ProxPy is a highly customizable HTTP/HTTPS proxy, written in Python. It is very handy for web penetration testers and for developers interested in testing their web applications.
ProxPy works as a "man-in-the-middle" between the browser and the target application. It has been developed with the purpose to be easily customizable. At this aim, users can write plug-in with minimal effort. Plug-ins are written in Python, and can modify HTTP/HTTPS requests and response on-the-fly.
The source code of the project is released under the GPLv3
license and is available online on proxpy homepage
KEmuFuzzer
KEmuFuzzer is protocol-specific fuzzer for system virtual
machines. KEmuFuzzer generates floppy images to boot a virtual machine and
to execute a specific test-case. The same test-case is executed also in an
oracle, based on hardware-assisted virtualization. The states obtained are
compared to detect defects in the virtual machine. Test-cases are
generated using a special compiler that applies certain mutations before
compiling.
The source code of the project is released under the GPLv3
license and is available online on KEmuFuzzer homepage
EmuFuzzer
EmuFuzzer is a fuzzer for CPU emulators. EmuFuzzer "stresses" a CPU emulator
with specially crafted test-cases, representing registers and memory
configurations, to verify whether the CPU is properly emulated or not. EmuFuzzer
detects improper behaviours of the emulator by running the same test-case
concurrently on the emulated and on the physical CPUs and by comparing the state
of the two after the execution. Differences in the state testify defects in the
code of the emulator.
Currently EmuFuzzer supports the following CPU emulators:
We also used EmuFuzzer to discover red-pills: programs or procedures
capable of identifying if they are executed on a physical CPU or on an
emulated CPU. Such red-pills can be used in malicious programs to impede
dynamic analysis attempts. EmuFuzzer red-pills are
now available
for download.