Proxify and BadAssProxy in Action
GNUCITIZEN released a lightweight proxy called Proxify, designed to conveniently integrate with other tools. Proxify can handle both HTTP and HTTPS, displaying or saving the interactions between the client and the server. Its authors expect the tool to be embedded in applications that require proxy functionality, explaining that:
“The tool will do all the hard work and you just need to provide a very simple restful HTTP service to do the forwarding of data between the browser and the remote target. “
Proxify is easy to run from the command-line, as you can see in the video attached to this post. In this example, I directed Proxify to listen on port 8080 and save all requests and responses it intercepts to the “output” directory.
Proxify is free for non-commercial use, and is available in a binary form for Windows, Linux and OS X.
For an example of a GUI tool that uses Proxify behind the scenes, take a look at BadAssProxy (BAP), released for free by Websecurify. The initial release of BAP isn’t as full-featured as the established tools in this category, such as Fiddler and Burp. However, it has a clean user interface and promises additional functionality in future versions.
BAP is available as a free Windows download. It requires Microsoft Visual C++ 2010 Redistributable Package to run.
I like the simplicity of Proxify and the convenience of being able to run it from the command-line to examine web traffic. I wish it offered the convenience of easily carving files from HTTP responses, though. (I am planning to include Proxify in the next release of the REMnux distro.) BAP looks nice as a proof-of-concept and is built using a promising (Java-free) architecture; I’m looking forward to seeing this tool’s future releases with more functionality.