Next Gen HTTP Pentesting
If you are tired of being constrained by your tools we have your back. Traditional proxies like ZAP, Charles and Burp have both the server component and the UI bundled together, making them very inflexible in some situations, such as when you want to do things remotely, perhaps via another server or perhaps you want to gather data from multiple data sources - because you know, u r 1337.
So we decided to fix this and make something that can be used in all situations. Now, with the current version of HTTPView, you can gather data and proxy from multiple sources at the same time.
You can configure the feeds via the app settings. Click on the settings icon to access the configuration screen. By default you will find our Browser Extension feed. In the example above we have also configured two additional feeds for the Pown NOW utility. This means that when we start recording we will receive requests and responses from the network interface we are currently listening to via Pown NOW.
Let's look into a practical example how to take advantage of this feature. For the purpose of this exercise we will sniff a network interface of a remote host and connect to that feed to obtain the HTTP traffic in HTTPView.
First we need the pown now from pownjs which implements the feed interface, which is very basic and subject for another post. To start sniffing, execute the following command:
Now let's connect to our feed to start receiving web traffic. The feed is configured in the feed settings. Make sure it is selected and finally click on the record button.
And now we start seeing all the traffic coming to us for further inspection. If you notice both requests and responses are captured. We even handle binary content like pictures, videos and audio automatically for you.
It is trivial to get started.
Next, setup a permanent feed for your iOS penetration testing project using our iOS hacking tutorial.