Difference between revisions of "Intercept SSL Traffic"

From WebOS Internals
Jump to navigation Jump to search
 
(2 intermediate revisions by the same user not shown)
Line 1: Line 1:
 
Run Internet Sharing on your host, gateway address is 10.0.2.1, client wifi address is 10.0.2.x
 
Run Internet Sharing on your host, gateway address is 10.0.2.1, client wifi address is 10.0.2.x
  
== Run burpsuite (must be run as root) ==
+
== Run burpsuite ==
  
 
Assumes you want to intercept traffic to <target-host>:<target-port>
 
Assumes you want to intercept traffic to <target-host>:<target-port>
Line 7: Line 7:
 
=== proxy listeners ===
 
=== proxy listeners ===
  
* local listener port: 443
+
* local listener port: 8443
 
* listen on loopback interface only: no
 
* listen on loopback interface only: no
 
* support invisible proxying for non-proxy-aware clients: yes
 
* support invisible proxying for non-proxy-aware clients: yes
Line 29: Line 29:
 
== On the device ==
 
== On the device ==
  
Edit /etc/hosts
+
iptables -t nat -A OUTPUT -p tcp --dst <target-host> --dport <target-port> -j DNAT --to-destination <intercept-host>:<intercept-port>
10.0.2.1 <target-host>
+
 
 +
openssl s_client -connect <target-host>:<target-port> -showcerts
 +
 
 +
copy the PortSwigger server CA cert into /etc/ssl/certs/trustedcerts/PortSwigger.pem
 +
 
 +
link it into /etc/ssl/certs/trustedcerts/ and /var/ssl/trustedcerts/ as <hash>.0
 +
 
 +
openssl x509 -hash -noout < PortSwigger.pem

Latest revision as of 12:33, 20 April 2011

Run Internet Sharing on your host, gateway address is 10.0.2.1, client wifi address is 10.0.2.x

Run burpsuite

Assumes you want to intercept traffic to <target-host>:<target-port>

proxy listeners

  • local listener port: 8443
  • listen on loopback interface only: no
  • support invisible proxying for non-proxy-aware clients: yes
  • redirect to host: <target-host>
  • redirect to port: <target-port>

server SSL certificate

  • generate a CA-signed certification with a specific hostname: <target-host>

intercept client requests

  • intercept-if: yes
  • update Content-Length: yes

intercept server responses

  • intercept-if: yes
  • update Content-Length: yes

misc

  • unpack gzip / deflate: yes

On the device

iptables -t nat -A OUTPUT -p tcp --dst <target-host> --dport <target-port> -j DNAT --to-destination <intercept-host>:<intercept-port>

openssl s_client -connect <target-host>:<target-port> -showcerts

copy the PortSwigger server CA cert into /etc/ssl/certs/trustedcerts/PortSwigger.pem

link it into /etc/ssl/certs/trustedcerts/ and /var/ssl/trustedcerts/ as <hash>.0

openssl x509 -hash -noout < PortSwigger.pem