Home > Database > Mysql Tutorial > body text

OSX as Transparent Wifi MITM Proxy

WBOY
Release: 2016-06-07 16:29:19
Original
1506 people have browsed it

Yesterday I was in the situation where I wanted to debug an iOS deviceand what network calls it would make. Normally the trivial step is tojust define an HTTP proxy server in the wifi settings but that will onlywork for as long as you have

Yesterday I was in the situation where I wanted to debug an iOS device and what network calls it would make. Normally the trivial step is to just define an HTTP proxy server in the wifi settings but that will only work for as long as you have something that actually honors this proxy server. But there are better ways to transparently proxy connections from a device connected via Wifi which does not require any changes on the actual device.

The Tools

In order for this to work you need a device running OS X which is connected to the same network as the Wifi. Then you need to convince the Wifi device to see you as the gateway instead of the actual gateway. The easiest way is just to go to the settings and change the gateway to your computer's IP. The second ingredient is an HTTP proxy, ideally one that can also decrypt and reencrypt SSL traffic. Personally I can recommend Charles for that. Lastly you will need another proxy that can work transparently which sits between your device and Charles. On OS X redsocks gets this job done.

If you don't want to spend the money on Charles or you want to rewrite traffic with Python you can use mitmproxy.

The Setup

The first thing you will notice is that when you point your Wifi device to your computer it will loose network connectivity. That's because by default your computer won't forward packets. This can easily be changed through sysctl:

$ sudo sysctl -w net.inet.ip.forwarding=1
Copy after login

After that you should be able to browse the internet again on your Wifi device.

The second step is installing redsocks. If you have brew that's a very trivial operation:

$ brew install redsocks
Copy after login

Once installed you will need to create a config file for it. Call it redsocks.conf and place it in a folder from which you run redsocks:

base {
    log_debug = on;
    log_info = on;
    log = stderr;
    daemon = off;
    redirector = generic;
}
redsocks {
    local_ip = 0.0.0.0;
    local_port = 12345;
    ip = 127.0.0.1;
    port = 8889;
    // known types: socks4, socks5, http-connect, http-relay
    type = socks5;
}
Copy after login

Since I'm using Charles I take advantage of it's socks5 support and point it to localhost:8889 where Charles normally starts up if configured as Socks5 proxy. If you're using a regular HTTP proxy you can use http-connect as proxy type. The local_port defines where the actual transparent redsocks proxy opens.

All you have to do then is to start it:

$ redsocks
Copy after login

After that you will need to point all the traffic that is not from your computer and from port 80 and 443 of your Wifi through redsocks. On OS X the firewall canbe controlled through ipfw. In my case the wifi device is en1:

$ sudo ipfw add fwd 127.0.0.1,12345 tcp from not me to any 80 in via en1
$ sudo ipfw add fwd 127.0.0.1,12345 tcp from not me to any 443 in via en1
Copy after login

Working around OS X Bugs

Now currently if you finish that above setup you will notice that nothing actually works. The cause for this is a Bug in the OS X kernel that requires flipping the net.inet.ip.scopedroute flag to 0. I am not entirely sure what it does, but the internet reports that it breaks network sharing through the user preferences. In any case it fixes ipfw based forwarding so you can flip it with sysctl:

$ sudo sysctl -w net.inet.ip.scopedroute=0
Copy after login

Unfortunately in OS X Lion this flag can actually not be flipped from userspace so you need to set it as boot parameter and then restart your computer. You can do this by editing the /Library/Preferences/SystemConfiguration/com.apple.Boot.plist file:

<?xml version="1.0" encoding="UTF-8"?>

<plist version="1.0">
<dict>
  <key>Kernel Flags</key>
  <string>net.inet.ip.scopedroute=0</string>
</dict>
</plist>
Copy after login

Installing SSL Certificates

After all that your HTTP traffic should show up in your SSL interception proxy. SSL will only work if the application on your Wifi device is trusting your SSL interception proxy's CA. For browsers for instance that's trivial to change. The Charles Certificate can be added to the trust store by following this link: charles.crt. Note that this will not work with applications that don't use the system's CA trust store. In that case you will need to recompile your application so that it trusts the Charles CA.

../../../../static/charles.png
Related labels:
source:php.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template