kylefang/mitmproxy
1
0
Fork 0
mirror of https://github.com/zhigang1992/mitmproxy.git synced 2026-04-29 20:55:03 +08:00
Code Issues Packages Projects Releases Wiki Activity

move mitmproxy

Browse Source
This commit is contained in:
Maximilian Hils
2016-02-15 14:58:46 +01:00
parent 36f34f7019
commit 33fa49277a
444 changed files with 0 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

45
docs/transparent/linux.rst
View File

@@ -1,45 +0,0 @@
.. _linux:
Linux
=====
On Linux, mitmproxy integrates with the iptables redirection mechanism to
achieve transparent mode.
1. :ref:`Install the mitmproxy certificate on the test device <certinstall>`
2. Enable IP forwarding:
>>> sysctl -w net.ipv4.ip_forward=1
You may also want to consider enabling this permanently in ``/etc/sysctl.conf``.
3. If your target machine is on the same physical network and you configured it to use a custom
gateway, disable ICMP redirects:
>>> echo 0 | sudo tee /proc/sys/net/ipv4/conf/*/send_redirects
You may also want to consider enabling this permanently in ``/etc/sysctl.conf``
as demonstrated `here <https://unix.stackexchange.com/a/58081>`_.
4. Create an iptables ruleset that redirects the desired traffic to the
mitmproxy port. Details will differ according to your setup, but the
ruleset should look something like this:
.. code-block:: none
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 443 -j REDIRECT --to-port 8080
5. Fire up mitmproxy. You probably want a command like this:
>>> mitmproxy -T --host
The :option:`-T` flag turns on transparent mode, and the :option:`--host`
argument tells mitmproxy to use the value of the Host header for URL display.
6. Finally, configure your test device to use the host on which mitmproxy is
running as the default gateway.
For a detailed walkthrough, have a look at the :ref:`transparent-dhcp` tutorial.

70
docs/transparent/osx.rst
View File

@@ -1,70 +0,0 @@
.. _osx:
OSX
===
OSX Lion integrated the pf_ packet filter from the OpenBSD project,
which mitmproxy uses to implement transparent mode on OSX.
Note that this means we don't support transparent mode for earlier versions of OSX.
1. :ref:`Install the mitmproxy certificate on the test device <certinstall>`
2. Enable IP forwarding:
>>> sudo sysctl -w net.inet.ip.forwarding=1
3. Place the following two lines in a file called, say, **pf.conf**:
.. code-block:: none
rdr on en2 inet proto tcp to any port 80 -> 127.0.0.1 port 8080
rdr on en2 inet proto tcp to any port 443 -> 127.0.0.1 port 8080
These rules tell pf to redirect all traffic destined for port 80 or 443
to the local mitmproxy instance running on port 8080. You should
replace ``en2`` with the interface on which your test device will appear.
4. Configure pf with the rules:
>>> sudo pfctl -f pf.conf
5. And now enable it:
>>> sudo pfctl -e
6. Configure sudoers to allow mitmproxy to access pfctl. Edit the file
**/etc/sudoers** on your system as root. Add the following line to the end
of the file:
.. code-block:: none
ALL ALL=NOPASSWD: /sbin/pfctl -s state
Note that this allows any user on the system to run the command
``/sbin/pfctl -s state`` as root without a password. This only allows
inspection of the state table, so should not be an undue security risk. If
you're special feel free to tighten the restriction up to the user running
mitmproxy.
7. Fire up mitmproxy. You probably want a command like this:
>>> mitmproxy -T --host
The :option:`-T` flag turns on transparent mode, and the :option:`--host`
argument tells mitmproxy to use the value of the Host header for URL display.
8. Finally, configure your test device to use the host on which mitmproxy is
running as the default gateway.
.. note::
Note that the **rdr** rules in the pf.conf given above only apply to inbound
traffic. **This means that they will NOT redirect traffic coming from the box
running pf itself.** We can't distinguish between an outbound connection from a
non-mitmproxy app, and an outbound connection from mitmproxy itself - if you
want to intercept your OSX traffic, you should use an external host to run
mitmproxy. None the less, pf is flexible to cater for a range of creative
possibilities, like intercepting traffic emanating from VMs. See the
**pf.conf** man page for more.
.. _pf: https://en.wikipedia.org/wiki/PF_\(firewall\)