Pown is part of our open-source initiative. It is a framework of tools we use as part of our applications and service offering. Today we will learn how to install pown and the Pown Apps to access SecApps Suite and the rest of the SecApps tools directly from your desktop. With Pown Apps you can do many security testing activities without the need to install additional software, from actively intercepting HTTP traffic with the built proxy, to instrumenting Google Chrome and much more.
Let’s install pown globally so that we can use it in all future projects. We need the following command for this:
$ npm install -g pown
In this tutorial we will use the desktop apps which need to be installed as well. The apps are desktop tools and come with many advanced features that take more space and for these reasons they are not part of the default distribution.
To install the apps we need to use the
modules sub-command like this:
$ pown modules install @pown/apps
Now we have everything ready to get started.
How to Use
To list all apps use the
pown apps command. Notice that you can find all SecApps tools as sub-commands. For example, the dashboard is available with
pown apps dashboard command.
Intercepting Traffic as a HTTP Proxy
In this example we can use HTTPView as a standard proxy. Here is how to do it. First we need to launch httpview:
$ pown apps httpview
Click the record button to get the configuration dropdown. Click the Feed icon. Select only “Proxy Extension”. Ensure that the feed URI is similar to this:
internal://extension?flavour=proxy&port=9191. This instructs the tool to capture traffic on port 9191 localhost.
Press “Start Recording” to start intercepting.
In this example, we will configure curl to use a proxy server.
$ export http_proxy=http://localhost:9191 $ export https_proxy=http://localhost:9191 $ curl https://secapps.com -k
If the configuration was successful you should see the request from curl getting recorded in the HTTPView window as seen here.
Intercepting Traffic with the Chrome Debug Protocol
At this point, pentesers might decide to use this method with their favourite browser just like they do with other proxy tools. But wait a second! We have a better method, one that directly taps into the networking stack of Chrome itself benefiting from this browser powerhouse.
Open httpview again if you don’t have it up and running:
$ pown apps httpview
This time we will use the “Chrome Debug” builtin feed. The url for the feed is similar to this:
internal://extension?flavour=cdb&port=9223. Notice that the main difference between this URI and the previous URI is the flavour parameter.
Before we start recording, we must launch chrome with the correct debug protocol port. We have some pre-configured options in the application menu. Select the one matching the port in the feed URI, i.e.
9223 as per the example we used earlier.
You should see a brand new instance of Google Chrome ready to go. Ensure that the “Chrome Debug” feed is selected. Press the “Start Recording” button. Now try to access some web sites. You will see the requests are successfully captured in HTTPView ready for our inspection.
This method is much better than using proxies because it is fast, secure and ultimately can deal with any type of transport protocol that is supported by the browser, which basically means everything that is even considered cutting edge.
Fuzzing HTTP Requests
There is so much more we can do. Let’s do a quick fuzz testing exercise with the Fuzzer. We start from pown again:
$ pown apps fuzzer
With the app up and running, let’s configure a basic counter generator. This is just for demonstration purposes. In a real scenario we will be spending more time configuring the tool to get the result that we need.
Start by typing “counter” at the end of the URL bar. Select the Counter generator. Ensure that the
To field is set to
100. Press the play button. You will start getting results immediately.
Advanced HTTP Client
In this use-case we will use Rest to play with HTTP requests. Start by launch rest. You can either do that from the command line like the other tools or if you have one of the Pown Apps already running you can select it from the application menu.
Configure the request the same you would do with the online version of the tool. Submit the request and repeat the process as much as required.
SecApps, Pown and Pown Apps provide a powerful combination of security capabilities. You benefit from the scriptable nature of Pown combined it with the ease of use of Pown Apps. With little practice everything is possible.