React2Shell Analyzer

A powerful HTTP proxy analyzer for inspecting Next.js Server Actions traffic between your browser/PoC and Next.js server.

GitHub Repository
https://github.com/Benrich127N/react2shell_analyzer.git

Features

• 🔍 Header Inspection: Logs all request and response headers
• 📦 Multipart Analysis: Parses and displays multipart form sections
• ⚠️ Pattern Detection: Identifies suspicious patterns:
  • React Flight tokens ($@, $K:)
  • Prototype pollution attempts (__proto__, constructor.prototype)
  • Server Action references
• 🎨 Colored Output: Easy-to-read color-coded logs
• 🚀 Zero Configuration: Works out of the box

Architecture

PoC/Browser → Dart Proxy (4000) → Next.js Server (3000)

Installation

As a global command-line tool:

dart pub global activate react2shell_analyzer

As a dependency in your project:

dependencies:
  react2shell_analyzer: ^1.0.0

Then run

dart pub get

Usage

Command Line

# Start with defaults (proxy on 4000, forwards to localhost:3000)
react2shell_analyzer

# Custom configuration
react2shell_analyzer --proxy-port 8080 --target-port 3000 --target-host example.com

# Disable specific features
react2shell_analyzer --no-headers --no-color

Programmatic Usage in Dart

import 'package:react2shell_analyzer/react2shell_analyzer.dart';

void main() async {
  final config = ProxyConfig(
    proxyPort: 4000,
    targetHost: 'localhost',
    targetPort: 3000,
  );

  await runProxy(config: config);
}

Example Output

================================================================================

[a3f8bc21] POST /api/action
Time: 2025-12-07T10:30:45.123Z

REQUEST HEADERS:
  content-type: multipart/form-data; boundary=----WebKitFormBoundary
  next-action: abc123def456

MULTIPART REQUEST BODY:
  Found 2 parts

  PART 1:
    Content-Disposition: form-data; name="0"
    
    Content:
      {"action":"$@1","data":{"userId":123}}

  PART 2:
    Content-Disposition: form-data; name="1_$ACTION_REF_1"
    
    Content:
      $K:1234567890abcdef

[a3f8bc21] RESPONSE: 200

⚠️  SUSPICIOUS PATTERNS DETECTED:
   [React Flight action reference] \$@ at Part 1
     Context: {"action":"$@1","data":{"userId":123}}
   [React Flight key marker] \$K: at Part 2
     Context: $K:1234567890abcdef

Use Cases

🐛 Security Research: Analyze Next.js Server Actions for vulnerabilities

🔬 Development: Debug multipart form submissions

📊 Traffic Analysis: Understand React Flight protocol

🛡️ Penetration Testing: Identify prototype pollution vectors

Contributing

Contributions are welcome! Please open an issue or submit a pull request on GitHub.