Right now it has available SQL injection and XSS modules. Both modules are designed to catch as many vulnerabilities as they can, it’s that why the SQL Injection module is a Python port of the great “SQLibf“.
The process is very simple, ProxyStrike runs like a passive proxy listening in port 8008 by default, so you have to browse the desired web site setting your browser to use ProxyStrike as a proxy, and ProxyStrike will analyze all the paremeters in background mode. For the user is a passive proxy because you won’t see any different in the behaviour of the application, but in the background is very active.
- HTTP request/response history
- Request parameter stats
- Request parameter values stats
- Request URL parameter signing and header field signing
- Use of an alternate proxy (tor for example)
- SQL attacks
- XSS attacks
- Export results to HTML or XML
- Console version (python proxystrike.py -c / proxystrike.exe -c)
You can download ProxyStrike here:
Or read more here.