[_] iptables, mitm sniffing - help...
me at stephenroome.com
Wed May 29 11:44:22 BST 2019
Hi, It may help to clarify which OS you have on the Raspberry PI ? I might just have missed it though, Steve On Tue, May 28, 2019 at 5:53 PM Rob Jonson <rob at hobbyistsoftware.com> wrote: > > Hi Folks, > > I'm trying to sniff some websocket traffic between two devices on my local > network (an LG TV and an iPad remote control) > > I have set up a raspberry pi running mitmproxy (in transparent mode) > > the Pi setup is roughly > > internet -> [eth0 Raspberry pi wlan0] <- LG TV && iPad > > I'm able to sniff traffic which goes from the iPad to the ethernet, but > traffic between devices on wlan0 just doesn't show up > > (e.g. I can't see traffic between the TV and the remote control) > > I can't move the TV or the Remote to the ethernet side of the network > because that breaks the discovery protocol between them (multicast ssdp), > so they won't talk at all - and there is no traffic to intercept. > > I have the following iptable rules: > > # Generated by iptables-save v1.6.0 on Tue May 28 15:09:06 2019 > > *nat > > :PREROUTING ACCEPT [108:23640] > > :INPUT ACCEPT [46:8292] > > :OUTPUT ACCEPT [1:60] > > :POSTROUTING ACCEPT [0:0] > > -A PREROUTING -i wlan0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080 > > -A PREROUTING -i wlan0 -p tcp -m tcp --dport 443 -j REDIRECT --to-ports 8080 > > -A PREROUTING -i wlan0 -p tcp -m tcp --dport 3000 -j REDIRECT --to-ports > 8080 > > -A PREROUTING -i wlan0 -p tcp -m tcp --dport 3001 -j REDIRECT --to-ports > 8080 > > -A POSTROUTING -o eth0 -j MASQUERADE > > COMMIT > > # Completed on Tue May 28 15:09:06 2019 > > # Generated by iptables-save v1.6.0 on Tue May 28 15:09:06 2019 > > *filter > > :INPUT ACCEPT [16180:3332916] > > :FORWARD ACCEPT [0:0] > > :OUTPUT ACCEPT [13497:8752351] > > -A FORWARD -i eth0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT > > -A FORWARD -i wlan0 -o eth0 -j ACCEPT > > COMMIT > > # Completed on Tue May 28 15:09:06 2019 > > > which (I think) mean 'any traffic on wlan0 on the relevant ports should be > redirected to port 8080 on the local device' > > > > and have set > > sysctl -w net.ipv4.conf.all.send_redirects=0 > > > as instructed here > https://docs.mitmproxy.org/stable/howto-transparent/ > > the whole thing was set up following instructions from this chap > https://www.dinofizzotti.com/blog/2019-01-09-running-a-man-in-the-middle-proxy-on-a-raspberry-pi-3/ > > > I have spent days on this now! Can anyone help me to capture that traffic > on the wireless interface... > > thank you :) > > Rob > > > > -- > > > > > > Hobbyist Software is a trading name of Hobbyist Software Limited. > Registered office 12 Fraley Rd, Bristol, BS93BS. Registered in England. > Company no:7876492 > -- > underscore_ list info/archive -> http://www.under-score.org.uk/mailman/listinfo/underscore