More information about the Underscore mailing list

[_] iptables, mitm sniffing - help...

Steve Roome me at stephenroome.com
Wed May 29 11:44:22 BST 2019

Hi,

It may help to clarify which OS you have on the Raspberry PI ?

I might just have missed it though,

Steve

On Tue, May 28, 2019 at 5:53 PM Rob Jonson <rob at hobbyistsoftware.com> wrote:
>
> Hi Folks,
>
> I'm trying to sniff some websocket traffic between two devices on my local
> network (an LG TV and an iPad remote control)
>
> I have set up a raspberry pi running mitmproxy (in transparent mode)
>
> the Pi setup is roughly
>
> internet -> [eth0 Raspberry pi wlan0] <- LG TV && iPad
>
> I'm able to sniff traffic which goes from the iPad to the ethernet, but
> traffic between devices on wlan0 just doesn't show up
>
> (e.g. I can't see traffic between the TV and the remote control)
>
> I can't move the TV or the Remote to the ethernet side of the network
> because that breaks the discovery protocol between them (multicast ssdp),
> so they won't talk at all - and there is no traffic to intercept.
>
> I have the following iptable rules:
>
> # Generated by iptables-save v1.6.0 on Tue May 28 15:09:06 2019
>
> *nat
>
> :PREROUTING ACCEPT [108:23640]
>
> :INPUT ACCEPT [46:8292]
>
> :OUTPUT ACCEPT [1:60]
>
> :POSTROUTING ACCEPT [0:0]
>
> -A PREROUTING -i wlan0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080
>
> -A PREROUTING -i wlan0 -p tcp -m tcp --dport 443 -j REDIRECT --to-ports 8080
>
> -A PREROUTING -i wlan0 -p tcp -m tcp --dport 3000 -j REDIRECT --to-ports
> 8080
>
> -A PREROUTING -i wlan0 -p tcp -m tcp --dport 3001 -j REDIRECT --to-ports
> 8080
>
> -A POSTROUTING -o eth0 -j MASQUERADE
>
> COMMIT
>
> # Completed on Tue May 28 15:09:06 2019
>
> # Generated by iptables-save v1.6.0 on Tue May 28 15:09:06 2019
>
> *filter
>
> :INPUT ACCEPT [16180:3332916]
>
> :FORWARD ACCEPT [0:0]
>
> :OUTPUT ACCEPT [13497:8752351]
>
> -A FORWARD -i eth0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT
>
> -A FORWARD -i wlan0 -o eth0 -j ACCEPT
>
> COMMIT
>
> # Completed on Tue May 28 15:09:06 2019
>
>
> which (I think) mean 'any traffic on wlan0 on the relevant ports should be
> redirected to port 8080 on the local device'
>
>
>
> and have set
>
> sysctl -w net.ipv4.conf.all.send_redirects=0
>
>
> as instructed here
> https://docs.mitmproxy.org/stable/howto-transparent/
>
> the whole thing was set up following instructions from this chap
> https://www.dinofizzotti.com/blog/2019-01-09-running-a-man-in-the-middle-proxy-on-a-raspberry-pi-3/
>
>
> I have spent days on this now! Can anyone help me to capture that traffic
> on the wireless interface...
>
> thank you :)
>
> Rob
>
>
>
> --
>
>
>
>
>
> Hobbyist Software is a trading name of Hobbyist Software Limited.
> Registered office 12 Fraley Rd, Bristol, BS93BS. Registered in England.
> Company no:7876492
> --
> underscore_ list info/archive -> http://www.under-score.org.uk/mailman/listinfo/underscore