Sniff HTTPS Traffic with mitmproxy

Quote from moshe on 27/10/2020, 11:08 am

Problem

User wants to see all outgoing and incoming traffic in https protocol. since all the data is encrypted it is not possible to see almost anything with tcpdump running locally

Solution

Use mitmproxy and set your linux traffic trough the proxy https://mitmproxy.org/

install mitmproxy either locally or on another machine in your network

apt–get install python–pyasn1 python–flask python–urwid python–dev libxml2–dev libxslt–dev libffi–dev

pip install mitmproxy

either enable system wide port forwarding with iptables

sysctl -w net.ipv4.ip_forward=1
iptables -t nat -A PREROUTING -i eth0 -p tcp –dport 80 -j REDIRECT –to-port 8080
iptables -t nat -A PREROUTING -i eth0 -p tcp –dport 443 -j REDIRECT –to-port 8080

or from the command prompt for your session

echo “check_certificate = off” >> ~/.wgetrc
export http_proxy=’http://mitmproxy:8080′
export https_proxy=’http://mitmproxy:8080′
export HTTPS_PROXY=’http://mitmproxy:8080′
export HTTP_PROXY=’http://mitmproxy:8080′

start the server

mitmproxy -T –host

and start browsing with your favourite  browser check the mitmproxy console logs

Note:

Change to quotes and double quotes accordingly

echo “check_certificate = off” >> ~/.wgetrc
export http_proxy=’http://mitmproxy:8080′
export https_proxy=’http://mitmproxy:8080′
export HTTPS_PROXY=’http://mitmproxy:8080′
export HTTP_PROXY=’http://mitmproxy:8080′