2

I’m trying to use MITMproxy in Transparent mode. I have two machines:

  • One Linux machine on which I run MITMProxy
  • One Android Embedded Device which traffic I want to redirect transparently

I’m focusing only on IPv4 and HTTP for now to keep things simple. Not TLS or IPv6.

On Linux I run MITMProxy with

mitmproxy --mode transparent --showhost

On Android I’ve run

adb shell sysctl -w net.ipv4.ip_forward=1
adb shell sysctl -w net.ip4.conf.all.send_redirects=0
adb shell iptables -t nat -A OUTPUT -p tcp --dport 80 -j DNAT --to-destination $IP_LINUX:8080

with the intent to redirect all traffic going to port 80 to my Linux machine on port 8080, the one mitmproxy listen to by default.

adb shell iptables -t nat -L --line-numbers
Chain PREROUTING (policy ACCEPT)
num  target     prot opt source               destination         
1    oem_nat_pre  all  --  anywhere             anywhere

Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination


Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination

1    DNAT       tcp  --  anywhere             anywhere             tcp dpt:http to:192.168.2.123:8080


Chain POSTROUTING (policy ACCEPT)
num  target     prot opt source               destination

1    tetherctrl_nat_POSTROUTING  all  --  anywhere             anywhere


Chain oem_nat_pre (1 references)
num  target     prot opt source               destination


Chain tetherctrl_nat_POSTROUTING (1 references)
num  target     prot opt source               destination

Then I’ve tried to connect to http://www.cs.sjsu.edu on port 80 (An host I’ve found online with IPv4 on http) with both netcat and the android browser.

I can see with tcpdump on Android and on Linux that packets are redirected, but I don’t see anything in MITProxy and connecting to the website still fails.

ping www.cs.sjsu.edu
PING cos-cwebwebster.sjsu.edu (130.65.255.57) 56(84) bytes of data.

--- cos-cwebwebster.sjsu.edu ping statistics ---
1 packets transmitted, 0 received, 100% packet loss, time 0ms


adb shell nc 130.65.255.57 80

With tcpdump I can see redirected packets

On Android

adb shell tcpdump -l -nn dst $IP_LINUX and dst port 8080
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on wlan0, link-type EN10MB (Ethernet), capture size 262144 bytes
10:30:17.513892 IP 192.168.2.101.47970 > 192.168.2.123.8080: Flags [S], seq 1827135764, win 65535, options [mss 1460,sackOK,TS val 368320 ecr 0,nop,wscale 9], length 0
10:30:17.514078 IP 192.168.2.101.47968 > 192.168.2.123.8080: Flags [S], seq 2479685048, win 65535, options [mss 1460,sackOK,TS val 368320 ecr 0,nop,wscale 9], length 0
10:30:17.514296 IP 192.168.2.101.47966 > 192.168.2.123.8080: Flags [S], seq 1020904415, win 65535, options [mss 1460,sackOK,TS val 368320 ecr 0,nop,wscale 9], length 0

On Linux

sudo tcpdump -i any -l -nn src $IP_ANDROID and dst port 8080
tcpdump: data link type LINUX_SLL2
dropped privs to tcpdump
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on any, link-type LINUX_SLL2 (Linux cooked v2), snapshot length 262144 bytes
10:30:17.577226 wlp65s0 In  IP 192.168.2.101.47970 > 192.168.2.123.8080: Flags [S], seq 1827135764, win 65535, options [mss 1460,sackOK,TS val 368320 ecr 0,nop,wscale 9], length 0
10:30:17.578696 wlp65s0 In  IP 192.168.2.101.47968 > 192.168.2.123.8080: Flags [S], seq 2479685048, win 65535, options [mss 1460,sackOK,TS val 368320 ecr 0,nop,wscale 9], length 0

But nothing still shows up on MITMProxy and connection fails.

What am I missing? Thanks!

emitrax
  • 121

2 Answers2

0

You want to nat the traffic before it hits your linux network process. Your nat statment is on the OUTPUT chain, which is after.

https://docs.mitmproxy.org/stable/howto-transparent/

iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080

You can also do the tcpdump on the android host IP, instead of the src/and port. Then you can monitor for return traffic as well. (tcpdump -l -nn host 1.2.3.4)

Silky Sandpaper
  • 1
0

You will need to confirm a couple of things;

  1. Your linux (MITM host) has ip forwarding (or routing through it) enabled.
  2. The IP address/subnet where you expect the Android box, is on the same subnet preferably
  3. Either via DHCP, or via a static ip address configuration, point your Android box default Gateway to the Linux Box IP address.

Something like this:

[Android 10.1.1.2/24, Default GW = 10.1.1.1] --> WLAN AP | LAN Cable -> <--- [ linux inside eth0 10.1.1.1/24, Default GW your internet router/pppoe] --> Internet

https://docs.mitmproxy.org/stable/howto-transparent/

Make sure you follow the steps there to enable ip forwarding, and pre-nat.

Silky Sandpaper
  • 1