Skip to content

Instantly share code, notes, and snippets.

@joshenders

joshenders/mitmproxy.md

Last active July 23, 2023 14:49
Show Gist options
  • Save joshenders/2b0dc14c89a8769f64a7 to your computer and use it in GitHub Desktop.
Save joshenders/2b0dc14c89a8769f64a7 to your computer and use it in GitHub Desktop.
Download ZIP
mitmproxy configuration for iPad
Raw
README.md

Successful mitmproxy setup tested on OS X 10.11.1 and iPad running 9.0.2

Enable IP forwarding and disable ICMP redirects to keep the iPad sending traffic to the proxy

sudo sysctl -w net.inet.ip.forwarding=1
sudo sysctl -w net.inet.ip.redirect=0

net.inet.ip.forwarding
Enable IP forwarding between interfaces

IP forwarding is the process of forwarding internet packets from one network to another. By default the FreeBSD system will not forward IP packets between various network interfaces. In other words, routing functions (also known as gateway functions) are disabled.

type: boolean, default: off

net.inet.ip.redirect
Enable sending IP redirects

Allow (1) or disallow (0) send ICMP redirections when forwarding. This option is ignored unless the host is routing IP packets. Normally, this option should be enabled on all systems.

type: boolean, dafault: 1

Create a new file with the following pf rules. Replace ext_if and ext_ip with the appropriate values.

ext_if = "en0"
ext_ip = “192.168.1.141”

rdr on $ext_if inet proto tcp from any to any port 80 -> $ext_ip port 8181
rdr on $ext_if inet proto tcp from any to any port 443 -> $ext_ip port 8181

Load your file with pfctl and then enable pf

sudo pfctl -vf pf.conf
sudo pfctl -e

Add pfctl to /etc/sudoers

ALL ALL=NOPASSWD: /sbin/pfctl -s state

Start mitmproxy

mitmproxy -T -p 8181 --host

Statically configure the IP address of the machine running mitmproxy as a router on the iPad, make sure both devices are on the same network and any AP isolation mode is disabled. You can also get creative with rogue DHCP, ARP spoofing (ettercap), DNS spoofing, DNAT on your router or what have you.

Install the CA cert on the iPad by visitng https://mitm.it

[1] http://www.cisco.com/c/en/us/support/docs/ip/routing-information-protocol-rip/13714-43.html
[2] http://docs.mitmproxy.org/en/stable/transparent/osx.html
[3] https://notroot.wordpress.com/2010/10/22/freebsd-net-inet-ip-sysctls-explained/

@wimbledon
Copy link

wimbledon commented Oct 20, 2017
edited
Loading

Question. How do you "Statically configure the IP address of the machine running mitmproxy as a router on the iPad"?
@joshenders

@lucianf
Copy link

lucianf commented Mar 28, 2018

@wimbledon settings -> wi-fi -> (network) -> static -> router = mitmproxy machine

@joshenders
Copy link
Author

This process appears to work for running against a device Simulator with Xcode: https://www.tooploox.com/blog/intercept-network-traffic-with-mitmproxy-in-ios-simulator

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment