BDFProxy VS ql-https

Compare BDFProxy vs ql-https and see what are their differences.

BDFProxy

Patch Binaries via MITM: BackdoorFactory + mitmProxy. (by secretsquirrel)
Bdf Python bdfproxy mitmproxy mitm-attacks Mitm
Source Code
Suggest alternative
Edit details

ql-https

HTTPS support for Quicklisp via curl (by rudolfochrist)
Suggest topics
Source Code
Suggest alternative
Edit details
InfluxDB - Power Real-Time Data Analytics at Scale
Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
www.influxdata.com
featured
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com
featured
BDFProxy ql-https
2 6
981 17
- -
0.0 7.7
almost 3 years ago about 2 months ago
Python Common Lisp
- MIT License
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.

BDFProxy

Posts with mentions or reviews of BDFProxy. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2023-02-26.
  • quicklisp security (or total lack of it)
    6 projects | /r/lisp | 26 Feb 2023
    for same sort of thing but not lisp, see backdoor factory that will backdoor any .exe you download over connection that attacker is MITMing. attacker doesn't need to know what specific library you will download from quicklisp, they write a mitmproxy script like that so for any download from quicklisp.org, it opens the .tar.gz, adds some malicious lisp to it (probably that just executes shell command to download and execute their normal malware, password stealer or whatever as I don't think they going to write full malware in lisp), repack it as .tar.gz you were requesting and serve it to you. It's not the same issue as phishing where they email saying please open and run attachment.exe and you click through all the warnings that you are doing something dangerous and about to run untrusted code. You just use quicklisp as you normally do, if you install any package, when an attacker can MITM your connection they can run code on your computer. Yes that is sometimes also possible with browser exploit but browsers have multiple layers of sandbox and protections against it, and when someone finds a vulnerability that gets through it is treated as a serious vulnerability to fix. some of this thread seems people saying well nothing is perfectly secure a sufficiently pacient, skilled, well-funded attacker can always get through somehow, so it doesn't matter raising the bar off the floor by not using http unverified to download code we run on people's computer
  • mitmproxy is a command-line tool for intercepting HTTPS traffic. Here is how you set up it.
    1 project | /r/commandline | 12 Feb 2021
    Have you seen this mitmproxy plugin: https://github.com/secretsquirrel/BDFProxy They use mitmproxy to capture and replace software auto-updates.

ql-https

Posts with mentions or reviews of ql-https. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2023-07-26.
  • It's 2023, so of course I'm learning Common Lisp
    11 projects | news.ycombinator.com | 26 Jul 2023
    Solutions for the lack of https:

    - add in https://github.com/rudolfochrist/ql-https (downloads packages with curl)

    - use another package manager, CLPM: https://www.clpm.dev (or the newest ocicl)

    > CLPM comes as a pre-built binary, supports HTTPS by default, supports installing multiple package versions, supports versioned systems, and more.

    - use mitmproxy: https://hiphish.github.io/blog/2022/03/19/securing-quicklisp...

  • Ocicl – An ASDF system distribution and management tool for Common Lisp
    8 projects | news.ycombinator.com | 17 May 2023
    Other options are:

    - Quicklisp -really slick, libraries in there are curated. (with https support here: https://github.com/rudolfochrist/ql-https and here: https://github.com/snmsts/quicklisp-https.git)

    - for project-local dependencies like virtualenv: https://github.com/fukamachi/qlot

    - a new, more traditional one: https://www.clpm.dev (CLPM comes as a pre-built binary, supports HTTPS by default, supports installing multiple package versions, supports versioned systems, and more)

    For recent Quicklisp upgrades: http://ultralisp.org/

    Ocicl is very new (5 days) and tries a new approach, building "on tools from the world of containers".

  • What do you think the risks/pitfalls of using Common Lisp are in a business?
    1 project | /r/lisp | 11 May 2023
    You can use SSL with QuickLisp via ql-https
  • quicklisp security (or total lack of it)
    6 projects | /r/lisp | 26 Feb 2023
  • Common Lisp Implementations in 2023
    10 projects | news.ycombinator.com | 23 Feb 2023
    LPM's warning is not surprising. It's common for libraries (dare I say open-source ones?), even if they work well. It's part of the stability game, once they are marked 1.0, they are stable. LPM works well (as reported by others).

    QL wants to do it portably, there are easy workarounds, but yeah…

    (just saw https://github.com/rudolfochrist/ql-https)

  • Securing Quicklisp through mitmproxy
    2 projects | /r/Common_Lisp | 19 Mar 2022
    That what I‘m doing: https://github.com/rudolfochrist/ql-https

What are some alternatives?

When comparing BDFProxy and ql-https you can also consider the following projects:

the-backdoor-factory - Patch PE, ELF, Mach-O binaries with shellcode new version in development, available only to sponsors

tungsten - A Common Lisp toolkit.

BDFProxy vs the-backdoor-factory ql-https vs tungsten