Getting Started With Pown Apps

Run SecApps Suite directly from your desktop with the power of pown

Pown is part of our open-source initiative. It is a framework of tools we use as part of our applications and service offering. Today we will learn how to install pown and the Pown Apps to access SecApps Suite and the rest of the SecApps tools directly from your desktop. With Pown Apps you can do many security testing activities without the need to install additional software, from actively intercepting HTTP traffic with the built proxy, to instrumenting Google Chrome and much more.

image10

Installation

Pown is written in JavaScript and utilises npm as its internal package management system. For this reason you need an environment with Nodejs already installed. Detailed instructions on how to install Nodejs can be found here.

Let’s install pown globally so that we can use it in all future projects. We need the following command for this:

$ npm install -g pown

image8

In this tutorial we will use the desktop apps which need to be installed as well. The apps are desktop tools and come with many advanced features that take more space and for these reasons they are not part of the default distribution.

To install the apps we need to use the modules sub-command like this:

$ pown modules install @pown/apps

image13

Now we have everything ready to get started.

How to Use

To list all apps use the pown apps command. Notice that you can find all SecApps tools as sub-commands. For example, the dashboard is available with pown apps dashboard command.

image10

Intercepting Traffic as a HTTP Proxy

In this example we can use HTTPView as a standard proxy. Here is how to do it. First we need to launch httpview:

$ pown apps httpview

image6

Click the record button to get the configuration dropdown. Click the Feed icon. Select only “Proxy Extension”. Ensure that the feed URI is similar to this: internal://extension?flavour=proxy&port=9191. This instructs the tool to capture traffic on port 9191 localhost.

image9

Press “Start Recording” to start intercepting.

In this example, we will configure curl to use a proxy server.

$ export http_proxy=http://localhost:9191
$ export https_proxy=http://localhost:9191
$ curl https://secapps.com -k

If the configuration was successful you should see the request from curl getting recorded in the HTTPView window as seen here.

image1

Intercepting Traffic with the Chrome Debug Protocol

At this point, pentesers might decide to use this method with their favourite browser just like they do with other proxy tools. But wait a second! We have a better method, one that directly taps into the networking stack of Chrome itself benefiting from this browser powerhouse.

Open httpview again if you don’t have it up and running:

$ pown apps httpview

This time we will use the “Chrome Debug” builtin feed. The url for the feed is similar to this: internal://extension?flavour=cdb&port=9223. Notice that the main difference between this URI and the previous URI is the flavour parameter.

image11

Before we start recording, we must launch chrome with the correct debug protocol port. We have some pre-configured options in the application menu. Select the one matching the port in the feed URI, i.e. 9223 as per the example we used earlier.

image12

You should see a brand new instance of Google Chrome ready to go. Ensure that the “Chrome Debug” feed is selected. Press the “Start Recording” button. Now try to access some web sites. You will see the requests are successfully captured in HTTPView ready for our inspection.

image7

This method is much better than using proxies because it is fast, secure and ultimately can deal with any type of transport protocol that is supported by the browser, which basically means everything that is even considered cutting edge.

Fuzzing HTTP Requests

There is so much more we can do. Let’s do a quick fuzz testing exercise with the Fuzzer. We start from pown again:

$ pown apps fuzzer

image3

With the app up and running, let’s configure a basic counter generator. This is just for demonstration purposes. In a real scenario we will be spending more time configuring the tool to get the result that we need.

image2

Start by typing “counter” at the end of the URL bar. Select the Counter generator. Ensure that the To field is set to 100. Press the play button. You will start getting results immediately.

image4

Advanced HTTP Client

In this use-case we will use Rest to play with HTTP requests. Start by launch rest. You can either do that from the command line like the other tools or if you have one of the Pown Apps already running you can select it from the application menu.

image5

Configure the request the same you would do with the online version of the tool. Submit the request and repeat the process as much as required.

Conclusion

SecApps, Pown and Pown Apps provide a powerful combination of security capabilities. You benefit from the scriptable nature of Pown combined it with the ease of use of Pown Apps. With little practice everything is possible.