A Simple Web-app Pen-test Proxy


When penetration testing a web application, input manipulation is one of the more important tasks. PenProxy makes it easier to do that manipulation.

To use PenProxy, start it, and set your browser to use it as a proxy. For every request, PenProxy lists URL parameters (GET requests), request parameters (POST requests), and headers, and gives you the chance to modify anything before passing the request to the server.


At the moment, the following limitations apply. May be changed in the future (you may remove them yourself if you want to, the source code is included).

  • No HTTPS support, just plain HTTP.
  • If chaining through another proxy, proxy-authentication is not supported.

Screen Shot

PenProxy in Action


You may download PenProxy from my Java Software page.

[Home] [Security] [Sikkerhet] [Adv] [Book] [CV]
[Zaurus] [Java] [Linux] [MS-DOS] [Patches] [Music] [MrWalker] [Misc]
$Id: PenProxy.html.m4,v 1.3 2003-05-24 10:06:39 sverrehu Exp $