Terminal based intercepting proxy written in rust with tmux and vim as user
interface.
Table of Contents
Screenshots
The tool requires vim plugin which enables vim to function
as a user interface. Each window and filetype has its own set of keybindings
and commands.
The following windows are present in zxc:
When zxc is called a list of bash is used to spawn vim
with specific window name which loads corresponding vim config. All windows are
vim instances which communicate with zxc binary via unixsocket channel.
| Alias | Window |
|---|---|
| interceptor | Interceptor |
| vhistory | History |
| repeater | Repeater |
| addons | Addons |
The windows (except history which halts recording) can be closed and reopened
using their respective aliases.
┌─────────────┐
┌───────────────►│ zxc binary │◄────┬───────────────┐
│ └┬────────────┘ │ │
│ │ │ │
│ │ unix socket │ │
│ │ │ │
┌──────▼──────┐ ┌──────▼──────┐ ┌───────▼─────┐ ┌─────▼──────┐
│ Interceptor │ │ History │ │ Repeater │ │ Addons │
└─────────────┘ └─────────────┘ └─────────────┘ └────────────┘
- tmux and vim as user interface.
- Disk based storage.
- Custom http/1.1 parser to send malformed requests.
- http/1.1 and websocket support.
- getfattr
- tmux
- vim (> 8.2.4684) with the following features
- channel
- terminal
- timers
- ffuf
- sqlmap
- column (optional for indenting history files)
attr tmux vim ffuf sqlmap bsdmainutils
- cargo msrv 1.86.0
- make
- openssl
copy the zxc binary from ./target/release to $PATH. Install vim
plugin.
- Copy config files
mkdir $HOME/.config/zxc
cp ./config/{alias,config.toml,tmux.conf} $HOME/.config/zxc
- Generate private key
openssl genrsa -out $HOME/.config/zxc/private.key 2048
- Generate CA certificate using ./mkscripts/CA.cnf as CA config.
openssl req -x509 -new -nodes -key $HOME/.config/zxc/private.key -sha256 -days 1024 -out $HOME/.config/zxc/zxca.crt -extensions v3_req -config ./mkscripts/CA.cnf
- Copy vim config
mkdir -p $HOME/.vim/plugin
cp ./config/example/zxc.vim $HOME/.vim/plugin
- Copy filetype plugins (optional)
cp -r ./config/example/ftplugin $HOME/.vim
- Build zxc or download from release.
Install zxc.vim plugin.
mkdir -p $HOME/.vim/pack/git-plugins/start/
git clone --depth 1 https://github.com/hail-hydrant/zxc.vim $HOME/.vim/pack/git-plugins/start/zxc.vim
Add CA certificate from $HOME/.config/zxc/zxca.crt to your trusted CA
or browser.
-i and -e are mutually exclusive . The values should be in formatdomain:port.
For example, to intercept all domains except https://example.com,
The flags also support wildcard. For example, to intercept all sub domains of
http://*.example.com
The domains can be comma separated list of values.
zxc -i example.com:80,example.com:443
Displays intercepted requests and responses. Each request or response is added
as buffer.
| Command | Description |
|---|---|
| InterToggle | Toggle Interception |
| InterForward | Forward current request/response |
| InterForwardAll | Forward all requests and responses in queue |
| InterForwardWithRes | Forward Request + Intercept Response |
| Showq | Show interception queue with their respective scheme and host |
| DropMsg | Drop current request/response |
Displays the following history files,
Performs history recording. Closing it halts recording. In case of closing the
window accidentally reopen it by calling vhistory to resume recording. If zxc
is existed without history window, a state file .history.state is created to
resume logging the next time zxc is attached to this session.
Window is non modifiable and read only.
Repeater window is used to repeat requests. The original request is copied to a
folder named r-$id for http and r-ws-$id for websocket within the
specific history folder.
| Command | Description | Availability |
|---|---|---|
| RepeaterSend | Send Request | .req and scratch.wreq |
| WsEstablish | Establish Websocket Connection | .req in ws repeater |
To repeat a websocket request,
- In a websocket request (
wreq) file, callWsSendToRepeater. - In repeater window, http request corresponding to the websocket handshake is
displayed in top-left. - Call
WsEstablishin the request(req) window to establish a websocket connection. - Write the data in
scratch.wreqin bottom left and callRepeaterSendto
send.
Addons window is used to run additional tools. The original request is copied
to a folder named addons/$addon_prefix-$id.req within the specific history
folder with prefix specific to the addon being called. The request is displayed
in the top window and a terminal with addon cmd and arguments is displayed in
bottom split. Currently, ffuf and sqlmap are available.
Refer to for example addon integration.
Define a new table in $HOME/.config/zxc/config.toml file.
The following values(strings) are required:
| Key | Description |
|---|---|
| name | Name of the binary to be called |
| prefix | Prefix for resulting file used by the addon |
| request_flag | Flag used by the addon to identify the request file For example, -r for sqlmap and -request for ffuf |
| http_flag | Flag used by the addon to identify http scheme For example, -request-proto http for ffuf |
| https_flag | Flag used by the addon to identify https scheme For example, --force-tls for sqlmap |
| add_flag | Additional flags that will be added to the end of the command |
If the binary by default uses https, skip http_flag and vice versa.
The addon can be called from request .req file by calling RequestToAddon
function
call RequestToAddon("addon_name")
Calling from history .his file, by calling HistoryToAddon function
call HistoryToAddon("addon_name")
Add command or keymap via the ftplugin for req and his.
Example Command
for .req
command RequestToAddon_Name :call RequestToAddon("addon_name")
For .his
command HistoryToAddon_Name :call HistoryToAddon("addon_name")
Example Keymap
for .req
For .his
The following file types are available in zxc.
| Command | Description |
|---|---|
| HistoryView | View highlighted history Default keybinding is |
| HistoryIndent | Indent history |
| HistoryToRepeater | Send to Repeater |
| HistoryToFuzz | Send to Ffuf addon |
| HistoryToSql | Send to Sqlmap addon |
| ApplyFilters | Apply filters |
| ShowFilters | Show filters in popup Use q to close popup |
| ClearFilters | Clear all filters |
| AddToHostScope | Add host in current line to view scope |
| ClearHostScope | Clear host view scope list |
| EditHostScope | Edit host scope in popup Supports Vim Regex To match as regex add prefix /r |
| ShowHostScope | Show host scope in popup Use q to close popup |
| AddScode | Add Command argument to status code scope Use ‘x’ in place of wildcard Example, 1xx : shows status code in range 100 – 199 21x : shows status code in range 210 – 219 |
| ClearScode | Clear status code scope |
| EditScode | Edit status code scope in popup |
| ShowScode | Show status code scope in popup Use q to close popup |
| AddToUriScope | Add uri in current line to view scope |
| ClearUriScope | Clear uri view scope list |
| EditUriScope | Edit uri scope in a popup Supports Vim Regex To match as regex add prefix /r |
| ShowUriScope | Show uri scope list in a popup |
| EditConfig | Edit local config in popup If the config is modified then reloaded automatically |
| ReloadConfig | Manually Reload config |
| ConcealUri | Conceal URI column |
-
Vim fold is used to apply filters. Use
zRto open all folds. -
The
HistoryIndentcommand uses thecolumnshell command and can be
resource intensive on large files. Use sparingly. -
HostScope and UriScope support vim regex. Prefix the entry with
/rto
match as regex. For example to match all subdomains of google.com,/r .*.google.com
For his filetype, the URI can be concealed. Set g:conceal variable in
.his ftplugin to the number of characters to be concealed. Set the
conceallevel in your vimrc to enable this feature.
| Command | Description |
|---|---|
| EditBufVar | Edit buffer variables in a popup available in interceptor and repeater windows only |
| RequestToFuzz | Send to Ffuf addon |
| RequestToRepeater | Send to Repeater |
| RequestToSql | Send to Sqlmap addon |
req filetype has specific set of variables which can be modified to customize
request handling. EditBufVar command can be used to edit buffer variables in
a popup. Save and quit popup to reflect changes. The following variables are
available in interceptor and repeater windows.
| Variable | Type | Description |
|---|---|---|
| b:host | string | Host to send request to (ignore port for scheme specific default) |
| b:scheme | string | http/https |
| b:sni | string | SNI to use in TLS handshake (only when b:scheme is https) |
| b:update | bool | Whether request should be updated according to RFC. |
The following extended at
7 Comments
Sytten
Caido founder here!
Lots of nice stuff, since we are also in rust I see a lot of similar pattern in our codebase. I think your oneone crate could be split, we would probably be interested to collaborate on an http/2 support. We also have our own internal forgiving parser. It is an interesting thing to build tooling that must intentionally go beyond a spec since you basically have to reimplement all the primitives.
cess11
Looks rather nice.
tcoff91
Looks great!
thayne
Why does it need vim and tmux?
Couldn't it use vim itself for multiplexing?
nickandbro
I like the integration of the terminal with vim. I am making a site to learn vim motions called Vimgolf.ai and it’s interesting to see how your vim plugin works.
nishanmiranda
Looks cool. Will check it out
38
> tmux and vim as user interface
you should really drop this. I don't what MitmProxy uses, but I know that I can just download it from here
https://mitmproxy.org/downloads
and it just works – I am not gonna try another program if I have to install these other parts to get it working