Skip to content

A Python http(s) server designed to assist in red teaming activities such as receiving intercepted data via POST requests and serving content dynamically (e.g. payloads).

License

Notifications You must be signed in to change notification settings

t3l3machus/Synergy-httpx

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

33 Commits
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Synergy Httpx

Python License

Purpose

A Python http(s) server designed to assist in red teaming activities such as receiving intercepted data via POST requests and serving content dynamically (e.g. payloads).

I find this tool handy when performing USB-based attacks during physical pentests (Rubber ducky / BadUSB / ATtiny85, etc). Check out the ATtiny85_templates folder for some handy .ino templates to load on your microcontrollers. Credits: My templates are inspired by this repo -> CedArctic/DigiSpark-Scripts.

🎥 How to turn your ATtiny85 into a rubber ducky

Preview

image

Installation

This tool was explicitly developed and tested on kali linux. I doubt it will work properly on Windows.

pip3 install -r requirements.txt

Usage

python3 synergy_httpx.py [-h] [-c CERT] [-k KEY] [-p PORT] [-q] [-i INTERFACE]
  • If you provide cert.pem and key.pem files when you execute synergy_httpx.py, the server will run with SSL (https).
  • You can use the "serve" and "release" prompt commands to associate/disassociate server path names with local files to be used as a response body to GET/POST requests, while the server is running. There are two standard hardcoded endpoints, 1 x GET mainly for connectivity tests and 1 x POST that will print the request body to the stdout, useful for intercepting data and sending them to your server via http(s).
  • You can predifine endpoints (server paths mapped to local files) by editting the user_defined_endpoints dict in synergy_httpx.py (there are examples).
  • Use the "endpoints" prompt command to list all of the server's active endpoints.