448 skills found · Page 13 of 15
athoune / WatchmenWatch your HTTP traffic
struxoje / K8s Pihole Cloudflared MetallbPi-hole running on Kubernetes, load-balanced with MetalLB, forwarding traffic via DNS-over-HTTPS with Cloudflared
rainbowpigeon / EinsteinPoC Go C2 server that mimics Mattermost HTTP traffic
yamamoto-febc / Otlp Http Spyotlp-http-spy is a lightweight HTTP proxy designed for inspecting OpenTelemetry Protocol (OTLP) traffic over HTTP
FakeTuxedo / Whats That SmellA simple packet sniffer for analyzing local traffic and associating applications with IP addresses via Netify. Based on this: https://coderbag.com/programming-c/building-a-network-sniffer-in-net
Lissy93 / OLD AdGuardian TermGo Lang CLI app for monitoring AdGuard traffic | See Rust version at: https://github.com/Lissy93/AdGuardian-Term
sarndt / G0tBeEFMulti-threaded Python based ARP Poisoning with an Asynchronous Queue using IPTables and QUEUE deigned to capture HTTP traffic and inject a BeEF hook
cyberhuginn / Hawk ProxyIt receives incoming HTTP traffic and forwards it to one of the predefined proxy servers (typically hosted on virtual private servers). If the first proxy fails, it automatically tries the next one.
pinoyvendetta / Pv Nodejs Layer 7PV Node L7 is a Node.js tool for Layer 7 load testing & HTTP/2 security audits. Supports HTTP/1.1, 2, & 3 with realistic traffic, randomized TLS, & adaptive delays. Includes Rapid Reset & MadeYouReset attacks, real-time CLI stats, & concurrency control. Needs Node.js v16+ & npm. For authorized testing only.
steffenbusch / Caddy Bot BarrierA Caddy plugin that mitigates bot traffic by requiring clients to solve a computational challenge before accessing HTTP resources.
madeye / Trans ProxyTransparent proxy for macOS and Linux that intercepts TCP traffic via pf/nftables and forwards it through an upstream HTTP CONNECT proxy
mkenne11 / Nogotofail PiiThis is a fork of the nogotofail project also found on GitHub (https://github.com/google/nogotofail). This project adds tests for detecting common privacy issues in mobile application network traffic.
benjamin-luescher / Apk DebuggableBash toolkit to make Android APKs debuggable and intercept HTTPS traffic. Automatically extracts APKs from a device, patches them to enable debugging and trust user CA certificates, re-signs, reinstalls, and starts mitmproxy — all in one command.
braydos-h / Vless Ws Cdn Tunnel Setuppretty much a DPI bypasser but its really a automated deployment script for a VLESS-over-WebSocket covert proxy behind a CDN-fronted fake website. Includes fake site generation, Cloudflare TLS termination, and Xray fallback configuration to blend covert traffic into normal HTTPS.
rajakolluru / ChenileAn Open source framework for creating services (with spring boot) , kafka event processors, schedulers (with quartz), a file watcher etc. by writing simple POJOs and using a simple configuration JSON to hook it up. Chenile comes up with a state machine and an orchestration engine. The orchestration engine is internally used by Chenile to provide an interception framework that helps in disintermediating traffic irrespective of the incoming protocol (HTTP, message etc.)
dacent53 / TikTok Douyin ApiSecurity Our analysis of security issues in TikTok and Douyin resulted in the following high-level findings: All of TikTok and most of Douyin’s network traffic were adequately protected using HTTPS. For some data, an additional layer of encryption, which we dubbed “ttEncrypt,” was employed. We engineered a way to intercept the clear-text data before they were encrypted with ttEncrypt. We examined the data and found no clear reason why these data had to be encrypted again on top of the existing transport encryption provided by HTTPS, as these ttEncrypt-ed data were not confidential. Most of TikTok and Douyin’s API requests are protected with a custom signature in the HTTP header named “X-Gorgon.” The signature is generated using a native library module, which made it difficult for us to understand its inner workings. We think the purpose of this signature is to prevent third-party programs from imitating and sending TikTok/Douyin API requests. We found that there are people selling and buying third-party implementations of ttEncrypt and X-Gorgon algorithms. These third-party implementations might be produced to serve the need of bots (programs disguised as real users). Douyin loads some of its code components via the Internet. It can also update itself without any user interaction. Such code loading was adequately protected using HTTPS, making it difficult for attackers to inject malicious code in the loading process. However, this feature is a security issue because it bypasses the operating system’s and user’s control of what code could run on the device. TikTok does not include this feature.
KilianTep / Traffic Management Aiforseahttps://www.aiforsea.com/traffic-management
openclarity / SpeculatorA library for reconstructing OpenAPI specification from traffic of HTTP transactions.
OpenLiberty / Guide Istio IntroA guide on how to manage microservice traffic with Istio using blue-green deployment as an example: https://openliberty.io/guides/istio-intro.html
unexpectedjs / Unexpected MitmUnexpected plugin for mocking out http(s) traffic using the mitm library
