Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/t3l3machus/synergy-httpx

A Python http(s) server designed to assist in red teaming activities such as receiving intercepted data via POST requests and serving content dynamically (e.g. payloads).
https://github.com/t3l3machus/synergy-httpx

arduino attiny85 hacking hacking-tools offensive-security penetration-testing-tools pentesting red-teaming redteam t3l3machus

Last synced: 1 day ago
JSON representation

A Python http(s) server designed to assist in red teaming activities such as receiving intercepted data via POST requests and serving content dynamically (e.g. payloads).

Awesome Lists containing this project

README

        

# Synergy Httpx
[![Python](https://img.shields.io/badge/Python-%E2%89%A5%203.6-yellow.svg)](https://www.python.org/)

[![License](https://img.shields.io/badge/License-BSD-red.svg)](https://github.com/t3l3machus/Synergy-httpx/blob/main/LICENSE.md)

## Purpose
A Python http(s) server designed to assist in red teaming activities such as receiving intercepted data via POST requests and serving content dynamically (e.g. payloads).

I find this tool handy when performing USB-based attacks during physical pentests (Rubber ducky / BadUSB / ATtiny85, etc). Check out the `ATtiny85_templates` folder for some handy `.ino` templates to load on your microcontrollers. Credits: My templates are inspired by this repo -> [CedArctic/DigiSpark-Scripts](https://github.com/CedArctic/DigiSpark-Scripts/).

🎥 [How to turn your ATtiny85 into a rubber ducky ](https://www.youtube.com/watch?v=1l5UlG_R_Fc)

## Preview
![image](https://github.com/t3l3machus/Synergy-httpx/assets/75489922/da99aaf9-b385-4f33-931e-db6a01dd16b1)

## Installation
This tool was explicitly developed and tested on kali linux. I doubt it will work properly on Windows.
```
pip3 install -r requirements.txt
```

## Usage
```
python3 synergy_httpx.py [-h] [-c CERT] [-k KEY] [-p PORT] [-q] [-i INTERFACE]
```

- If you provide cert.pem and key.pem files when you execute `synergy_httpx.py`, the server will run with SSL (https).
- You can use the "serve" and "release" prompt commands to associate/disassociate server path names with local files to be used as a response body to GET/POST requests, while the server is running. There are two standard hardcoded endpoints, 1 x GET mainly for connectivity tests and 1 x POST that will print the request body to the stdout, useful for intercepting data and sending them to your server via http(s).
- You can predifine endpoints (server paths mapped to local files) by editting the `user_defined_endpoints` dict in `synergy_httpx.py` (there are examples).
- Use the "endpoints" prompt command to list all of the server's active endpoints.