Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[TOOL] NoPE Proxy #2844

Open
sk3l10x1ng opened this issue Jul 29, 2024 · 2 comments
Open

[TOOL] NoPE Proxy #2844

sk3l10x1ng opened this issue Jul 29, 2024 · 2 comments
Assignees

Comments

@sk3l10x1ng
Copy link
Collaborator

NoPE Proxy serves as a Burp Suite Extension designed for proxying Non-HTTP Traffic.

Link: https://github.com/summitt/Nope-Proxy

@sk3l10x1ng
Copy link
Collaborator Author

@cpholguera please assign to me . will work on it

@cpholguera
Copy link
Collaborator

It's assigned to you now. We also have the corresponding weakness that is still to be completed. Would you like to work on that one at the same time?

https://mas.owasp.org/MASWE/MASVS-NETWORK/MASWE-0048/
#2688

Ideally we'd

  1. Define the weakness MASWE-0048
  2. Create the new technique (MASTG-TECH-XXXX)
  3. Create one test (MASTG-TEST-02XX) referring to the new technique (MASTG-TECH-XXXX).
  4. Create one demo (MASTG-DEMO-XXXX) for that test using this tool NoPE Proxy (MASTG-TOOL-XXX).

We have some minimal content that could be used to create the technique:
https://mas.owasp.org/MASTG/0x04f-Testing-Network-Communication/#intercepting-non-http-traffic

Our V1 tests for Android and iOS have a paragraph about this

Interception proxies like Burp and OWASP ZAP will show HTTP(S) traffic only. You can, however, use a Burp plugin such as Burp-non-HTTP-Extension or the tool mitm-relay to decode and visualize communication via XMPP and other protocols.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants