I’m using mitmproxy 3 on Linux Mint 18. In the docs, there are instructions on how to set up a transparent proxy in Linux. Because I have the transparent proxy on my own computer rather than a separate router, I replaced PREROUTING with OUTPUT.
However, I’m having trouble intercepting any websites using ipv6 through mitmproxy. For example, Instagram and Facebook do not get intercepted. Do you have any suggestions of how I should configure iptables/ip6tables, mitmproxy.conf, and/or sysctl to be able to also capture ipv6 addresses? Is something like what’s suggested here with Squid necessary?
I figured it out. You have to set net.ipv6.conf.all.forwarding=1 in your sysctl.conf, and then use the same rules for ipv6 using ip6tables as you do for ipv4 in iptables. I’ll submit a pull request to include this in the docs some time today.
EDIT: It worked for a while - then I restarted my computer, restarted mitmproxy and verified that all settings were the same, and it’s no longer working. Very confused.
EDIT 2: The specific message I get for all domains using ipv6 is as follows:
Client connection was killed because allow_remote option is set to false, client IP was not a private IP and proxyauth was not set.
To allow remote connections set allow_remote option to true or set proxyauth option.
[2601:246:100:cefc:7da3:3d6c:6195:5f1f]:42868: Connection killed
[2601:246:100:cefc:7da3:3d6c:6195:5f1f]:42868: clientdisconnect
I’m trying to find out more about these two options.
EDIT 3: I have a script which I’m passing to mitmdump. Inside that script, I set the allow_remote option to True. Now, I get the following error on ipv6 domains:
[2601:246:100:cefc:7da3:3d6c:6195:5f1f]:57030: clientdisconnect
[2601:246:100:cefc:7da3:3d6c:6195:5f1f]:57032: clientconnect
[2601:246:100:cefc:7da3:3d6c:6195:5f1f]:57032: Transparent mode failure: FileNotFoundError(2, ‘No such file or directory’)
I moved to a different Internet connection, and now, the transparent proxy is functioning fine with ipv6 websites. So, I think this must be some issue with my home ISP (Comcast/xfinity) or router. If I figure out what the issue is, I’ll post here for anyone facing similar problems.
However, regardless, I think the net.ipv6.conf.all.forwarding=1 is necessary, so I’ll submit that pull request.