54 lines
1.8 KiB
HTML
54 lines
1.8 KiB
HTML
On Linux, mitmproxy integrates with the iptables redirection mechanism to
|
|
achieve transparent mode.
|
|
|
|
<ol class="tlist">
|
|
|
|
<li> <a href="@!urlTo('ssl.html')!@">Install the mitmproxy
|
|
certificates on the test device</a>. </li>
|
|
|
|
<li> Enable IP forwarding:
|
|
|
|
<pre class="terminal">sysctl -w net.ipv4.ip_forward=1</pre>
|
|
|
|
You may also want to consider enabling this permanently in
|
|
<b>/etc/sysctl.conf</b>.
|
|
|
|
</li>
|
|
|
|
<li> If your target machine is on the same physical network and you configured it to use a custom gateway,
|
|
disable ICMP redirects:
|
|
|
|
<pre class="terminal">echo 0 | sudo tee /proc/sys/net/ipv4/conf/*/send_redirects</pre>
|
|
|
|
You may also want to consider enabling this permanently in
|
|
<b>/etc/sysctl.conf</b> as demonstrated <a href="http://unix.stackexchange.com/a/58081">here</a>.
|
|
|
|
</li>
|
|
|
|
<li> Create an iptables ruleset that redirects the desired traffic to the
|
|
mitmproxy port. Details will differ according to your setup, but the
|
|
ruleset should look something like this:
|
|
|
|
<pre class="terminal">iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080
|
|
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 443 -j REDIRECT --to-port 8080</pre>
|
|
|
|
</li>
|
|
|
|
<li> Fire up mitmproxy. You probably want a command like this:
|
|
|
|
<pre class="terminal">mitmproxy -T --host</pre>
|
|
|
|
The <b>-T</b> flag turns on transparent mode, and the <b>--host</b>
|
|
argument tells mitmproxy to use the value of the Host header for URL
|
|
display.
|
|
|
|
</li>
|
|
|
|
<li> Finally, configure your test device to use the host on which mitmproxy is
|
|
running as the default gateway.</li>
|
|
|
|
</ol>
|
|
|
|
|
|
For a detailed walkthrough, have a look at the <a href="@!urlTo('tutorials/transparent-dhcp.html')!@"><i>Transparently proxify virtual machines</i></a> tutorial.
|