CapTipper – Malicious HTTP traffic explorer

CapTipper is a python tool to analyze, explore and revive HTTP malicious traffic. CapTipper sets up a web server that acts exactly as the server in the PCAP file, and contains internal tools, with a powerful interactive console, for analysis and inspection of the hosts, objects and conversations found.

The tool provides the security researcher with easy access to the files and the understanding of the network flow, and is useful when trying to research exploits, pre-conditions, versions, obfuscations, plugins and shellcodes.

CapTipper – Malicious HTTP traffic explorer

The tool allow user to have an integration with virustotal and send the MD5 to check if there was a previous detection by any anti-malware protection. Upon starting to analyze the PCAP file local Webserver imitating the web server(s) in the PCAP will be created. This will be useful to not only check the connection but the web content as well.

The hosts command allows us to take a bird-eye-view on the hosts and URIs involved in the traffic. This beside plugins to get a better understanding for the malicious and suspicious connections.

You can read more and download this tool over here: https://github.com/omriher/CapTipper

Share