Newsletter
Join the Community
Subscribe to our newsletter for the latest news and updates
TCPCopy is a powerful stream replay tool used by red teams to clone live TCP traffic for testing firewall bypasses and network security defenses.
Rust-based Windows PE manual loader supporting x86/x64. Implements manual mapping, base relocations, and import resolution for memory-based execution.
Unified exposure management platform for automated vulnerability scanning, attack surface monitoring, and cloud security posture management.
TCPCopy is a TCP stream replay tool designed for realistic testing of Internet server applications. It addresses the challenge of accurately simulating complex online environments by reproducing live traffic that closely resembles production workloads. This tool is widely adopted by companies in China due to its minimal impact on production systems, consuming only additional CPU, memory, and bandwidth, while mirroring production environments in terms of request diversity, network latency, and resource usage.
Use Cases
Architecture
TCPCopy comprises two main components: tcpcopy and intercept. The tcpcopy component operates on the online server, capturing live requests. The intercept component runs on an assistant server, primarily responsible for passing response information back to tcpcopy. The actual application under test runs on a separate target server. By default, tcpcopy utilizes raw sockets to capture packets at the network layer, simulating TCP interactions, controlling network latency, and mimicking upper-layer interactions before sending packets to the target server via raw sockets. The intercept component's role is to capture response packets from the target server, extract the response header information, and forward it to tcpcopy through a dedicated channel. Upon receiving this information, tcpcopy modifies the attributes of online packets and continues sending subsequent packets. It's crucial to note that responses from the target server are routed to the assistant server, which acts as a black hole, preventing them from reaching the original clients.
