Intercepting Proxy - The Pappy Proxy

The Pappy (Proxy Attack Proxy Proxy) Proxy is an intercepting proxy for performing web application security testing. Its features are often similar, or straight up rippoffs from Burp Suite. However, Burp Suite is neither open source nor a command line tool, thus making a proxy like Pappy inevitable. The project is still in its early stages, so there are bugs and only the bare minimum features, but it should be able to do some cool stuff soon


Installation

Pappy supports OS X and Linux (sorry Windows). Installation requires pip or some other command that can handle a setup.py with requirements. Once the requirements are installed, you can check that it installed correctly by running pappy -l to start the proxy.


$ git clone --recursive https://github.com/roglew/pappy-proxy.git
$ cd pappy-proxy
$ pip install.


Quickstart

Pappy projects take up an entire directory. Any generated scripts, exported responses, etc. will be placed in the current directory so it’s good to give your project a directory of its own. To start a project, do something like:

$ mkdir test_project
$ cd test_project 
$ pappy
Copying default config to directory
Proxy is listening on port 8000
itsPappyTime> exit
$ ls
data.db      project_config.json
$ 

And that’s it! The proxy will by default be running on port 8000 and bound to localhost . You can modify the port/interface in config.json. You can list all your intercepted requests with ls, view a full request with vfq <reqid> or view a full response with vfs <reqid>. Right now, the only command to delete requests is filter_prune which deletes all the requests that aren’t in the current context (look at the sections on the context/filter strings for more information on that).

Documentation

Download The Pappy Proxy