How did the author use Python to exploit TabShell, and what tools were used to analyze the communication?

The author used a local Flask proxy to intercept the communication data from a PowerShell-based TabShell POC (exploiting CVE-2022-41040 or CVE-2022-41080 via SSRF). By capturing the raw packets, they understood the payload format and wrote a Python script to replicate the exploit. This method is similar to the approach in Penetration Technique: Python Implementation of Exchange PowerShell and reduces reliance on PowerShell for post-exploitation.