{"id":13845865,"url":"https://github.com/redfast00/malidate","last_synced_at":"2026-04-18T11:37:04.110Z","repository":{"id":139754471,"uuid":"110344570","full_name":"redfast00/malidate","owner":"redfast00","description":"A logging DNS and HTTP(S) server. Opensource alternative to some parts of the Burpsuite Collaborator server.","archived":false,"fork":false,"pushed_at":"2017-11-11T18:40:17.000Z","size":9,"stargazers_count":37,"open_issues_count":0,"forks_count":8,"subscribers_count":8,"default_branch":"master","last_synced_at":"2024-11-21T19:38:47.668Z","etag":null,"topics":["http-server","malidate","security","security-tools"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/redfast00.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2017-11-11T12:41:58.000Z","updated_at":"2024-07-17T15:55:29.000Z","dependencies_parsed_at":null,"dependency_job_id":"e11248f5-e70e-4367-9541-d92b8cc5a0a4","html_url":"https://github.com/redfast00/malidate","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/redfast00/malidate","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/redfast00%2Fmalidate","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/redfast00%2Fmalidate/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/redfast00%2Fmalidate/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/redfast00%2Fmalidate/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/redfast00","download_url":"https://codeload.github.com/redfast00/malidate/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/redfast00%2Fmalidate/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":264930799,"owners_count":23684925,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["http-server","malidate","security","security-tools"],"created_at":"2024-08-04T17:03:38.870Z","updated_at":"2026-04-18T11:37:03.960Z","avatar_url":"https://github.com/redfast00.png","language":"Python","funding_links":[],"categories":["Python"],"sub_categories":[],"readme":"# Malidate\n\nAn opensource logging DNS, HTTP and HTTPS server. Can be used to search for exploits with malformed HTTP requests as described in [this whitepaper ](http://blog.portswigger.net/2017/07/cracking-lens-targeting-https-hidden.html). There exists commercial software to do this (Burpsuite and the Burpsuite collaborator server), but that software isn't opensource.\n\n## Requirements\n\nAn HTTPS wildcard Certificate, an a domain set up to use the IP address this server is running on as DNS server.\n\n## Architecture\n\nThis project (malidate) is the server. When looking for vulnerabilities, clients can use any subdomain that is at least 17 characters long of the domain the malidate server is running on. Each client SHOULD prefix the subdomain they are using with a random alphanumeric string that is at least 16 characters long.\n\n### Endpoints\n\n`https://export.domain.com/prefix`: all history about lookups and HTTP requests starting with that prefix are returned as JSON data. Since the prefix is unique and not trivially guessable, this will only return the lookups with your prefix.\n\n## Setup\n\n```\nsudo iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-ports 10443\nsudo iptables -t nat -A PREROUTING -p tcp --dport 53 -j REDIRECT --to-ports 10053\nsudo iptables -t nat -A PREROUTING -p udp --dport 53 -j REDIRECT --to-ports 10053\nsudo iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 10080\n```\n\nor, for debugging on the loopback interface\n```\niptables -t nat -I OUTPUT -p tcp -d 127.0.0.1 --dport 80 -j REDIRECT --to-ports 8080\n```","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fredfast00%2Fmalidate","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fredfast00%2Fmalidate","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fredfast00%2Fmalidate/lists"}