react2shell_analyzer 1.0.0 
react2shell_analyzer: ^1.0.0 copied to clipboard
HTTP proxy analyzer for inspecting Next.js Server Actions, detecting React Flight tokens and prototype pollution patterns.
React2Shell Analyzer #
A powerful HTTP proxy analyzer for inspecting Next.js Server Actions traffic between your browser/PoC and Next.js server.
GitHub Repository
https://github.com/Benrich127N/react2shell_analyzer.git
Features #
- π Header Inspection: Logs all request and response headers
- π¦ Multipart Analysis: Parses and displays multipart form sections
- β οΈ Pattern Detection: Identifies suspicious patterns:
- React Flight tokens (
$@,$K:) - Prototype pollution attempts (
__proto__,constructor.prototype) - Server Action references
- React Flight tokens (
- π¨ Colored Output: Easy-to-read color-coded logs
- π Zero Configuration: Works out of the box
Architecture #
PoC/Browser β Dart Proxy (4000) β Next.js Server (3000)
Installation #
As a global command-line tool: #
dart pub global activate react2shell_analyzer
As a dependency in your project: #
dependencies:
react2shell_analyzer: ^1.0.0
Then run #
dart pub get
Usage #
Command Line #
# Start with defaults (proxy on 4000, forwards to localhost:3000)
react2shell_analyzer
# Custom configuration
react2shell_analyzer --proxy-port 8080 --target-port 3000 --target-host example.com
# Disable specific features
react2shell_analyzer --no-headers --no-color
Programmatic Usage in Dart #
import 'package:react2shell_analyzer/react2shell_analyzer.dart';
void main() async {
final config = ProxyConfig(
proxyPort: 4000,
targetHost: 'localhost',
targetPort: 3000,
);
await runProxy(config: config);
}
Example Output #
================================================================================
[a3f8bc21] POST /api/action
Time: 2025-12-07T10:30:45.123Z
REQUEST HEADERS:
content-type: multipart/form-data; boundary=----WebKitFormBoundary
next-action: abc123def456
MULTIPART REQUEST BODY:
Found 2 parts
PART 1:
Content-Disposition: form-data; name="0"
Content:
{"action":"$@1","data":{"userId":123}}
PART 2:
Content-Disposition: form-data; name="1_$ACTION_REF_1"
Content:
$K:1234567890abcdef
[a3f8bc21] RESPONSE: 200
β οΈ SUSPICIOUS PATTERNS DETECTED:
[React Flight action reference] \$@ at Part 1
Context: {"action":"$@1","data":{"userId":123}}
[React Flight key marker] \$K: at Part 2
Context: $K:1234567890abcdef
Use Cases #
#
π Security Research: Analyze Next.js Server Actions for vulnerabilities
π¬ Development: Debug multipart form submissions
π Traffic Analysis: Understand React Flight protocol
π‘οΈ Penetration Testing: Identify prototype pollution vectors
#
Contributing #
Contributions are welcome! Please open an issue or submit a pull request on GitHub.
Metadata
Publisher
unverified uploader
Weekly Downloads
Metadata
HTTP proxy analyzer for inspecting Next.js Server Actions, detecting React Flight tokens and prototype pollution patterns.
Repository (GitHub)
View/report issues
Contributing
License
unknown (license)
