[_] iptables, mitm sniffing - help...
rob at hobbyistsoftware.com
Tue May 28 17:50:22 BST 2019
Hi Folks, I'm trying to sniff some websocket traffic between two devices on my local network (an LG TV and an iPad remote control) I have set up a raspberry pi running mitmproxy (in transparent mode) the Pi setup is roughly internet -> [eth0 Raspberry pi wlan0] <- LG TV && iPad I'm able to sniff traffic which goes from the iPad to the ethernet, but traffic between devices on wlan0 just doesn't show up (e.g. I can't see traffic between the TV and the remote control) I can't move the TV or the Remote to the ethernet side of the network because that breaks the discovery protocol between them (multicast ssdp), so they won't talk at all - and there is no traffic to intercept. I have the following iptable rules: # Generated by iptables-save v1.6.0 on Tue May 28 15:09:06 2019 *nat :PREROUTING ACCEPT [108:23640] :INPUT ACCEPT [46:8292] :OUTPUT ACCEPT [1:60] :POSTROUTING ACCEPT [0:0] -A PREROUTING -i wlan0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080 -A PREROUTING -i wlan0 -p tcp -m tcp --dport 443 -j REDIRECT --to-ports 8080 -A PREROUTING -i wlan0 -p tcp -m tcp --dport 3000 -j REDIRECT --to-ports 8080 -A PREROUTING -i wlan0 -p tcp -m tcp --dport 3001 -j REDIRECT --to-ports 8080 -A POSTROUTING -o eth0 -j MASQUERADE COMMIT # Completed on Tue May 28 15:09:06 2019 # Generated by iptables-save v1.6.0 on Tue May 28 15:09:06 2019 *filter :INPUT ACCEPT [16180:3332916] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [13497:8752351] -A FORWARD -i eth0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT -A FORWARD -i wlan0 -o eth0 -j ACCEPT COMMIT # Completed on Tue May 28 15:09:06 2019 which (I think) mean 'any traffic on wlan0 on the relevant ports should be redirected to port 8080 on the local device' and have set sysctl -w net.ipv4.conf.all.send_redirects=0 as instructed here https://docs.mitmproxy.org/stable/howto-transparent/ the whole thing was set up following instructions from this chap https://www.dinofizzotti.com/blog/2019-01-09-running-a-man-in-the-middle-proxy-on-a-raspberry-pi-3/ I have spent days on this now! Can anyone help me to capture that traffic on the wireless interface... thank you :) Rob -- Hobbyist Software is a trading name of Hobbyist Software Limited. Registered office 12 Fraley Rd, Bristol, BS93BS. Registered in England. Company no:7876492