Websecurify

Regular updates about Websecurify free and premium website scanners, proxies, fuzzers and insight knowledge about SQL Injection, Cross-site Scripting and other vulnerabilities

Landing a BadAssProxy

We are very happy to announce the first release of BadAssProxy. The project is hosted by GNUCITIZEN but sponsored by us so expect some good things to happen in the near future.

What is BadAssProxy (BAP)

BadAssProxy is a modern http intercepting proxy designed for developers and web application security professionals. What differentiates this proxy from other proxies is that it is using several interesting techniques for better performance and reliability.

The proxy employs a multi-process architecture similar to what you have with the Google Chrome web browser. The heavy lifting is performed by our own/GNUCITIZEN proxy utility called proxify. The UI is a modern web application running on a web server. The business logic is handled by nodejs while the application is rendered inside an instance of Chromium via node-webkit. Everything is assembled in such a way so that all components work seamlessly together.

This architecture is absolutely deliberate and as a result of years of experience building web application security tools. It is hard to explain why we choose this technology stack but the end product is more than satisfactory. In fact, it is pure awesomeness.

If this is not enough to make you try BadAssProxy here is something I need to stress to you: it is not written in Java. Most other proxies are, which puts them in a completely different league. BadAssProxy has the potential to go way beyond what is currently possible although we are not there yet.

Future Plans

At the moment we have a Windows-based proof of concept. Versions for Mac and Linux will follow soon. We are planning to keep this software free for use and support it as much as we can. We are also planning to release a professional version which will pack our own security testing technology and more. This will happen around version 3 as per the current milestones. How fast we will get there depends all on us.

Additionally, we want to enable the community to extend the product and customise it to their needs. A plugin architecture will follow soon and we promise to make it as simple as possible. It is fair to say that we have big plans for this product and we are certain that we can reinvent and refresh this technology all over again.

Web proxies have been stuck in no-innovation land for long time now and we are determined to change this for good or bad.

If you have any recommendations, suggestions or even bugs, just get in touch. We are always interested to hear from you.

pdp

Petko D. Petkov (pdp), is founder of Websecurify and frontman of the GNUCITIZEN Information Security Think Tank. pdp is a recognized information security researcher, security tools developer, penetration tester, frequent speaker at industry events, and published author who has contributed to several best-selling books in the field of information security.

Comments Powered ByDisqus