[MASTG-TOOL-0109] Add Nope proxy (by @appknox) #2868
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
cpholguera
requested changes
Aug 8, 2024
tools/network/MASTG-TOOL-0098.md
Outdated
| source: https://github.com/summitt/Nope-Proxy | ||
| --- | ||
|
|
||
| [Nope-Proxy](https://github.com/summitt/Nope-Proxy) is an extension for Burp that operates as a Non-HTTP Man-in-the-Middle (MiTM) tool, allow you to intercept both TCP and UDP traffic. Additionally, it allows DNS spoofing on mobile devices, enabling the rerouting of traffic to Burp for the interception of non-HTTP communications. Furthermore, it includes features such as manual traffic interception, automated traffic manipulation, a Python mangler, and traffic highlighting. |
There was a problem hiding this comment.
MiTM is correct, but we're using MITM across the guide. Included also other small fixes:
Suggested change
| [Nope-Proxy](https://github.com/summitt/Nope-Proxy) is an extension for Burp that operates as a Non-HTTP Man-in-the-Middle (MiTM) tool, allow you to intercept both TCP and UDP traffic. Additionally, it allows DNS spoofing on mobile devices, enabling the rerouting of traffic to Burp for the interception of non-HTTP communications. Furthermore, it includes features such as manual traffic interception, automated traffic manipulation, a Python mangler, and traffic highlighting. | |
| [Nope-Proxy](https://github.com/summitt/Nope-Proxy) is an extension for Burp that operates as a Non-HTTP Man-in-the-Middle (MITM) tool, allowing you to intercept both TCP and UDP traffic. Additionally, it allows DNS spoofing on mobile devices to redirect traffic to Burp for the interception of non-HTTP communications. It also includes features such as manual traffic interception, automated traffic manipulation, a Python mangler, and traffic highlighting. |
|
Thanks for adding this @sk3l10x1ng! |
|
@cpholguera requested changes are done. Please review it . Thank you |
cpholguera
approved these changes
Aug 8, 2024
cpholguera
changed the title
serek8
pushed a commit
to serek8/owasp-mstg
that referenced
this pull request
Sep 3, 2024
* added Nope-proxy tool * fix spaces * small fixes * update tool ID --------- Co-authored-by: Carlos Holguera <[email protected]>
cpholguera
added a commit
that referenced
this pull request
Oct 19, 2024
* Add weakness page * Update MASWE-0040.md with new links (#2867) * [MASTG-TOOL-0108] Update Corellium tools page with benefits and limitations (#2834) * Add Corellium tools page with benefits and limitations * Apply suggestions from code review Co-authored-by: Jeroen Beckers <[email protected]> * fix md links * update corellium content * update tool id --------- Co-authored-by: Jeroen Beckers <[email protected]> Co-authored-by: Jeroen Beckers <[email protected]> * [MASTG-TOOL-0109] Add Nope proxy (by @appknox) (#2868) * added Nope-proxy tool * fix spaces * small fixes * update tool ID --------- Co-authored-by: Carlos Holguera <[email protected]> * [MASTG-TOOL-0110] Add semgrep (#2871) * add semgrep * update references to @MASTG-TOOL-0110 * updated donators * Typo fix (#2874) Co-authored-by: Jeroen Beckers <[email protected]> * Fixes #2824 (#2873) Co-authored-by: Jeroen Beckers <[email protected]> * Change news link (#2876) Co-authored-by: Jeroen Beckers <[email protected]> * Fix news not showing (#2877) * Update MASWE-0100.md (#2878) add refs * Update talks.yaml (#2883) * [MASWE-0009] Add Weak Cryptographic Key Generation (by appknox) (#2849) * MASWE-0009 * fix spell * fix markdown-lint * updated weakness * change test ID * add semgrep as tool * change demo IDs * change demo id as duplicate * Update weaknesses/MASVS-CRYPTO/MASWE-0009.md * Apply suggestions from code review * updated changes * renamed TOOL-0105 -> TOOL-0109 * fix changes * rm semgrep (will be added separately) and update refs to the tool * update ios demo to use r2 and the MASTestApp for iOS * update spell checker ignore words list * rm ios folder * add ios folder to correct name and demo based on r2 * update MASTG-TEST-0209 with libraries and references. Extended to consider also dynamic analysis. * change to modes of introduction * update DEMO-0011 to be about RSA key size * Apply suggestions from code review * add binary for demo 11 * update r2 script and output * Update weaknesses/MASVS-CRYPTO/MASWE-0009.md * Update tests-beta/ios/MASVS-CRYPTO/MASTG-TEST-0209.md Co-authored-by: Carlos Holguera <[email protected]> * Apply suggestions from code review Co-authored-by: Carlos Holguera <[email protected]> * Apply suggestions from code review Co-authored-by: Sven <[email protected]> * updated android demo * changed semgrep rule to standard form * Apply suggestions from code review * remove extra line * fix link --------- Co-authored-by: Sven <[email protected]> Co-authored-by: Carlos Holguera <[email protected]> * fix rule filename (#2885) * Update MASTG-DEMO-0012.md rule name (#2886) * Fix title for MASTG-DEMO-0011.md (#2888) * Update Sensitive Data Not Excluded From Backup * Add a test and a demo for Android * Add a test for iOS * Add a demo for iOS * Fix markdown files according to the linter * Fix conflicts in IDs * Apply suggestions from code review Co-authored-by: Carlos Holguera <[email protected]> * Update weaknesses/MASVS-STORAGE/MASWE-0004.md * Apply suggestions from code review Co-authored-by: Carlos Holguera <[email protected]> * Update IDs and rephrase the evaluation sections * Use r2 script for demo * Fix the Observations section * Apply suggestions from code review * Add AndroidManifest.xml for MASTG-DEMO-0020 * rename demo folder * Apply suggestions from code review * Update MASWE-0004.md status to "new" * Refactor Android backup instructions for MASTG-TEST-0216 * fix typo --------- Co-authored-by: Carlos Holguera <[email protected]> Co-authored-by: Jeroen Beckers <[email protected]> Co-authored-by: Jeroen Beckers <[email protected]> Co-authored-by: Prudhv! <[email protected]> Co-authored-by: Sven <[email protected]> Co-authored-by: Jeroen Beckers <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
#2844 closes