Skip to content

SnollyG0st3r/CapFuzz

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

34 Commits
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

CapFuzz

capture | intercept | fuzz

Yet another https proxy to capture and fuzz web apis. Tailor made for fuzzing Mobile App APIs & web services with a scriptable interface. CapFuzz is built on top of mitmproxy

screen shot 2018-03-11 at 2 57 55 pm

Install

$ git clone https://github.com/MobSF/CapFuzz.git
$ cd CapFuzz
$ python setup.py install

Usage

$ capfuzz
usage: capfuzz [-h] [-m MODE] [-p PORT] [-n NAME]

optional arguments:
  -h, --help            show this help message and exit
  -m MODE, --mode MODE  Supported modes
                        1. capture: Capture requests.
                        2. fuzz: Run Fuzzing Server.
                        3. runfuzz: Fuzz on captured requests with default configuration.
                        4. intercept: Intercept and tamper the flow in live.
  -p PORT, --port PORT  Proxy Port
  -n NAME, --name NAME  Project Name
  1. Capture - capfuz -m capture
    • Starts HTTPS proxy at 1337 by default.
    • Install Root CA cert available under capfuzz/ca to browser or system.
  2. Intercept - capfuz -m intercept
    • To Fiddle with request and response in live.
    • Use: capfuzz/core/interceptor.py (The location will be relative to where capfuzz is installed)
  3. Fuzz UI - capfuzz -m fuzz
    • Starts the Fuzzer Web UI for configuration and fuzzing: https://0.0.0.0:1337
  4. Fuzz - capfuzz -m runfuzz
    • Fuzz from command line.

About

CapFuzz - capture, fuzz & intercept web traffic.

Topics

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • CSS 42.0%
  • Python 36.0%
  • JavaScript 11.7%
  • HTML 10.3%