Advanced Packet Editor – TCP/HTTP Client-Server Proxy

The Advanced Packet Editor (APE) is an open-source project for a TCP and HTTP-based proxy that allows you to intercept and manipulate communication between clients and servers.

We at AppSec Labs have taken the project, modified and improved it into a useful tool for application penetration testing.

This tool is under the GPL license (for more information: http://www.gnu.org/licenses/gpl-3.0.en.html)

APE allows you to create internal and external filters, automatically catch and replace internally by defining rules.

For example, let’s say that we want to catch when the application receives the user named “Test” and change it to “Admin”.

We check the “recv()” function and set the application to catch “Test” and replace it with “Admin”. Then, we give our filter a name for future reference and enable it:

 fig1

Figure 1 – Setting internal filters

Filters can also be set externally using an ad-hoc supplied python script. The script creates a server that enables customization of the applied filters.

APE shows sockets as they open and close and detailed information that is sent back and forth:

fig2
Figure 2 – Detailed information about Sockets

APE operates by injecting itself into a running process (“Attach”) or executing an application (“Open”) with APE already injected into it (note: this requires administrative privileges):

fig3

Figure 3 – Attaching APE into a running process

Once attached, filters that were set become active. Furthermore by using Invoke-> Freeze, we can freeze the current application.

APE also enables interaction with external tools such as Portswigger’s Burp Suite.

To enable this, run APE with administrative privileges and check “Listen to Requests” (Under “Tools” in the main menu).

For more details regarding the usage of APE, view documentation here.

The tool can be found here

Source code can be found here

Special thanks to http://www.packeteditor.com/ for developing the initial packet editor.

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *