Join Log in
Score:0
emitrax avatar Server

MITMProxy transparent mode not working

gq flag
emitrax

I’m trying to use MITMproxy in Transparent mode. I have two machines:

  • One Linux machine on which I run MITMProxy
  • One Android Embedded Device which traffic I want to redirect transparently

I’m focusing only on IPv4 and HTTP for now to keep things simple. Not TLS or IPv6.

On Linux I run MITMProxy with

mitmproxy --mode transparent --showhost

On Android I’ve run

adb shell sysctl -w net.ipv4.ip_forward=1
adb shell sysctl -w net.ip4.conf.all.send_redirects=0
adb shell iptables -t nat -A OUTPUT -p tcp --dport 80 -j DNAT --to-destination $IP_LINUX:8080

with the intent to redirect all traffic going to port 80 to my Linux machine on port 8080, the one mitmproxy listen to by default.

adb shell iptables -t nat -L --line-numbers
Chain PREROUTING (policy ACCEPT)
num  target     prot opt source               destination         
1    oem_nat_pre  all  --  anywhere             anywhere            

Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination         
1    DNAT       tcp  --  anywhere             anywhere             tcp dpt:http to:192.168.2.123:8080

Chain POSTROUTING (policy ACCEPT)
num  target     prot opt source               destination         
1    tetherctrl_nat_POSTROUTING  all  --  anywhere             anywhere            

Chain oem_nat_pre (1 references)
num  target     prot opt source               destination         

Chain tetherctrl_nat_POSTROUTING (1 references)
num  target     prot opt source               destination

Then I’ve tried to connect to http://www.cs.sjsu.edu on port 80 (An host I’ve found online with IPv4 on http) with both netcat and the android browser.

I can see with tcpdump on Android and on Linux that packets are redirected, but I don’t see anything in MITProxy and connecting to the website still fails.

ping www.cs.sjsu.edu
PING cos-cwebwebster.sjsu.edu (130.65.255.57) 56(84) bytes of data.

--- cos-cwebwebster.sjsu.edu ping statistics ---
1 packets transmitted, 0 received, 100% packet loss, time 0ms

adb shell nc 130.65.255.57 80

With tcpdump I can see redirected packets

On Android

adb shell tcpdump -l -nn dst $IP_LINUX and dst port 8080
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on wlan0, link-type EN10MB (Ethernet), capture size 262144 bytes
10:30:17.513892 IP 192.168.2.101.47970 > 192.168.2.123.8080: Flags [S], seq 1827135764, win 65535, options [mss 1460,sackOK,TS val 368320 ecr 0,nop,wscale 9], length 0
10:30:17.514078 IP 192.168.2.101.47968 > 192.168.2.123.8080: Flags [S], seq 2479685048, win 65535, options [mss 1460,sackOK,TS val 368320 ecr 0,nop,wscale 9], length 0
10:30:17.514296 IP 192.168.2.101.47966 > 192.168.2.123.8080: Flags [S], seq 1020904415, win 65535, options [mss 1460,sackOK,TS val 368320 ecr 0,nop,wscale 9], length 0

On Linux

sudo tcpdump -i any -l -nn src $IP_ANDROID and dst port 8080
tcpdump: data link type LINUX_SLL2
dropped privs to tcpdump
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on any, link-type LINUX_SLL2 (Linux cooked v2), snapshot length 262144 bytes
10:30:17.577226 wlp65s0 In  IP 192.168.2.101.47970 > 192.168.2.123.8080: Flags [S], seq 1827135764, win 65535, options [mss 1460,sackOK,TS val 368320 ecr 0,nop,wscale 9], length 0
10:30:17.578696 wlp65s0 In  IP 192.168.2.101.47968 > 192.168.2.123.8080: Flags [S], seq 2479685048, win 65535, options [mss 1460,sackOK,TS val 368320 ecr 0,nop,wscale 9], length 0

But nothing still shows up on MITMProxy and connection fails.

What am I missing? Thanks!

1312
2 + 0
Score:0
Silky Sandpaper avatar Server
tz flag
Silky Sandpaper

You want to nat the traffic before it hits your linux network process. Your nat statment is on the OUTPUT chain, which is after.

https://docs.mitmproxy.org/stable/howto-transparent/

iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080

You can also do the tcpdump on the android host IP, instead of the src/and port. Then you can monitor for return traffic as well. (tcpdump -l -nn host 1.2.3.4)

+ 4
emitrax avatar
gq flag
emitrax
Thanks Silky for replying. I've realised that what I'm doing was fundamentally wrong because the Android box is on wifi and Linux has an eth interface to access internet and a wifi to use as a bridge. I thought that simply redirecting the Android wifi to the Linux Wifi would work, but I think I need an hotspot to begin with. After looking into the iptables documentation, DNAT is not what I want. What you suggest would work only for the local traffic. At least I've tried and that's the result (after setting up the hotspot).
0
Reply
Silky Sandpaper avatar
tz flag
Silky Sandpaper
No - you are on the right track. You basically want to send your traffic to the linux box, it needs to send trough its routing table, kernel, mitm process (and dump the contents to screen/log/whatever), and then send the traffic onwards to your server of choice - but pretend to be sourced from the linux box. the fact that the linux box and android box use different L1/2 OSI models are neither here nor there. Your easier option would be to look at something like squid on the linux box, and manually point your android box there as a proxy server?
0
Reply
emitrax avatar
gq flag
emitrax
Not sure if I should create another question, but how can I redirect the WiFi traffic of a device to another device such that it acts as a proxy? I tried with `ip route add default via 192.168.2.123 dev wlan0` but it has no effect.
0
Reply
Silky Sandpaper avatar
tz flag
Silky Sandpaper
You will need to confirm a couple of things;
0
Reply
Score:0
Silky Sandpaper avatar Server
tz flag
Silky Sandpaper

You will need to confirm a couple of things;

  1. Your linux (MITM host) has ip forwarding (or routing through it) enabled.
  2. The IP address/subnet where you expect the Android box, is on the same subnet preferably
  3. Either via DHCP, or via a static ip address configuration, point your Android box default Gateway to the Linux Box IP address.

Something like this:

[Android 10.1.1.2/24, Default GW = 10.1.1.1] --> WLAN AP | LAN Cable -> <--- [ linux inside eth0 10.1.1.1/24, Default GW your internet router/pppoe] --> Internet

https://docs.mitmproxy.org/stable/howto-transparent/

Make sure you follow the steps there to enable ip forwarding, and pre-nat.

+ 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.