I always liked how simple was the Acme micro_proxy and once i got a working HTTP library i convince myself that developing a new modular proxy server could help me to develop new web security tools and of course add a new way for detecting forms with fscan and automatically add signatures or execute bruteforce attacks.

For some time, fhscan api included support for handling incoming connections. The latest version, that is developed in C++, includes some methods for invoking the HTTP Proxy module.

Running an HTTP/HTTPS Proxy instance, with SSL interception, is now as simple as:

HTTPAPI *api = new HTTPAPI();
api->InitHTTPProxy("127.0.0.1",8080);

The Fhscan API also includes several methods for handling the HTTP responses and a dynamic callback service. Adding extra features to our Proxy server to report all the requests is easier than ever.


With less than 20 lines of code you can build a complete HTTP server. Currently fhscan project is hosted at Google code so you can download a working version of fhscan that integrates a buildin proxy server (fhscan.exe --EnableProxy).

We are also offering for download an HTTP Proxy server for windows. Currently only basic configuration options are supported however the main idea is to check the power of the HTTP API.

Here is how looks like the response for the 20 lines of code shown above executed on a graphical application:




To improve proxy speed some few changes have been done to the HTTP library. The result is acceptable for debugging and auditing web applications, but do not expect to use it as your production server :)
As latest tools, Fscan HTTP Proxy should compile and work under win32 and linux.


- Download Gui version (Binary for Win32)

- HTTP Proxy console (Included with Fhscan Scanner)

- HTTP Library source code (Check the latest version at the svn server)