Let’s pen-test make easier with raw0xy

In the recent android application penetration testing, I have encountered a challenge. In that, I have to copy-paste hundreds of file content to BurpSuite. So I frustrated with this copy-paste task and finally, I wrote a script and named it as raw0xy.

What is raw0xy:

raw0xy is a python script, takes a file that contains raw HTTP request and a proxy route. Then the script will parse the raw HTTP request and sends it via defined proxy.

Where and How can I use raw0xy:

In the mobile application penetration testing, I often experience certificate pinning issue. Due to this, I may fail to intercept the application traffic through BurpSuite. In that case, I use HTTPCanary to capture raw HTTP requests by hooking the target application. Using HTTPCanary, I gather raw HTTP requests and export those text files to PC.

With a directory full of raw HTTP requests it was time to import them into BurpSuite and start analysis on those requests. However I could not find any method or extension of importing my raw HTTP requests into BurpSuite other than manually copying and pasting them into repeater. This is the place where I frustrated to do repeated task.

After a short break I got an idea like this “By simply send the raw HTTP request…