Together with Pown.js, we are building some really cool technology all in JavaScript using frameworks designed for the 21-st century. Today, we are very happy to announce the first release of the Pown Proxy which is now part of the official pownjs distribution but also can be used separately as a standalone executable. In this blog post, I would like to give you an overview of the proxy and the architecture we are aiming to achieve and also give you a quick hands-on tutorial.
Introduction
If you are familiar with other intercepting proxies such as Burp, Zap, Charles, Mitm Proxy and even our own Proxy.app, you are aware that they come as bundled server-side and user-interface components. The server acts as the proxy while the user interface helps interact with it, such as when intercepting requests. This architecture is nevertheless slightly cumbersome because any errors in the state in either of the components result in a problem in the other. Crashing is one of the problems. Keeping the memory and performance profiles clean is another. Furthermore, the simple fact that the proxy is essentially a desktop tool, running in headless environments is tricky. Some proxies come with their own headless versions but underneath they are all drawing in framebuffers and whatnot.
This entanglement between two unrelated components is architecturally unsound but also prohibits further extensibility. What if you want to use your own proxy implementation perhaps written in a different language running on a different architecture? What if you want to reuse the UI but interface with the proxied application at syscall level bypassing certificate pinning checks? What if the proxy user interface does not fit the problem domain? Perhaps you want to run the proxy from an SSH terminal and interact with it via a ncurses UI. These are all valid concerns which professionally have been bothering me for a long time until now.
The solution to these problems is Pown Proxy. While still an alpha project, you can use it today. Let me show you how it works with a simple "getting started" tutorial.
Hello Pown Proxy
The first thing is to install pown or the pown-proxy package. You can do that with npm. If you don't have npm installed please do so using whichever is your prefered method.
$ npm install -g pown-proxy
Once Pown Proxy is installed it is ready to be used. Let's start proxing with the following command:
$ pown-proxy proxy
The proxy does not provide any user interface at all apart from the debug messages it prints in the console. But this does not mean that we cannot interact with it with a rich graphical interface such as the one provided by our own HTTPView. Let's see how that works.
First, we need to setup the proxy to listen for incoming web socket connections. The following command will help us do that. There are other related flags so please look into the usage documentation:
$ pown-proxy proxy --ws
Next, we open HTTPView and navigate to the Feeds settings. We need to connect to the proxy feed using the provided address. Just enter the web socket address as displayed by Pown Proxy and check the box.
Notice that we selected the feed on ws://127.0.0.1:9090. Press the red dot button to start getting feedback from the proxy. Here is capture that I did earlier today.
We captured everything in full binary including pictures, audio, videos and everything else. The proxy server is running separately from the UI which means that it can be placed anywhere I want. This allows us to do very interesting setups which today are very difficult to deploy.
Hello Future
Notice how simple it was to start intercepting web requests and responses. The process is very similar to what you do with Pown Now, which allows you to sniff raw frames and preview them using HTTPView. We covered this in our iOS packet capturing tutorial not too long ago. The communication interface is consistent which means that we can use the same protocols to create even more interesting tools and extend further.
The best part is that the underlying proxy component can be swapped with any other compatible software. For example, we can write the proxy in Rust or Go or even as a shellcode or payload injected in a different memory process. The UI can also be swapped out and in fact, we are building our ncurses-based UI which is awesome. The whole architecture is truly extensible and open.
What's Next
While Pown Proxy is functionally working we want to see further improvements. There are a few things we can do to make it better. We are also building our ncurses UI as well and extending HTTPView with further improvements.
You can help us by spreading the word and of course contribute! The project is free and open-source published under the MIT software license. Additionally, follow @websecurify and @pownjs on Twitter for announcements.