I’m looking for the correct iptables rules for the following scenario:
Router R running ddwrt (so I can set iptables rules, but can’t install mitmproxy / wireshark)
Device A which is sending traffic I want to analyze to the internet. Device B running Ubuntu on which I have mitmproxy and wireshark. Many other devices on the network connected to R which I don’t want to disrupt.
How do I set up the rules so that traffic from A (and only traffic from A) is routed to device B? I don’t have any control over the device A besides setting to which wifi AP it connects.
Hi, did you take a look at http://docs.mitmproxy.org/en/stable/modes.html?
Most of the time, just setting a custom gateway is the easiest way (if you need transparent mode - regular mode would be even easier). If you want to do redirection on the router, take a look at https://github.com/mitmproxy/mitmproxy/blob/master/docs/custom-routing.txt.
Thanks, now I have read those I I’m doing the following which still doesn’t work:
On device B I start mitmproxy like this:
sudo mitmproxy -T --host -a -p 80
On my router R I added a static routing rule that tells A to use B as a gateway.
I verified this worked by running
route on A:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default rpi3.local 0.0.0.0 UG 0 0 0 wlan0
192.168.0.0 * 255.255.255.0 U 9 0 0 wlan0
I also verified this by tracerouting a site (the router is a second hop):
traceroute to ynet.co.il (220.127.116.11), 30 hops max, 60 byte packets
1 * * *
2 Netgear (192.168.0.1) 1.808 ms 2.094 ms 1.964 ms
However when I run wget I don’t see mitmproxy intercepting it:
What am I missing?
Are you redirecting traffic on B to mitmproxy? See steps 3/4 at http://docs.mitmproxy.org/en/stable/transparent/linux.html.
Now I followed the instructions at https://github.com/mitmproxy/mitmproxy/blob/master/docs/custom-routing.txt preceicely and it worked.
iptables -t mangle -A PREROUTING -j MARK --set-mark 3 -p tcp -m multiport --dports 80,443 gave me segmentation fault for some reason, but running it twice which each port separately worked.
I’m kind of lost with the iptables rules for my configuration. Here is my set-up:
Set-top-box > Computer running Ubuntu with mitmproxy > Internet
My computer has 2 ethernet NIC (eth0 and eth1). eth0 is connected to the set-top-box and eth1 is connected to an Internet box. I created a network bridge (called br0) between them. How can I redirect the http traffic from my set-top-box to the listening port of mitmproxy?