{"id":13775776,"url":"https://github.com/pdjstone/wsuspect-proxy","last_synced_at":"2025-05-11T08:33:25.258Z","repository":{"id":106397997,"uuid":"44667760","full_name":"pdjstone/wsuspect-proxy","owner":"pdjstone","description":"Python tool to inject fake updates into unencrypted WSUS traffic","archived":false,"fork":false,"pushed_at":"2015-10-23T11:43:59.000Z","size":242,"stargazers_count":116,"open_issues_count":2,"forks_count":76,"subscribers_count":11,"default_branch":"master","last_synced_at":"2024-11-17T10:40:21.185Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/pdjstone.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2015-10-21T10:02:55.000Z","updated_at":"2024-08-12T19:19:46.000Z","dependencies_parsed_at":"2023-03-13T14:39:46.278Z","dependency_job_id":null,"html_url":"https://github.com/pdjstone/wsuspect-proxy","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pdjstone%2Fwsuspect-proxy","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pdjstone%2Fwsuspect-proxy/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pdjstone%2Fwsuspect-proxy/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pdjstone%2Fwsuspect-proxy/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/pdjstone","download_url":"https://codeload.github.com/pdjstone/wsuspect-proxy/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":253540350,"owners_count":21924521,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-03T17:01:49.455Z","updated_at":"2025-05-11T08:33:24.966Z","avatar_url":"https://github.com/pdjstone.png","language":"Python","funding_links":[],"categories":["\u003ca id=\"d03d494700077f6a65092985c06bf8e8\"\u003e\u003c/a\u003e工具"],"sub_categories":["\u003ca id=\"0ff94312f3ab4898f5996725133ea9d1\"\u003e\u003c/a\u003e未分类"],"readme":"# WSUSpect Proxy\n\nWritten by Paul Stone and Alex Chapman, [Context Information Security](http://www.contextis.com)\n\n## Summary\n\nThis is a proof of concept script to inject 'fake' updates into non-SSL WSUS traffic.\nIt is based on our BlackHat USA 2015 presentation, 'WSUSpect – Compromising the Windows Enterprise via Windows Update'\n\n- White paper: http://www.contextis.com/documents/161/CTX_WSUSpect_White_Paper.pdf\n- Slides: http://www.contextis.com/documents/162/WSUSpect_Presentation.pdf\n\n## Prerequisites\nYou'll need the Python Twisted library installed. You can do this by running:\n```\npip install twisted\n```\n\nYou also need to place a Microsoft-signed binary (e.g. [PsExec](https://technet.microsoft.com/en-gb/sysinternals/bb897553.aspx)) into the payloads directory. \nThis script has been tested on Python 2.7. It does not yet work with Python 3.x; contributions are welcome.\n \n## Usage\nTo test this out, you'll need a target Windows 7 or 8 machine that is configured to receive updates \nfrom a WSUS server over unencrypted HTTP. The machine should be configured to proxy through the \nmachine running this script. This can be done by manually changing the proxy settings or via other\nmeans such as WPAD poisoning (e.g. using [Responder](https://github.com/SpiderLabs/Responder))\n```\npython wsuspect_proxy.py payload_name [port]\n```\nAn example payload for PsExec is set up that will launch cmd.exe running as Administrator:\n```\npython wsuspect_proxy.py psexec\n```\n\nIf you are having problems getting the script to work we'd recommend using a GUI proxy tool\nsuch as Burp (and configuring Burp to use this script as a proxy) to see if the update XML \nis being correctly inserted.\n\n## Customisation\nModify payloads/payloads.ini to change the payloads and their arguments.\n\n## Known Issues\n- Currently doesn't support Windows 10 targets\n- Doesn't yet support Python 3\n\n## Screenshots\n\n![WSUSpect in action](screenshots/fakeupdate.png \"WSUSpect in action\")\n\n![WSUSpect script output](screenshots/output.png \"WSUSpect script output\")\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpdjstone%2Fwsuspect-proxy","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fpdjstone%2Fwsuspect-proxy","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpdjstone%2Fwsuspect-proxy/lists"}