Wednesday, October 12, 2011

Wiping Up the Web, One Tissue (i.e. Page) at a Time...Introducing, "hachoo.rb"

A helpful utility if you want to explore web pages in detail...should work with tor, socks, MITM proxies, etc.

* Features: Site automation, proxy support (including SOCKS), ability to change user agent, iframe support, etc...
*Coming soon: (crawling, bug-fixes, etc)

I welcome any suggestions for improvement.  Cheers!

Installation:

# git clone git://github.com/ninp0/hachoo.git
# gem install mechanize
# gem install addressable
# gem install socksify
# gem install rails
# cd hachoo
# ./hachoo.rb
Usage: ./hachoo.rb -u <uri> <optional_flags>
    -h, --help                       Help!
    -u, --uri URI                    Required: Target URI
    -P, --proxy-ip PROXY_IP          Optional: Proxy IP
    -p, --proxy-port PROXY_PORT      Optional: Proxy Port
    -S, --enable-socks-proxy         Optional: Soxy Proxy is Foxy ;)
    -a, --eval-all                   Optional: Evaluate All
    -b, --body-eval                  Optional: Evaluate Body Response
    -f, --forms-eval                 Optional: Evaluate Forms
    -l, --links-eval                 Optional: Evaluate Links
    -i, --images-eval                Optional: Evaluate Images
    -t, --title-eval                 Optional: Display Page Title
    -T, --timeout SECONDS            Optional: Timeout in Seconds
    -U, --user-agent AGENT           Optional: User Agent

Basic Example (Request will Timeout After 5 Seconds):
    ./hachoo.rb -u https://twitter.com/ninp0 -a -T 5

Intermediate Example:
    Start a MITM Proxy (e.g. BurpSuite, Paros, etc.)
        java -Xmx512m -jar burpsuite.jar
    Now perform a Request on the URL Below via the MITM Proxy:
        ./hachoo.rb -P '127.0.0.1' -p 8080 -u 'http://hang4r.blogspot.com'

Advanced Example:
    Start a SOCKS Server vis SSH:
        ssh -v -v -v -NCD 127.0.0.1:8443 user@remote_ssh_host
    Use hachoo.rb to Search for WordPress Sitesi
    through a SOCKS Proxy via Google Trickery:
        ./hachoo.rb -S -P '127.0.0.1' -p 8443 -u 'http://www.google.com/search?sclient=psy-ab&q=inurl:wp-content%20site:wordpress.org' -l

Kung-Fu Example:
    Use hachoo.rb to Follow ninp0 on Twitter via Pipe-Delimited Stacked Requests (Replace USERNAME & PASSWORD in Example Below):
    Despite the 404 Response for this Stacked Request ninp0 will be Followed...
        ./hachoo.rb -u 'https://mobile.twitter.com/login>>>submit>>>username=USERNAME&password=PASSWORD|https://mobile.twitter.com/ninp0>>>get|https://mobile.twitter.com/ninp0/follow>>>submit>>>last_url=/ninp0'
Posted by at No comments:
Subscribe to: Posts (Atom)