This code is currently unstable and not suitable for use. There are some major changes ahead, so stay tuned.

Pyxie is an extensible transparent proxy framework intended for use in security testing and reverse engineering of proprietary protocols and applications. Pyxie allows you to easily observe, log, and modify traffic via Pyxie's built-in features or with custom scripts. Users can extend Pyxie for their needs by creating plugins that recognize the protocol they are testing and implement protocol-specific operations.

• Python3
• PyQt (currently does not work to install with pip)

• pyOpenSSL
• openssl binary (temporarily needed for creating certs)

Pyxie introduces a number of terms and concepts that users should be familiar with below.

A "client" refers to the target who initiates a connection and has their traffic forwarded through Pyxie. A "server" is an endpoint that a client intends to communicates with. Pyxie sits between the client and server, forwarding the client's traffic to the server and vice versa. Although the client/server model does not apply in all proxying scenarios, it is by far the most common and is thus the terminology that Pyxie uses.

Traffic can flow in two directions - "inbound" or "outbound". Outbound traffic flows from client to server. Likewise, inbound traffic flows from server to client.

TODO: This is going to change. Update this section.

Modifiers are objects that offer a way for users to modify traffic in transit. Modifiers can be thought of as hooks which observe traffic and perform a modification when a certain condition is met. Modifiers can be very simple, such as replacing the string literal "hello" with "goodbye", or complex, allowing programmers to run arbitrary python code on intercepted traffic before it is sent to its intended destination.

Modifiers can be defined in the config file or built-in to a protocol. There are a few different kinds of modifiers.

Pyxie allows programmers to add support for recognizing and handling new protocols. Just extend one of the existing protocol classes such as TCPProto (tcp.py) and place it in the protocols directory. Override the forward_inbound and forward_outbound methods to handle forwarding for your specific protocol.

TODO: Document more details on implementing protocol plugins

Wrappers are protocols which wrap around the protocol you're testing, yet are not the focus of being tested. SSL/TLS is implemented as a wrapper because it wraps many protocols (However, you could implement it as a protocol too if you actually testing SSL/TLS). A wrapper take a Protocol object and replace its inbound and outbound sockets with wrapped versions of those sockets so that they are completely transparent to the tester. Other wrapper objects may potentially include compression/decompression or other cryptographic protocols.

Pyxie does not provide a means for setting up traffic interception. Users' needs vary greatly depending on what they are testing. Here are some suggestions.

This is by far the easiest way to intercept traffic if the device the application resides on has a host file you can modify and there is only one server endpoint. You can do this if you're testing an app on a rooted phone/tablet or a desktop application.

You can also set up a rogue DNS server to intercept traffic. This is also relatively simple if you can configure the test device's DNS settings.

This can be unstable if you're not careful but it works. Use dsniff, ettercap, cain and abel, or another tool.

This is the simplest kind of VPN server to set up and works pretty well. Make Pyxie listen on the PPTP interface.

TODO

Pyxie can be configured by its config file (config.py) or command-line arguments, which will override options in the config file.

TODO: Document configuration options