Python HTTP Shell – PyHttpShell

I had the pleasure of attending Dave Kennedy (@HackingDave) presentation “The dirty south – Getting Justified with Technology” at Defcon 21

Dave showed a cool python script he wrote that uses Facebook as MiTM for commanding your shell in cases where an organisation is using sites  whitelisting technology, Daves script  posts commands and receives output via Facebook and its notification system.

I decided to use the same concept and created “PyHTTP Shell”, the idea is pretty much the same, using a server you control as MiTM or Server in the middle.

PyHttpShell is a proof of concept and has very simple and basic features, it was written in Python 2.7 and php.



  • Transport over HTTP/HTTPS.
  • Supports System Proxy Settings.
  • Multiple Hosts/Connections.
  • Download files to client machine.
  • Change Sleep time remotely.
  • Works on Win/MAC/Linux



PyHttpShell from NightRanger on Vimeo.


PyHttpShell can be downloaded from source forge:



If you find this tool useful crypto currency donations are welcome:

Bitcoin: 1Kksc9b4WZ5X36xGDgpodPVpBSozMje6ui
Litecoin: LQ1JCMxo122FpJ8iKX7HsrNtjCacpTkkFW


Post to Twitter

Comments are closed on this post.

Recent Posts