Logging https traffic using Raspbian
In order to intercept https traffic, it is necessary to run software on a router or access point that provides its own certificates to clients.
Using Mirko Dölle's beautiful instructions, today I set up mitmproxy
on a Raspberry Pi 2 running Raspbian based on Debian Jessie.
I have an RT5572 based dual band wifi dongle that works very well with Raspbian which I am going to use for clients to connect while the Raspberry Pi 2 itself is connected to the internet via ethernet.
First, I set up Raspbian in the usual way.
Then I modified the dhcpcd
configuration to assign a static IP address to the wifi adaptor which is going to be my access point.
I added the following lines to the end of /etc/dhcpcd.conf
.
interface wlan0
static ip_address=192.168.6.1/24
Next, I added the hostapd
package and created a configuration file for it:
# apt-get install hostapd
# cat >/etc/hostapd/hostapd.conf <<EOF
interface=wlan0
driver=nl80211
country_code=GB
ctrl_interface=/var/run/hostapd
ctrl_interface_group=0
ssid=rpi-mitm
# 802.11g on #8
hw_mode=g
channel=8
# encryption
wpa=2
wpa_passphrase=pleasehackme
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP
rsn_pairwise=CCMP
# gobbledigook
beacon_int=100
auth_algs=1
wmm_enabled=1
EOF
Before activating, one line in /etc/default/hostapd
has to be adjusted:
DAEMON_CONF="/etc/hostapd/hostapd.conf"
In order to assign IP addresses to clients and handle DNS forwarding, I then installed dnsmasq
, again creating a configuration for it.
# apt-get install dnsmasq
# cat >>/etc/dnsmasq.conf <<EOF
interface=wlan0
dhcp-range=192.168.6.50,192.168.6.100,12h
EOF
Next, I activated package forwarding by uncommenting the following lines in /etc/sysctl.conf
:
net.ipv4.ip_forward=1
net.ipv6.conf.all.forwarding=1
I then set up network address translation by adding a POSTROUTING rule for my WAN interface to the NAT iptables.
This setting needs to be persisted by installing the iptables-persistent
package.
# iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
# apt-get install iptables-persistent
Then I restart all the services involved.
I disable legacy Debian networking because it takes the wlan0
interface up which prevents hostapd
from starting.
This completes the setup of the access point.
# systemctl disable networking
# systemctl start hostapd
# systemctl start dnsmasq
# systemctl restart procps
In order to inspect client traffic through the access point, I installed mitmproxy
.
The version 0.10.1-2 installed by apt-get
(on Jessie) is too old, so I install the current version 0.18.2 manually.
Since Jessie only provides Python 3.4, I went with Python 2.7.
# apt-get install python-pip python-dev libffi-dev libssl-dev libxml2-dev libxslt1-dev libjpeg8-dev zlib1g-dev g++
# pip install mitmproxy
To run it, I add a couple of redirections to the inbound interface.
# iptables -t nat -A PREROUTING -i wlan0 -p tcp --dport 80 -j REDIRECT --to-port 8080
# iptables -t nat -A PREROUTING -i wlan0 -p tcp --dport 443 -j REDIRECT --to-port 8080
# mitmproxy -T --host
Install mitmproxy
's certificate on the device by browsing to http://mitm.it/
.
To deactivate the capture, it suffices to remove the iptables rules.
# iptables -t nat -F PREROUTING