Skip to content

Instantly share code, notes, and snippets.

@joshenders
Last active July 23, 2023 14:49

Revisions

  1. joshenders revised this gist Feb 8, 2019. 1 changed file with 1 addition and 1 deletion.
    2 changes: 1 addition & 1 deletion mitmproxy.md
    Original file line number Diff line number Diff line change
    @@ -50,7 +50,7 @@ Statically configure the IP address of the machine running mitmproxy as a router

    Install the CA cert on the iPad by visiting http://mitm.it in clicking the Apple and following the prompts. After it's installed, you must perform an additional step to enable full trust for the mitmproxy root certificate.

    Navigate to: *Settings > General > About > Certificate Trust Settings*. Toggle the switch for mitmproxy under the, "*ENABLE FULL TRUST FOR ROOT CERTIFICATES*" heading.
    Navigate to: **Settings > General > About > Certificate Trust Settings**. Toggle the switch for mitmproxy under the, "ENABLE FULL TRUST FOR ROOT CERTIFICATES" heading.

    If you fail to do this, you will see the following error in the mitmproxy capture window:

  2. joshenders revised this gist Feb 8, 2019. 1 changed file with 3 additions and 1 deletion.
    4 changes: 3 additions & 1 deletion mitmproxy.md
    Original file line number Diff line number Diff line change
    @@ -48,7 +48,9 @@ mitmproxy --mode transparent --listen-port 8080 --showhost

    Statically configure the IP address of the machine running mitmproxy as a router on the iPad, make sure both devices are on the same network and any AP isolation mode is disabled. You can also get creative with DHCP, [ARP spoofing](https://ettercap.github.io/ettercap/), [DNS spoofing](https://github.com/iphelix/dnschef), DNAT on your router or what have you.

    Install the CA cert on the iPad by visiting http://mitm.it in clicking the Apple and following the prompts. After it's installed, you must perform an additional step to enable full trust for the mitmproxy root certificate. Navigate to: Settings > General > About > Certificate Trust Settings. Toggle the switch for mitmproxy under the, "ENABLE FULL TRUST FOR ROOT CERTIFICATES" heading.
    Install the CA cert on the iPad by visiting http://mitm.it in clicking the Apple and following the prompts. After it's installed, you must perform an additional step to enable full trust for the mitmproxy root certificate.

    Navigate to: *Settings > General > About > Certificate Trust Settings*. Toggle the switch for mitmproxy under the, "*ENABLE FULL TRUST FOR ROOT CERTIFICATES*" heading.

    If you fail to do this, you will see the following error in the mitmproxy capture window:

  3. joshenders revised this gist Feb 8, 2019. 1 changed file with 5 additions and 1 deletion.
    6 changes: 5 additions & 1 deletion mitmproxy.md
    Original file line number Diff line number Diff line change
    @@ -48,7 +48,11 @@ mitmproxy --mode transparent --listen-port 8080 --showhost

    Statically configure the IP address of the machine running mitmproxy as a router on the iPad, make sure both devices are on the same network and any AP isolation mode is disabled. You can also get creative with DHCP, [ARP spoofing](https://ettercap.github.io/ettercap/), [DNS spoofing](https://github.com/iphelix/dnschef), DNAT on your router or what have you.

    Install the CA cert on the iPad by visiting https://mitm.it
    Install the CA cert on the iPad by visiting http://mitm.it in clicking the Apple and following the prompts. After it's installed, you must perform an additional step to enable full trust for the mitmproxy root certificate. Navigate to: Settings > General > About > Certificate Trust Settings. Toggle the switch for mitmproxy under the, "ENABLE FULL TRUST FOR ROOT CERTIFICATES" heading.

    If you fail to do this, you will see the following error in the mitmproxy capture window:

    > Client Handshake failed. The client may not trust the proxy's certificate ...

    [1] http://www.cisco.com/c/en/us/support/docs/ip/routing-information-protocol-rip/13714-43.html
  4. joshenders revised this gist Feb 8, 2019. 1 changed file with 2 additions and 2 deletions.
    4 changes: 2 additions & 2 deletions mitmproxy.md
    Original file line number Diff line number Diff line change
    @@ -1,4 +1,4 @@
    Successful mitmproxy setup tested on OS X 10.13.6 and iPhone X running 12.1.4
    Successful mitmproxy-3.7 setup tested on OS X 10.13.6 and iPhone X running 12.1.4

    Enable IP forwarding and disable ICMP redirects to keep the iPad sending traffic to the proxy
    ```
    @@ -43,7 +43,7 @@ ALL ALL=NOPASSWD: /sbin/pfctl -s state

    Start mitmproxy
    ```
    mitmproxy --transparent --port 8080 --host
    mitmproxy --mode transparent --listen-port 8080 --showhost
    ```

    Statically configure the IP address of the machine running mitmproxy as a router on the iPad, make sure both devices are on the same network and any AP isolation mode is disabled. You can also get creative with DHCP, [ARP spoofing](https://ettercap.github.io/ettercap/), [DNS spoofing](https://github.com/iphelix/dnschef), DNAT on your router or what have you.
  5. joshenders revised this gist Feb 8, 2019. 1 changed file with 1 addition and 1 deletion.
    2 changes: 1 addition & 1 deletion mitmproxy.md
    Original file line number Diff line number Diff line change
    @@ -21,7 +21,7 @@ sudo sysctl -w net.inet.ip.redirect=0
    > type: boolean, dafault: 1

    Create a new file with the following pf rules. Replace ext_if and ext_ip with the appropriate values.
    Create a new file with the following pf rules. Replace ext_if and ext_ip with the appropriate values for your network configuration.
    ```
    ext_if = "en0"
    ext_ip = "192.168.1.141"
  6. joshenders revised this gist Feb 8, 2019. 1 changed file with 1 addition and 1 deletion.
    2 changes: 1 addition & 1 deletion mitmproxy.md
    Original file line number Diff line number Diff line change
    @@ -48,7 +48,7 @@ mitmproxy --transparent --port 8080 --host

    Statically configure the IP address of the machine running mitmproxy as a router on the iPad, make sure both devices are on the same network and any AP isolation mode is disabled. You can also get creative with DHCP, [ARP spoofing](https://ettercap.github.io/ettercap/), [DNS spoofing](https://github.com/iphelix/dnschef), DNAT on your router or what have you.

    Install the CA cert on the iPad by visitng https://mitm.it
    Install the CA cert on the iPad by visiting https://mitm.it


    [1] http://www.cisco.com/c/en/us/support/docs/ip/routing-information-protocol-rip/13714-43.html
  7. joshenders revised this gist Feb 8, 2019. 1 changed file with 1 addition and 1 deletion.
    2 changes: 1 addition & 1 deletion mitmproxy.md
    Original file line number Diff line number Diff line change
    @@ -1,4 +1,4 @@
    Successful mitmproxy setup tested on OS X 10.13.6 and iPad running 12.1.4
    Successful mitmproxy setup tested on OS X 10.13.6 and iPhone X running 12.1.4

    Enable IP forwarding and disable ICMP redirects to keep the iPad sending traffic to the proxy
    ```
  8. joshenders revised this gist Feb 8, 2019. 1 changed file with 1 addition and 1 deletion.
    2 changes: 1 addition & 1 deletion mitmproxy.md
    Original file line number Diff line number Diff line change
    @@ -1,4 +1,4 @@
    Successful mitmproxy setup tested on OS X 10.11.1 and iPad running 9.0.2
    Successful mitmproxy setup tested on OS X 10.13.6 and iPad running 12.1.4

    Enable IP forwarding and disable ICMP redirects to keep the iPad sending traffic to the proxy
    ```
  9. joshenders revised this gist Feb 3, 2017. No changes.
  10. joshenders revised this gist May 11, 2016. 1 changed file with 3 additions and 3 deletions.
    6 changes: 3 additions & 3 deletions mitmproxy.md
    Original file line number Diff line number Diff line change
    @@ -26,8 +26,8 @@ Create a new file with the following pf rules. Replace ext_if and ext_ip with th
    ext_if = "en0"
    ext_ip = "192.168.1.141"
    rdr on $ext_if inet proto tcp from any to any port 80 -> $ext_ip port 8181
    rdr on $ext_if inet proto tcp from any to any port 443 -> $ext_ip port 8181
    rdr on $ext_if inet proto tcp from any to any port 80 -> $ext_ip port 8080
    rdr on $ext_if inet proto tcp from any to any port 443 -> $ext_ip port 8080
    ```

    Load your file with pfctl and then enable pf
    @@ -43,7 +43,7 @@ ALL ALL=NOPASSWD: /sbin/pfctl -s state

    Start mitmproxy
    ```
    mitmproxy -T -p 8181 --host --palette-transparent
    mitmproxy --transparent --port 8080 --host
    ```

    Statically configure the IP address of the machine running mitmproxy as a router on the iPad, make sure both devices are on the same network and any AP isolation mode is disabled. You can also get creative with DHCP, [ARP spoofing](https://ettercap.github.io/ettercap/), [DNS spoofing](https://github.com/iphelix/dnschef), DNAT on your router or what have you.
  11. joshenders renamed this gist Mar 4, 2016. 1 changed file with 0 additions and 0 deletions.
    File renamed without changes.
  12. joshenders revised this gist Feb 11, 2016. 1 changed file with 1 addition and 1 deletion.
    2 changes: 1 addition & 1 deletion README.md
    Original file line number Diff line number Diff line change
    @@ -46,7 +46,7 @@ Start mitmproxy
    mitmproxy -T -p 8181 --host --palette-transparent
    ```

    Statically configure the IP address of the machine running mitmproxy as a router on the iPad, make sure both devices are on the same network and any AP isolation mode is disabled. You can also get creative with rogue DHCP, [ARP spoofing](https://ettercap.github.io/ettercap/), [DNS spoofing](https://github.com/iphelix/dnschef), DNAT on your router or what have you.
    Statically configure the IP address of the machine running mitmproxy as a router on the iPad, make sure both devices are on the same network and any AP isolation mode is disabled. You can also get creative with DHCP, [ARP spoofing](https://ettercap.github.io/ettercap/), [DNS spoofing](https://github.com/iphelix/dnschef), DNAT on your router or what have you.

    Install the CA cert on the iPad by visitng https://mitm.it

  13. joshenders revised this gist Feb 11, 2016. 1 changed file with 1 addition and 1 deletion.
    2 changes: 1 addition & 1 deletion README.md
    Original file line number Diff line number Diff line change
    @@ -46,7 +46,7 @@ Start mitmproxy
    mitmproxy -T -p 8181 --host --palette-transparent
    ```

    Statically configure the IP address of the machine running mitmproxy as a router on the iPad, make sure both devices are on the same network and any AP isolation mode is disabled. You can also get creative with rogue DHCP, ARP spoofing (ettercap), [DNS spoofing](https://github.com/iphelix/dnschef), DNAT on your router or what have you.
    Statically configure the IP address of the machine running mitmproxy as a router on the iPad, make sure both devices are on the same network and any AP isolation mode is disabled. You can also get creative with rogue DHCP, [ARP spoofing](https://ettercap.github.io/ettercap/), [DNS spoofing](https://github.com/iphelix/dnschef), DNAT on your router or what have you.

    Install the CA cert on the iPad by visitng https://mitm.it

  14. joshenders revised this gist Feb 11, 2016. 1 changed file with 1 addition and 1 deletion.
    2 changes: 1 addition & 1 deletion README.md
    Original file line number Diff line number Diff line change
    @@ -46,7 +46,7 @@ Start mitmproxy
    mitmproxy -T -p 8181 --host --palette-transparent
    ```

    Statically configure the IP address of the machine running mitmproxy as a router on the iPad, make sure both devices are on the same network and any AP isolation mode is disabled. You can also get creative with rogue DHCP, ARP spoofing (ettercap), (DNS spoofing)[https://github.com/iphelix/dnschef], DNAT on your router or what have you.
    Statically configure the IP address of the machine running mitmproxy as a router on the iPad, make sure both devices are on the same network and any AP isolation mode is disabled. You can also get creative with rogue DHCP, ARP spoofing (ettercap), [DNS spoofing](https://github.com/iphelix/dnschef), DNAT on your router or what have you.

    Install the CA cert on the iPad by visitng https://mitm.it

  15. joshenders revised this gist Feb 11, 2016. 1 changed file with 1 addition and 1 deletion.
    2 changes: 1 addition & 1 deletion README.md
    Original file line number Diff line number Diff line change
    @@ -46,7 +46,7 @@ Start mitmproxy
    mitmproxy -T -p 8181 --host --palette-transparent
    ```

    Statically configure the IP address of the machine running mitmproxy as a router on the iPad, make sure both devices are on the same network and any AP isolation mode is disabled. You can also get creative with rogue DHCP, ARP spoofing (ettercap), [DNS spoofing](https://github.com/iphelix/dnschef, DNAT on your router or what have you.
    Statically configure the IP address of the machine running mitmproxy as a router on the iPad, make sure both devices are on the same network and any AP isolation mode is disabled. You can also get creative with rogue DHCP, ARP spoofing (ettercap), (DNS spoofing)[https://github.com/iphelix/dnschef], DNAT on your router or what have you.

    Install the CA cert on the iPad by visitng https://mitm.it

  16. joshenders revised this gist Feb 11, 2016. 1 changed file with 1 addition and 1 deletion.
    2 changes: 1 addition & 1 deletion README.md
    Original file line number Diff line number Diff line change
    @@ -46,7 +46,7 @@ Start mitmproxy
    mitmproxy -T -p 8181 --host --palette-transparent
    ```

    Statically configure the IP address of the machine running mitmproxy as a router on the iPad, make sure both devices are on the same network and any AP isolation mode is disabled. You can also get creative with rogue DHCP, ARP spoofing (ettercap), DNS spoofing, DNAT on your router or what have you.
    Statically configure the IP address of the machine running mitmproxy as a router on the iPad, make sure both devices are on the same network and any AP isolation mode is disabled. You can also get creative with rogue DHCP, ARP spoofing (ettercap), [DNS spoofing](https://github.com/iphelix/dnschef, DNAT on your router or what have you.

    Install the CA cert on the iPad by visitng https://mitm.it

  17. joshenders revised this gist Feb 10, 2016. 1 changed file with 1 addition and 1 deletion.
    2 changes: 1 addition & 1 deletion README.md
    Original file line number Diff line number Diff line change
    @@ -43,7 +43,7 @@ ALL ALL=NOPASSWD: /sbin/pfctl -s state

    Start mitmproxy
    ```
    mitmproxy -T -p 8181 --host
    mitmproxy -T -p 8181 --host --palette-transparent
    ```

    Statically configure the IP address of the machine running mitmproxy as a router on the iPad, make sure both devices are on the same network and any AP isolation mode is disabled. You can also get creative with rogue DHCP, ARP spoofing (ettercap), DNS spoofing, DNAT on your router or what have you.
  18. joshenders revised this gist Feb 9, 2016. 1 changed file with 1 addition and 1 deletion.
    2 changes: 1 addition & 1 deletion README.md
    Original file line number Diff line number Diff line change
    @@ -24,7 +24,7 @@ sudo sysctl -w net.inet.ip.redirect=0
    Create a new file with the following pf rules. Replace ext_if and ext_ip with the appropriate values.
    ```
    ext_if = "en0"
    ext_ip = 192.168.1.141
    ext_ip = "192.168.1.141"
    rdr on $ext_if inet proto tcp from any to any port 80 -> $ext_ip port 8181
    rdr on $ext_if inet proto tcp from any to any port 443 -> $ext_ip port 8181
  19. joshenders revised this gist Dec 3, 2015. 1 changed file with 1 addition and 1 deletion.
    2 changes: 1 addition & 1 deletion README.md
    Original file line number Diff line number Diff line change
    @@ -46,7 +46,7 @@ Start mitmproxy
    mitmproxy -T -p 8181 --host
    ```

    Statically configure the IP address of the machine running mitmproxy as a router on the iPad, make sure both devices are on the same network and any AP isolation mode is disabled.
    Statically configure the IP address of the machine running mitmproxy as a router on the iPad, make sure both devices are on the same network and any AP isolation mode is disabled. You can also get creative with rogue DHCP, ARP spoofing (ettercap), DNS spoofing, DNAT on your router or what have you.

    Install the CA cert on the iPad by visitng https://mitm.it

  20. joshenders revised this gist Dec 3, 2015. No changes.
  21. joshenders revised this gist Dec 3, 2015. 1 changed file with 3 additions and 3 deletions.
    6 changes: 3 additions & 3 deletions README.md
    Original file line number Diff line number Diff line change
    @@ -51,6 +51,6 @@ Statically configure the IP address of the machine running mitmproxy as a router
    Install the CA cert on the iPad by visitng https://mitm.it


    [1] http://www.cisco.com/c/en/us/support/docs/ip/routing-information-protocol-rip/13714-43.html
    [2] http://docs.mitmproxy.org/en/stable/transparent/osx.html
    [3] https://notroot.wordpress.com/2010/10/22/freebsd-net-inet-ip-sysctls-explained/
    [1] http://www.cisco.com/c/en/us/support/docs/ip/routing-information-protocol-rip/13714-43.html
    [2] http://docs.mitmproxy.org/en/stable/transparent/osx.html
    [3] https://notroot.wordpress.com/2010/10/22/freebsd-net-inet-ip-sysctls-explained/
  22. joshenders revised this gist Nov 27, 2015. 1 changed file with 1 addition and 1 deletion.
    2 changes: 1 addition & 1 deletion README.md
    Original file line number Diff line number Diff line change
    @@ -1,6 +1,6 @@
    Successful mitmproxy setup tested on OS X 10.11.1 and iPad running 9.0.2

    Enable IP forwarding and disable ICMP redirects to keep traffic flowing through the MAC
    Enable IP forwarding and disable ICMP redirects to keep the iPad sending traffic to the proxy
    ```
    sudo sysctl -w net.inet.ip.forwarding=1
    sudo sysctl -w net.inet.ip.redirect=0
  23. joshenders revised this gist Nov 27, 2015. 1 changed file with 1 addition and 1 deletion.
    2 changes: 1 addition & 1 deletion README.md
    Original file line number Diff line number Diff line change
    @@ -12,7 +12,7 @@ sudo sysctl -w net.inet.ip.redirect=0
    > IP forwarding is the process of forwarding internet packets from one network to another. By default the FreeBSD system will not forward IP packets between various network interfaces. In other words, routing functions (also known as gateway functions) are disabled.
    >
    > type: boolean, default: off
    > net.inet.ip.redirect
    > Enable sending IP redirects
    >
  24. joshenders revised this gist Nov 27, 2015. 1 changed file with 1 addition and 2 deletions.
    3 changes: 1 addition & 2 deletions README.md
    Original file line number Diff line number Diff line change
    @@ -12,8 +12,7 @@ sudo sysctl -w net.inet.ip.redirect=0
    > IP forwarding is the process of forwarding internet packets from one network to another. By default the FreeBSD system will not forward IP packets between various network interfaces. In other words, routing functions (also known as gateway functions) are disabled.
    >
    > type: boolean, default: off

    > net.inet.ip.redirect
    > Enable sending IP redirects
    >
  25. joshenders revised this gist Nov 27, 2015. 1 changed file with 1 addition and 0 deletions.
    1 change: 1 addition & 0 deletions README.md
    Original file line number Diff line number Diff line change
    @@ -13,6 +13,7 @@ sudo sysctl -w net.inet.ip.redirect=0
    >
    > type: boolean, default: off

    > net.inet.ip.redirect
    > Enable sending IP redirects
    >
  26. joshenders revised this gist Nov 27, 2015. 1 changed file with 3 additions and 2 deletions.
    5 changes: 3 additions & 2 deletions README.md
    Original file line number Diff line number Diff line change
    @@ -13,8 +13,9 @@ sudo sysctl -w net.inet.ip.redirect=0
    >
    > type: boolean, default: off
    > net.inet.ip.redirect
    > Enable sending IP redirects
    > net.inet.ip.redirect
    > Enable sending IP redirects
    >
    > Allow (1) or disallow (0) send ICMP redirections when forwarding. This option is ignored unless the host is routing IP packets. Normally, this option should be enabled on all systems.
    >
    > type: boolean, dafault: 1
  27. joshenders revised this gist Nov 27, 2015. 1 changed file with 2 additions and 2 deletions.
    4 changes: 2 additions & 2 deletions README.md
    Original file line number Diff line number Diff line change
    @@ -6,8 +6,8 @@ sudo sysctl -w net.inet.ip.forwarding=1
    sudo sysctl -w net.inet.ip.redirect=0
    ```

    > net.inet.ip.forwarding \
    > Enable IP forwarding between interfaces \
    > net.inet.ip.forwarding
    > Enable IP forwarding between interfaces
    >
    > IP forwarding is the process of forwarding internet packets from one network to another. By default the FreeBSD system will not forward IP packets between various network interfaces. In other words, routing functions (also known as gateway functions) are disabled.
    >
  28. joshenders revised this gist Nov 27, 2015. 1 changed file with 2 additions and 2 deletions.
    4 changes: 2 additions & 2 deletions README.md
    Original file line number Diff line number Diff line change
    @@ -6,8 +6,8 @@ sudo sysctl -w net.inet.ip.forwarding=1
    sudo sysctl -w net.inet.ip.redirect=0
    ```

    > net.inet.ip.forwarding
    > Enable IP forwarding between interfaces
    > net.inet.ip.forwarding \
    > Enable IP forwarding between interfaces \
    >
    > IP forwarding is the process of forwarding internet packets from one network to another. By default the FreeBSD system will not forward IP packets between various network interfaces. In other words, routing functions (also known as gateway functions) are disabled.
    >
  29. joshenders revised this gist Nov 27, 2015. 1 changed file with 4 additions and 4 deletions.
    8 changes: 4 additions & 4 deletions README.md
    Original file line number Diff line number Diff line change
    @@ -6,15 +6,15 @@ sudo sysctl -w net.inet.ip.forwarding=1
    sudo sysctl -w net.inet.ip.redirect=0
    ```

    > net.inet.ip.forwarding\
    > Enable IP forwarding between interfaces\
    > net.inet.ip.forwarding
    > Enable IP forwarding between interfaces
    >
    > IP forwarding is the process of forwarding internet packets from one network to another. By default the FreeBSD system will not forward IP packets between various network interfaces. In other words, routing functions (also known as gateway functions) are disabled.
    >
    > type: boolean, default: off
    > net.inet.ip.redirect\
    > Enable sending IP redirects\
    > net.inet.ip.redirect
    > Enable sending IP redirects
    > Allow (1) or disallow (0) send ICMP redirections when forwarding. This option is ignored unless the host is routing IP packets. Normally, this option should be enabled on all systems.
    >
    > type: boolean, dafault: 1
  30. joshenders revised this gist Nov 27, 2015. 1 changed file with 5 additions and 4 deletions.
    9 changes: 5 additions & 4 deletions README.md
    Original file line number Diff line number Diff line change
    @@ -6,15 +6,16 @@ sudo sysctl -w net.inet.ip.forwarding=1
    sudo sysctl -w net.inet.ip.redirect=0
    ```

    > net.inet.ip.forwarding
    > Enable IP forwarding between interfaces
    > net.inet.ip.forwarding\
    > Enable IP forwarding between interfaces\
    >
    > IP forwarding is the process of forwarding internet packets from one network to another. By default the FreeBSD system will not forward IP packets between various network interfaces. In other words, routing functions (also known as gateway functions) are disabled.
    >
    > type: boolean, default: off
    > net.inet.ip.redirect
    > Enable sending IP redirects Allow (1) or disallow (0) send ICMP redirections when forwarding. This option is ignored unless the host is routing IP packets. Normally, this option should be enabled on all systems.
    > net.inet.ip.redirect\
    > Enable sending IP redirects\
    > Allow (1) or disallow (0) send ICMP redirections when forwarding. This option is ignored unless the host is routing IP packets. Normally, this option should be enabled on all systems.
    >
    > type: boolean, dafault: 1