spikeproxy(1) web application auditing tool


spkproxy [-s SSLproxyhost] [-p port] [-U NTLMUser] [-D NTLMDomain] [-P NTLMPassword] [-l ListenHost] [-c cache_directory]


This manual page documents briefly the spikeproxy command. This manual page was written for the Debian distribution because the original program does not have a manual page.

SPIKE proXY functions as an HTTP and HTTPS proxy, and allows web developers or web application auditors low level access to the entire web application interface, while also providing a number of automated tools and techniques for discovering common problems. These automated tools include:

1.Automated SQL Injection Detection

2.Web Site Crawling (guaranteed not to crawl sites other than the one being tested)

3.Login form brute forcing

4.Automated overflow detection

5.Automated directory traversal detection

In addition to automated analysis, SPIKE proXy allows the user to penetrate into the internals of the web application by viewing and changing all variables, cookies, headers, or other parts of the request and resubmit them. SPIKE proXy maintains a careful record of each request made - saving both each request, and the entire response. The user can later go back and replace any request or view any response.


This program can be configured with the options listed below. The options may be given in any order.
-c cache directory
The directory that will be used to cache all the requests. This directory is created if it does not exist. The default location is /var/cache/spikeproxy but it can only be used by the root user. -l listenhost The IP address the proxy will listen on (it defaults to so it is not available from external hosts).
-p port
This option sets the port the proxy will listen on (it defaults to 8080 if not provided).
-h proxyHost
Sets a proxy host to use in the proxy chain. Spike will forward all requests to this proxy.
-H proxyPort
Sets the port for the proxy host.
-s proxySSLHost
Sets a proxy host for SSL connections. Spike will forward all SSL requests to this proxy.
-S proxySSLPort
Sets the port for the SSL proxy host.
-U NTLM Username
Defines the NTLM username it will use when authenticating to the proxy host.
-P NTLM Password
Sets the password it will use when authenticating to the proxy host.
-D NTLM Domain
Sets the NTLM domain it will use when providing credentials to the proxy host.


This manual page was written by Javier Fernandez-Sanguino Pen~a <[email protected]>, for the Debian GNU/Linux system (but may be used by others).