|
@@ -608,3 +608,47 @@ one-way arp spoofing attack, to fix it, wireshark can be ran as the sniffer.
|
|
|
|
|
|
MITMproxy can be used to intercept, analyse, modify, and replay packet flows, it
|
|
|
supports a number of proxy modes, TLS cert generation, etc.
|
|
|
+
|
|
|
+MITMproxy supports two modes:
|
|
|
+1. Explicit: user connects *directly* to the proxy.
|
|
|
+2. Transparent: data is *redirected* to the proxy.
|
|
|
+
|
|
|
+If we execute ~mitmweb~, it'll run mitmproxy in explicit mode, which means we'll
|
|
|
+need to connect our browser to the proxy so that we can analyse data flow.
|
|
|
+
|
|
|
+In the search bar there are several characters we can input to get different
|
|
|
+results:
|
|
|
+
|
|
|
+- ~~a~: will display page assets (CSS, JS, Flash, etc.) We can do ~~a .js~ to
|
|
|
+ get only javascript files.
|
|
|
+- ~~m~: will filter by method, i.e. ~~m POST~.
|
|
|
+- ~~s~: will show only responses.
|
|
|
+- ~~bs~: will filter based on the response body.
|
|
|
+
|
|
|
+Another thing that can be done, is to intercept packets, to stop them from going
|
|
|
+to their destination, to modify them, and to send them again. In intercept we
|
|
|
+can use the same rules we can do with search, and highlight.
|
|
|
+
|
|
|
+What we can do, is that we can add the intercept rule ~~bs </body>~ and it will
|
|
|
+intercept all the pages that have a ~</body>~ tag to edit them.
|
|
|
+
|
|
|
+If we are the man in the middle, we'll need to run the following command to
|
|
|
+route the traffic of our target(s) to mitmproxy:
|
|
|
+
|
|
|
+#+begin_src bash
|
|
|
+ iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 8080
|
|
|
+ iptables -t nat -A PREROUTING -p tcp --destination-port 443 -j REDIRECT --to-port 8080
|
|
|
+#+end_src
|
|
|
+
|
|
|
+That command redirects all data from port 80, to port 8080 where Mitmproxy is
|
|
|
+running. And we also need to run mitmproxy in transparent mode:
|
|
|
+
|
|
|
+#+begin_src bash
|
|
|
+ mitmweb --mode transparent
|
|
|
+#+end_src
|
|
|
+
|
|
|
+When we are finished, we need to flush the iptables rules:
|
|
|
+
|
|
|
+#+begin_src bash
|
|
|
+ iptables -t nat --flush
|
|
|
+#+end_src
|