View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
0002204Kali LinuxNew Tool Requestspublic2015-04-07 08:532020-02-11 12:02
Reporteromriher Assigned Tog0tmi1k  
PrioritynormalSeverityfeatureReproducibilityhave not tried
Status closedResolutionwon't fix 
Summary0002204: CapTipper - Malicious HTTP traffic explorer tool (#DFIR)
Description

CapTipper is a python tool to analyze, explore and revive HTTP malicious traffic.
CapTipper sets up a web server that acts exactly as the server in the PCAP file,
and contains internal tools, with a powerful interactive console, for analysis and inspection of the hosts, objects and conversations found.

The tool provides the security researcher with easy access to the files and the understanding of the network flow,
and is useful when trying to research exploits, pre-conditions, versions, obfuscations, plugins and shellcodes.

Feeding CapTipper with a drive-by traffic capture (e.g of an exploit kit) displays the user with the requests URI's that were sent and responses meta-data.
The user can at this point browse to http://127.0.0.1/[URI] and receive the response back to the browser.
In addition, an interactive shell is launched for deeper investigation using various commands such as: hosts, hexdump, info, ungzip, body, client, dump and more...

Additional Information

https://github.com/omriher/CapTipper
http://www.omriher.com/2015/01/captipper-malicious-http-traffic.html
http://www.omriher.com/2015/03/captipper-02-released.html

Attached Files
captipper_main.png (137,343 bytes)   
captipper_main.png (137,343 bytes)   

Activities

g0tmi1k

g0tmi1k

2018-01-29 14:44

administrator   ~0008363

To help speed up the process of evaluating the tool, please make sure to include the following information (the more information you include, the more beneficial it will for us):

  • [Name] - The name of the tool
  • [Version] - What version of the tool should be added?
    --- If it uses source control (such as git), please make sure there is a release to match (e.g. git tag)
  • [Homepage] - Where can the tool be found online? Where to go to get more information?
  • [Download] - Where to go to get the tool?
  • [Author] - Who made the tool?
  • [Licence] - How is the software distributed? What conditions does it come with?
  • [Description] - What is the tool about? What does it do?
  • [Dependencies] - What is needed for the tool to work?
  • [Similar tools] - What other tools are out there?
  • [How to install] - How do you compile it?
  • [How to use] - What are some basic commands/functions to demonstrate it?
g0tmi1k

g0tmi1k

2020-02-11 12:02

administrator   ~0012216

I believe its python 2 (which is EOL)

Also, no update really since 2015

Issue History

Date Modified Username Field Change
2015-04-07 08:53 omriher New Issue
2015-04-07 08:53 omriher File Added: captipper_main.png
2018-01-29 14:44 g0tmi1k Note Added: 0008363
2019-12-09 13:30 g0tmi1k Severity minor => feature
2020-02-11 12:02 g0tmi1k Note Added: 0012216
2020-02-11 12:02 g0tmi1k Assigned To => g0tmi1k
2020-02-11 12:02 g0tmi1k Status new => closed
2020-02-11 12:02 g0tmi1k Resolution open => won't fix