Skip to content

Latest commit

 

History

History
47 lines (39 loc) · 1.41 KB

README.md

File metadata and controls

47 lines (39 loc) · 1.41 KB

Description

Phorcys is a recursive payload decoder. It will recursively decode and inspect binary and text content. As an example, it is able to decode a base64 encoded JSON field which has been compressed in gzip and encoded in base64. Phorcys creates either a tree or a forest depending on input format. In case of a binary file, you will get a tree in which the root corresponds to the format/algorithm detected from the file content. Then, each child corresponds to the format/algorithm detected from the content extracted/decoded by the parent node. In case of a .flow file, each root corresponds to a single flow.

Phorcys is the analysis engine of PiPrecious.

It supports the following format/algorithms out-of-the-box:

  • base64
  • bzip
  • css
  • gzip
  • html
  • json
  • lzma
  • multipart
  • protobuf
  • text
  • urlencoded
  • zlib

It can be fed with a .flow file (from mitmdump) or with a binary file. In the case of a .flow file, Phorcys will recursively decompress/decode:

  • URL
  • request payload
  • response payload

for each flow.

Examples

Installation

Phorcys depends on multiple system requirements

  • python3
  • python3-pip
  • python3-dev
  • protobuf-compiler
  • build-essential

See the installation guide.