Monitor arbitrary TCP traffic using your HTTP interception proxy of choice.
What is socksmon?
socksmon is a SOCKSv4 server based on Twisted, that tunnels incoming TCP traffic through an HTTP proxy. socksmon does this by starting an internal webserver on port 2357, posts the traffic to using the man in the middle proxy for editing it and then it forward it to the destination.
socksmon has preliminary support for SSL interception, meaning arbitrary ssl encrypted tcp traffic can be analyzed using your interception proxy of choice.
How do I use it?
First you need to create a certificate you would like to use with socksmon in PEM format and put it under
/tmp/server.pem
. If you use BURP, export the private key and the certificate and then concatenate them together. (e.g. cat server.crt server.key > /tmp/server.pem
)
Second, start your interception proxy with port 8080 on localhost.