Praxis (n.)
The practical means by which a thing is accomplished. The opposite of theory.
prxs is a web application penetration testing tool, that allows users to perform common pentesting tasks from their terminal. Users will find it similar to tools such as BurpSuite or MITMProxy. For our rationale and design philosophy, see RATIONALE.md.
You know the drill: This tool is intended for security research purposes, always gain permission before pentesting someone else's system. The developers of praxis are not liable for your actions or any damages you may cause.
Be an ethical hacker.
Happy hacking.
To install prxs and make it available to your system, clone this repository and build from source:
git clone git@github.com:alex0112/prxs.git;
cd prxs && cargo build --release && cargo install --path .Alternatively:
git clone git@github.com:alex0112/prxs.git;
cd prxs && cargo runSupport for a cargo install from crates.io is on our roadmap.
Usage: prxs [OPTIONS]
Options:
-c, --config <CONFIG_PATH> The config file to parse
-p, --port <PORT> The port to run on
-s, --session [<SESSION_FILE>] The session file to open
--auto-gunzip <AUTO_GUNZIP> Whether to automatically gunzip request responses [possible values: true, false]
-h, --help Print help
-V, --version Print versionSee USAGE.md for a comprehensive list of keystrokes in the TUI.
(TL;DR navigation is vim-like, j, and k allow navigation through the request list)
In order to receive requests, the user must instruct their browser or application of choice to proxy traffic to the application. We find FoxyProxy (Firefox, Chrome) to be a useful tool in this regard. Point it at localhost:8080 (or whichever port you specify) while praxis is running and you will start to see traffic.
The primary reason http traffic inspection is useful is to observe what requests a site or application may be making in plaintext. As it currently stands the TLS decryption portion of praxis is currently under development in the branch feature/rustls-connects, and with luck will be merged into main soon.
Until that is working, you will see any TLS encrypted traffic begin to hit the proxy as an HTTP CONNECT request against port 443 of the target. You may forward these requests (by pressing f) but the response will come back with an error until the TLS decryption layer is functioning properly.
As mentioned in the usage document, When focused on a specific request, a user may press e to open the request annotations in an editor. Praxis will default to $EDITOR when determining what to use, and if nothing is specified will likely open nano. We have seen decent results in Neovim, Emacs (both with and without the -nw option), and Helix. It is also possible to open a request in VSCode/Codium, but there is a known issue preventing the edited text from being read back to praxis. Your mileage may vary.
(in no particular order)
- TLS decryption
- Editing focused requests/responses
- Filtering / Scope definition
- Session storage (serialized current workflow to a file)
- Certificate generation
- Publish crate to crates.io
- nuclei templates from existing saved requests(?)
- Tests where appropriate (time was not spent on unit tests in this iteration since most of the code is network oriented)
Additionally, ARCH.md contains some of our thoughts about features, design decisions, and possible implementations that may or may not come into use in the actual application.