I would like to be able to distinguish users based on their port. The most simple path I can imagine would be if we could configure mimtdump to listen on more than one port. Is that possible? Then we could look at that header info in a
script to figure out who was connecting. I would think we could also do this via a firewall rule, but I wanted to see if the easest path was available first.
I found this which is hopeful. https://groups.google.com/forum/#!topic/mitmproxy/Haf_78obt68
The question I still have to answer though, is will I be able to get the original port? Like if I did only iptables forwards, mitm would hae no clue where the request came from re pre forwarded port.
If you are in transparent mode, access to the original port is available. Does that answer your question?
Thanks it seems to and I think I have this setup, but I am getting an error.
mitmproxy -T --host -p 8083
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 9000 -j REDIRECT --to-port 8083
iptables -t nat -A PREROUTING -i lo -p tcp --dport 9000 -j REDIRECT --to-port 8083
iptables -t nat -I OUTPUT -p tcp -o lo --dport 9000 -j REDIRECT --to-ports 8083
And I am still confused because here, https://github.com/mitmproxy/mitmproxy/issues/754 you say NOT to use NAT rules, but that is exactly what is in the example. The requests are getting through, but I have the same error as in that post re, HttpException(‘Invalid HTTP request form (expected: relative, got: absolute)’,)
Note, found the link with the best Transparent Proxy description. https://github.com/mitmproxy/mitmproxy/blob/master/docs/modes.rst
“Make sure you have not explicitly configured an HTTP proxy on the client. This is not needed in transparent mode.” But this is exactly what I want to do, aka, configure port 9000 for Bob, 9001 for Jim, 9001 for Olaf etc…
I am still not sure if I can use this to determine the orignal port, because I am not expecting that to be port 80.
I misunderstood what transparent mode is for. What I really needed was a forward proxy in front of mitm. Once I had that, I just needed to customize the Via header and read that in my Python script on mitm. So now I can know what user was hitting the mitm based on what port they use. It would be a LOT better if mitm could configure more than one listening port since now my server is heavier with Apache in front of mitm. I looked into other options re Squid(for he frontend proxy) and Burb as a total replacement. Burb can do multiple ports and supports sockets(from what I read), but there are some things about it I am not so sure of, like automatically passing through failed SSL connections.
I’m not sure what you mean by forward proxy. If you want to listen on multiple ports, you should be able to use iptables to accomplish that.
Besides, if you want to distinguish users, I would go and do that by source IP address where possible.
You can’t always control IPs as easily as you can ports in regard to a corp environment. iptables loses the original port.
This is what I ended up doing with Apache in front of mimtproxy
ProxyRemote * https://127.0.0.1:8080
Then I can read the via header and know which user is hitting mitm.