our traffic through an HTTP proxy on localhost port 8080 (where Burp is listening). Then prefix your tool command with proxychains4 (EX: proxychains4 sqlmap -u target[.]com) and you’re good to go!
Burp will intercept all HTTP requests allowing you to send them to the repeater and see what you accidentally left out :)