Sniff HTTPS Traffic with mitmproxy
Quote from moshe on 27/10/2020, 11:08 amProblem
User wants to see all outgoing and incoming traffic in https protocol. since all the data is encrypted it is not possible to see almost anything with tcpdump running locally
Solution
Use mitmproxy and set your linux traffic trough the proxy https://mitmproxy.org/
install mitmproxy either locally or on another machine in your network
apt-get install python-pyasn1 python-flask python-urwid python-dev libxml2-dev libxslt-dev libffi-devpip install mitmproxyeither enable system wide port forwarding with iptablessysctl -w net.ipv4.ip_forward=1
iptables -t nat -A PREROUTING -i eth0 -p tcp –dport 80 -j REDIRECT –to-port 8080
iptables -t nat -A PREROUTING -i eth0 -p tcp –dport 443 -j REDIRECT –to-port 8080or from the command prompt for your sessionecho “check_certificate = off” >> ~/.wgetrc
export http_proxy=’http://mitmproxy:8080′
export https_proxy=’http://mitmproxy:8080′
export HTTPS_PROXY=’http://mitmproxy:8080′
export HTTP_PROXY=’http://mitmproxy:8080′start the servermitmproxy -T –hostand start browsing with your favourite browser check the mitmproxy console logsNote:Change to quotes and double quotes accordingly
Problem
User wants to see all outgoing and incoming traffic in https protocol. since all the data is encrypted it is not possible to see almost anything with tcpdump running locally
Solution
Use mitmproxy and set your linux traffic trough the proxy https://mitmproxy.org/
install mitmproxy either locally or on another machine in your network
apt-get install python-pyasn1 python-flask python-urwid python-dev libxml2-dev libxslt-dev libffi-devpip install mitmproxy
sysctl -w net.ipv4.ip_forward=1
iptables -t nat -A PREROUTING -i eth0 -p tcp –dport 80 -j REDIRECT –to-port 8080
iptables -t nat -A PREROUTING -i eth0 -p tcp –dport 443 -j REDIRECT –to-port 8080
echo “check_certificate = off” >> ~/.wgetrc
export http_proxy=’http://mitmproxy:8080′
export https_proxy=’http://mitmproxy:8080′
export HTTPS_PROXY=’http://mitmproxy:8080′
export HTTP_PROXY=’http://mitmproxy:8080′
mitmproxy -T –host