ldapx: inspect & transform all LDAP packets

by ddos ·

ldapx

Flexible LDAP proxy that can be used to inspect & transform all LDAP packets generated by other tools on the fly.

Usage

$ ldapx -t LDAPSERVER:389 [-f MIDDLEWARECHAIN] [-a MIDDLEWARECHAIN] [-b MIDDLEWARECHAIN] [-l LOCALADDR:LOCALPORT] [-o MIDDLEWAREOPTION=VALUE] [...]

Where:

  • -f will apply Filter middlewares to all applicable requests
  • -a will apply AttrList middlewares to all applicable requests
  • -b will apply BaseDN middlewares to all applicable requests
  • -e will apply AttrEntries middlewares to all applicable requests
  • -o can be specified multiple times and is used to specify options for the middlewares
  • -F specifies the verbosity level for forward packets (requests)
  • -R specifies the verbosity level for reverse packets (responses)
  • -x can be used to specify a SOCKS proxy to use for the connection to the target

If --ldaps / -s is specified, then the connection to the target will use LDAPS. This can come in handy if you must use a tool that doesn’t support LDAPS. Use --no-shell / -N if you don’t want to interact with the shell to modify the settings while the program is running.

Each middleware is specified by a single-letter key (detailed below), and can be specified multiple times. For each type of middleware, the middlewares in the chain will be applied in the order that they are specified in the command.

For more options check the --help.

Install & Tutorial

Tags: LDAP packetsldapx