mitmproxy is an SSL-capable man-in-the-middle HTTP proxy. It provides a console interface that allows traffic flows to be inspected and edited on the fly.

mitmdump is the command-line version of mitmproxy, with the same functionality but without the frills. Think tcpdump for HTTP.

Intercept and modify HTTP traffic on the fly
Save HTTP conversations for later replay and analysis
Replay both HTTP clients and servers
Make scripted changes to HTTP traffic using Python
SSL interception certs generated on the fly

SSH is a protocol for authenticating and encrypting remote shell sessions.

But, using SSH for just remote shell sessions ignores 90% of what it can do.


# ssh home -L 80:reddit.com:80
This article covers less common SSH use cases, such as:

using passwordless, key-based login;
setting up local per-host configurations;
exporting a local service through a firewall;
accessing a remote service through a firewall;
setting up a SOCKS proxy for Firefox;
executing commands remotely from scripts;
transfering files to/from remote machines;
mounting a filesystem through SSH; and
triggering admin scripts from a phone.

Netcat, also known as the Swiss-army knife for TCP/IP is capable of so many wonderful tasks, many people only know a partial amount of the features so I made a special cheat sheet for all the basic and more advanced features it supports.

Time to be honest here for a minute. The open source community really has outdone themselves coming up with some very obscure names for packages. Let's take this list of packages for instance: emacs, gimp, gcc, mutt, grub, kyle rankin, parted, tar, mutt, vim. Nine times out of ten, a common person is going to look at that list and become utterly confused over what package does what. That's just the beauty (and beast) of naming software in the open source community. But every so often a tool comes across my screen with such a blatantly obvious name that I just have to run a 'man' to make sure my eyes are not deceiving me. In this case, it's ethtool. Yes, a simple name, for such a powerful utility. The name itself tells you what it does, an Ethernet Tool. Tada! That's it, ethernet tool.

A lot of people seem to be talking about and performing load tests on HTTP servers, perhaps because there’s a lot more choice of servers these days.

That’s great, but I see a lot of the same mistakes being made, making the conclusions doubtful at best. Having spent a fair amount of time benchmarking high-performance proxy caches and origin servers for my day job, here are a few things that I think are important to keep in mind.

It’s not the final word, but hopefully it’ll help start a discussion.

LogMeIn Hamachi² is a hosted VPN service that securely connects devices and networks, extending LAN-like network connectivity to mobile users, distributed teams and business applications. You can easily create secure virtual networks on demand, across public and private networks.

Convore is a quick way to instant message with groups of friends in real-time. Join public or private groups and talk about anything!

trickle is a portable lightweight userspace bandwidth shaper. It can run in collaborative mode (together with trickled) or in stand alone mode.

Many Mac OS X users lament the lack of sophisticated network analysis tools, often prevalent and seemingly prolific on Linux systems. What many don't know is that Mac OS X comes with a built-in command-line tool to do all sorts of nifty things with Wi-Fi networks, from packet capture (traffic sniffing) to scanning nearby networks' signal to noise ratios.

Mac OS X ships with a command-line tool called airport that can do all sorts of nifty things with Wi-Fi networks. Unfortunately, it's so squirreled away that most people don't seem to know about it. The utility is part of the Apple80211 Private Framework used to power your Mac's Airport menubar icon.

You can parse DHCP packets using tcpdump and dhcpdump programs. dhcpdump provides a tool for visualization of DHCP packets as recorded and output by tcpdump to analyze DHCP server responses.

HTTP Status Codes.

The Open Information Security Foundation (OISF) is a non-profit foundation organized to build a next generation IDS/IPS engine.  The OISF has formed a multi-national group of the leading software developers in the security industry.  In addition to developers and a consortium consisting of leading cyber security companies, OISF has engaged the open source security community to identify current and future IDS/IPS needs and desires. 

Emerging Threats is an open source community project. Through the support of our community we are able to produce the fastest moving and most diverse Snort Signature set and firewall rules available. Other related projects find a home here as well. Matt Jonkman manages this project.

Suricata is the OISF IDP engine, the open source Intrusion Detection and Prevention Engine.

The following instructions will help you build and configure a low interaction honeypot based on nepenthes. The version of nepenthes in subversion is really the best one to use, so we'll have to build from source.

YAF is Yet Another Flowmeter. It processes packet data from pcap(3) dumpfiles as generated by tcpdump(1) or via live capture from an interface using pcap(3) into bidirectional flows, then exports those flows to IPFIX Collecting Processes or in an IPFIX-based file format. YAF's output can be used with the SiLK flow analysis tools and any other IPFIX compliant toolchain.

This Tooltip will show you how to install SiLK and YAF on a single machine for standalone Flow collection and Analysis.

This instructable will show you how to make an inexpensive network tap to monitor your network.

Companies like Network Optics make incredible taps, for all sorts of media, but if you have 10/100 home network then for $18 in parts from home depot you can make a tap and send the output to YAF/snort/tcpdump/wireshark and see if any data is leaking that should not be.