PETEP (PEnetration TEsting Proxy) is an open-source Java application for creating proxies for traffic analysis & modification. Main goal of PETEP is to provide a useful tool for performing penetration tests of applications with various protocols (on TCP/UDP) by setting up proxies and interceptors to manage the traffic transmitted between the client and the server.
Requirements: Java 11+ (for M1, M2 Mac use Java 17+)
petep.sh
(Linux, Mac) or petep.bat
(Windows)
# Linux / Mac
chmod +x petep.sh
./petep.sh
# Windows
petep.bat
Tip: Provided run scripts contain useful variables,
including working directory (for petep.json
file), and path to Java executable.
You might need to change it if you do not have it in PATH or you use multiple Java versions
on your machine.
Tip: Most changes to the project are not automatically persistent. Use Project → Save to save the changes, when PETEP is running.
Latest PETEP version has the following protocol support:
And there are the following functionalities:
Detailed descriptions of all modules can be found in the official User Guide.
PETEP is made to be a proxy for application protocols built on TCP/UDP. In order to use PETEP as a proxy for your application, there are usually one the following options:
/etc/hosts
file and override the IP address
for the target domain.If the target application is not proxy aware and/or it is not possible to use other approaches (e.g. /etc/hosts
)
to make the application communicate through PETEP, you can use Deluder.
Deluder is a Python utility, which uses dynamic instrumentation to intercept function calls in common networking and encryption libraries. See Deluder GitHub.
In order to use Scripter extension, it is recommended to use GraalVM, since the implementation is built
using GraalVM Polyglot. Since GraalVM 22.2, you might need to install the scripting language in the GraalVM using
gu install js
.
In order to test TCP communication using existing HTTP proxies like Burp Suite, OWASP Zap etc.), you can use PETEP external HTTP proxy module, which allows you tunnel the TCP communication through these proxies.
External HTTP proxy module wraps the TCP communication inside HTTP, which is sent through the proxy. Repeating the packets is also supported as long as the connection is alive, so Burp Intruder/Repeater and Zaproxy Requester/Fuzzer can also be used for the TCP communication.
For more information, see User Guide - External HTTP Proxy.
Note: If you only want to use PETEP as the tunnel for sending the TCP through HTTP proxies,
I would recommend setting it up in GUI mode and then running it in NO-GUI mode (PETEP [project_path] --nogui
).
PETEP supports TCP proxy with SSL/TLS and STARTTLS. In order to use these, you have to provide certificate,
since the application does not generate it itself. For certificate generation, there are many tools that can be used,
but one of them is part of Java binaries (%JAVA_HOME%/bin/keytool
).
To generate a certificate in JKS keystore, you can use the following command:
keytool -genkey -alias petep -keyalg RSA -validity 3650 -keysize 4096 -keystore server.jks
Note: It is recommended to store these certificates alongside the project (project_dir/conf/server.jks)
There are three different guides that will help you use PETEP to its full potential:
It is possible to develop extensions using Java to implement support for new protocols and/or to implement new functionality for intercepting the communication (including graphical user interface).
For more information about extension development, please see Dev Guide.
PETEP is licensed under GNU GPL 3.0.