2 Achegas fedb368802 ... 5e5022562e

Autor SHA1 Mensaxe Data
  golem 5e5022562e added more notes hai 2 meses
  golem c9e60752e9 added more notes hai 2 meses
Modificáronse 1 ficheiros con 44 adicións e 0 borrados
  1. 44 0
      NetworkHacking.org

+ 44 - 0
NetworkHacking.org

@@ -608,3 +608,47 @@ one-way arp spoofing attack, to fix it, wireshark can be ran as the sniffer.
 
 MITMproxy can be used to intercept, analyse, modify, and replay packet flows, it
 supports a number of proxy modes, TLS cert generation, etc.
+
+MITMproxy supports two modes:
+1. Explicit: user connects *directly* to the proxy.
+2. Transparent: data is *redirected* to the proxy.
+
+If we execute ~mitmweb~, it'll run mitmproxy in explicit mode, which means we'll
+need to connect our browser to the proxy so that we can analyse data flow.
+
+In the search bar there are several characters we can input to get different
+results:
+
+- ~~a~: will display page assets (CSS, JS, Flash, etc.) We can do ~~a .js~ to
+	get only javascript files.
+- ~~m~: will filter by method, i.e. ~~m POST~.
+- ~~s~: will show only responses.
+- ~~bs~: will filter based on the response body.
+
+Another thing that can be done, is to intercept packets, to stop them from going
+to their destination, to modify them, and to send them again. In intercept we
+can use the same rules we can do with search, and highlight.
+
+What we can do, is that we can add the intercept rule ~~bs </body>~ and it will
+intercept all the pages that have a ~</body>~ tag to edit them.
+
+If we are the man in the middle, we'll need to run the following command to
+route the traffic of our target(s) to mitmproxy:
+
+#+begin_src bash
+	iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 8080
+	iptables -t nat -A PREROUTING -p tcp --destination-port 443 -j REDIRECT --to-port 8080
+#+end_src
+
+That command redirects all data from port 80, to port 8080 where Mitmproxy is
+running. And we also need to run mitmproxy in transparent mode:
+
+#+begin_src bash
+  mitmweb --mode transparent
+#+end_src
+
+When we are finished, we need to flush the iptables rules:
+
+#+begin_src bash
+  iptables -t nat --flush
+#+end_src