Hyperfox

Hyperfox is a security tool for transparently hijacking/proxying HTTP and HTTPs traffic.

HTTPs could be hijacked/proxied if, and only if, the client application accepts bogus certificates.

Hyperfox could be used as a tool for auditing a wide range of applications, including mobile apps.

Features

Installation

Before installing, make sure you have a working Go environment and git.

Check that your PATH and GOPATH variables are correctly set in your .bashrc, .zshrc or .profile file.

$ cat .zshrc
# ... stuff ...
export GOROOT=/usr/lib/go
export GOPATH=$HOME/go
export PATH=$PATH:$GOROOT/bin:$GOPATH/bin

And that pkg, src and bin exist.

$ mkdir -p $GOPATH/src
$ mkdir -p $GOPATH/bin
$ mkdir -p $GOPATH/pkg

Now attempt to install.

% go get github.com/xiam/hyperfox
% hyperfox -h

Usage example

Run hyperfox, it will start in HTTP mode listening at 0.0.0.0:9999 by default.

% hyperfox

If you want to analyze HTTPs instead of HTTP, use the -s flag and provide appropriate cert.pem and key.pem files.

% hyperfox -s -c ssl/cert.pem -k ssl/key.pem

hyperfox won’t be of much use if the host machine has no traffic to analyze or if the only traffic to analyze is its own.

A common usage on a LAN is putting the host machine in forwarding mode, this will allow the host to forward traffic and be used as a gateway.

# Linux
sysctl -w net.ipv4.ip_forward=1

# FreeBSD/OSX
sysctl -w net.inet.ip.forwarding=1

Then prepare the host machine to actually forward everything but the port we want to analyze (80 in this example), we need all the traffic on that port to be redirected to the port hyperfox is listening.

# Linux (HTTP)
iptables -A PREROUTING -t nat -i wlan0 -p tcp --destination-port 80 -j REDIRECT --to-port 9999

# FreeBSD/OSX (HTTP)
ipfw add fwd 127.0.0.1,9999 tcp from any to any 80 via wlan0

Finally, use ARP spoofing to trick other machines into think our host machine is their router.

arpspoof -i wlan0 -t 10.0.0.123 10.0.0.1

The example above uses arpspoof.