How to use fake DNS server in HTTPS MITM?


#1

Instead of using the standard gateway to redirect connections, one could also think of using a fake DNS server to do HTTPS MITM. Or We can modify the /etc/hosts. In this case ,the destination address of HTTPS was modified to the Proxy Address. How does mitmproxy get the correct server name? Maybe the proxy can use SNI as the server name, but i don’t know how to do.


#2

You may want to look at https://github.com/mitmproxy/mitmproxy/blob/master/examples/complex/dns_spoofing.py. It’s a fairly brittle setup in my opinion, so I would always recommend setting up a regular proxy or a transparent one if necessary. For example, any hardcoded IPs would bypass IP spoofing. :slight_smile:


#3

Thanks very much. This is what i need.


#4

It seems that SNI or HTTP Host header dosen’t work for dns_spoofing.py。
But I’m sure SNI and HTTP Host header exists.

When i use this command:
sudo mitmproxy -p 443 -s dns_spoofing.py -R http://www.example.com/
It always display http://www.example.com

When i use this command:
sudo mitmproxy -p 443 -s dns_spoofing.py
The browser always display error messages:
502 Bad Gateway

ProtocolException(‘Cannot connect to server, no server address given.’,)


#5

@MillionSky, do you have a reproducible example (e.g. using curl) for this?


#6

This is my whole step:

  1. import mitmproxy-ca-cert.pem
  2. use bind or /etc/hosts to redirect www.baidu.com to the server running mimproxy.
    The website is for test.
  3. sudo sysctl -w net.ipv4.ip_forward=1
  4. run mitmproxy
    sudo mitmproxy -p 443 -s dns_spoofing.py -R https://www.baidu.com
    It works fine.
    But if -R not specified, the browser always display error messages:
    502 Bad Gateway

ProtocolException(‘Cannot connect to server, no server address given.’,)


#7

Looking at https://github.com/mitmproxy/mitmproxy/blob/master/examples/complex/dns_spoofing.py, it seems to me that you are missing --keep-host-header. Without that, mitmproxy will rewrite the host header before redirection takes place, which likely is your issue.


#8

But there is no this option:
millionsky@ubuntu-16:~$ sudo mitmproxy -p 443 -s dns_spoofing.py -R https://www.baidu.com --keep-host-header
usage: mitmproxy [options]
mitmproxy: error: unrecognized arguments: --keep-host-header

I tried Self-contained Pre-built Binary Packages and source install, neither has this option.
This is Self-contained Pre-build Binary Packages install:
wget https://github.com/mitmproxy/mitmproxy/releases/download/v2.0.2/mitmproxy-2.0.2-linux.tar.gz
tar zxvf mitmproxy-2.0.2-linux.tar.gz
sudo mv mitmproxy mitmdump mitmweb /usr/local/bin/

This is source install:
sudo apt-get install python3-dev python3-pip libffi-dev libssl-dev
pip3 install -U pip
sudo pip3 install mitmproxy


#9

Sorry, this might only be available on master/soon-to-be 3.0, where it’s --set keep_host_header. We should have a release candidate soon-ish, feel free to use the dev builds at snapshots.mitmproxy.org until then.


#10

OK,Thanks very much! I will try it.