The objectives of the project are as follows:
• Design and implement a fast application proxy.
• The design should intercept and tamper http requests and responses between the client and the web server.
• It should run on an emulated Android operating system.
• It should be all written using Java programming language.
Design to be achieved
The design will eventually reach the full capability to properly intercept and tamper with http requests being sent to/from the web server and the client. This will be done by applying a proxy settings tab within the application to match that of the web server, and the user will be able to enter his desired settings accordingly to begin intercepting the information.
There will be several basic options such as toggling the intercept to ON/OFF, the user client will also have the ability to either forward or drop the information that were intercepted.
It will include several other features such as the ability to perform brute-force password attacks, vulnerability assessment techniques, base64 encoding and decoding on the information and received and on the web servers themselves.
The design will achieve the following high-level requirements:
1. The application proxy shall be run on Android operating system
2. The application proxy shall be able to intercept and alter at least two types of http methods between the web browser on the Android device and the webserver
3. The application proxy shall be able to execute both dictionary and brute force attacks against any login page (at least 2 passwords every one second)
4. The application proxy shall be able to encode and decode base64 encoding
5. The application proxy shall automatically stop the dictionary attack as soon as the password is correctly guessed
6. The application proxy shall bypass the CAPTCHA protection
7. The application proxy shall perform brute force directories and file names on web and application servers
8. The application proxy shall perform vulnerability assessment on at least four types of vulnerabilities
9- The application proxy shall provide a repeater feature to test the response of a target website