Last active
July 23, 2023 14:49
Revisions
-
joshenders revised this gist
Feb 8, 2019 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -50,7 +50,7 @@ Statically configure the IP address of the machine running mitmproxy as a router Install the CA cert on the iPad by visiting http://mitm.it in clicking the Apple and following the prompts. After it's installed, you must perform an additional step to enable full trust for the mitmproxy root certificate. Navigate to: **Settings > General > About > Certificate Trust Settings**. Toggle the switch for mitmproxy under the, "ENABLE FULL TRUST FOR ROOT CERTIFICATES" heading. If you fail to do this, you will see the following error in the mitmproxy capture window: -
joshenders revised this gist
Feb 8, 2019 . 1 changed file with 3 additions and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -48,7 +48,9 @@ mitmproxy --mode transparent --listen-port 8080 --showhost Statically configure the IP address of the machine running mitmproxy as a router on the iPad, make sure both devices are on the same network and any AP isolation mode is disabled. You can also get creative with DHCP, [ARP spoofing](https://ettercap.github.io/ettercap/), [DNS spoofing](https://github.com/iphelix/dnschef), DNAT on your router or what have you. Install the CA cert on the iPad by visiting http://mitm.it in clicking the Apple and following the prompts. After it's installed, you must perform an additional step to enable full trust for the mitmproxy root certificate. Navigate to: *Settings > General > About > Certificate Trust Settings*. Toggle the switch for mitmproxy under the, "*ENABLE FULL TRUST FOR ROOT CERTIFICATES*" heading. If you fail to do this, you will see the following error in the mitmproxy capture window: -
joshenders revised this gist
Feb 8, 2019 . 1 changed file with 5 additions and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -48,7 +48,11 @@ mitmproxy --mode transparent --listen-port 8080 --showhost Statically configure the IP address of the machine running mitmproxy as a router on the iPad, make sure both devices are on the same network and any AP isolation mode is disabled. You can also get creative with DHCP, [ARP spoofing](https://ettercap.github.io/ettercap/), [DNS spoofing](https://github.com/iphelix/dnschef), DNAT on your router or what have you. Install the CA cert on the iPad by visiting http://mitm.it in clicking the Apple and following the prompts. After it's installed, you must perform an additional step to enable full trust for the mitmproxy root certificate. Navigate to: Settings > General > About > Certificate Trust Settings. Toggle the switch for mitmproxy under the, "ENABLE FULL TRUST FOR ROOT CERTIFICATES" heading. If you fail to do this, you will see the following error in the mitmproxy capture window: > Client Handshake failed. The client may not trust the proxy's certificate ... [1] http://www.cisco.com/c/en/us/support/docs/ip/routing-information-protocol-rip/13714-43.html -
joshenders revised this gist
Feb 8, 2019 . 1 changed file with 2 additions and 2 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,4 +1,4 @@ Successful mitmproxy-3.7 setup tested on OS X 10.13.6 and iPhone X running 12.1.4 Enable IP forwarding and disable ICMP redirects to keep the iPad sending traffic to the proxy ``` @@ -43,7 +43,7 @@ ALL ALL=NOPASSWD: /sbin/pfctl -s state Start mitmproxy ``` mitmproxy --mode transparent --listen-port 8080 --showhost ``` Statically configure the IP address of the machine running mitmproxy as a router on the iPad, make sure both devices are on the same network and any AP isolation mode is disabled. You can also get creative with DHCP, [ARP spoofing](https://ettercap.github.io/ettercap/), [DNS spoofing](https://github.com/iphelix/dnschef), DNAT on your router or what have you. -
joshenders revised this gist
Feb 8, 2019 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -21,7 +21,7 @@ sudo sysctl -w net.inet.ip.redirect=0 > type: boolean, dafault: 1 Create a new file with the following pf rules. Replace ext_if and ext_ip with the appropriate values for your network configuration. ``` ext_if = "en0" ext_ip = "192.168.1.141" -
joshenders revised this gist
Feb 8, 2019 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -48,7 +48,7 @@ mitmproxy --transparent --port 8080 --host Statically configure the IP address of the machine running mitmproxy as a router on the iPad, make sure both devices are on the same network and any AP isolation mode is disabled. You can also get creative with DHCP, [ARP spoofing](https://ettercap.github.io/ettercap/), [DNS spoofing](https://github.com/iphelix/dnschef), DNAT on your router or what have you. Install the CA cert on the iPad by visiting https://mitm.it [1] http://www.cisco.com/c/en/us/support/docs/ip/routing-information-protocol-rip/13714-43.html -
joshenders revised this gist
Feb 8, 2019 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,4 +1,4 @@ Successful mitmproxy setup tested on OS X 10.13.6 and iPhone X running 12.1.4 Enable IP forwarding and disable ICMP redirects to keep the iPad sending traffic to the proxy ``` -
joshenders revised this gist
Feb 8, 2019 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,4 +1,4 @@ Successful mitmproxy setup tested on OS X 10.13.6 and iPad running 12.1.4 Enable IP forwarding and disable ICMP redirects to keep the iPad sending traffic to the proxy ``` -
joshenders revised this gist
Feb 3, 2017 . No changes.There are no files selected for viewing
-
joshenders revised this gist
May 11, 2016 . 1 changed file with 3 additions and 3 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -26,8 +26,8 @@ Create a new file with the following pf rules. Replace ext_if and ext_ip with th ext_if = "en0" ext_ip = "192.168.1.141" rdr on $ext_if inet proto tcp from any to any port 80 -> $ext_ip port 8080 rdr on $ext_if inet proto tcp from any to any port 443 -> $ext_ip port 8080 ``` Load your file with pfctl and then enable pf @@ -43,7 +43,7 @@ ALL ALL=NOPASSWD: /sbin/pfctl -s state Start mitmproxy ``` mitmproxy --transparent --port 8080 --host ``` Statically configure the IP address of the machine running mitmproxy as a router on the iPad, make sure both devices are on the same network and any AP isolation mode is disabled. You can also get creative with DHCP, [ARP spoofing](https://ettercap.github.io/ettercap/), [DNS spoofing](https://github.com/iphelix/dnschef), DNAT on your router or what have you. -
joshenders renamed this gist
Mar 4, 2016 . 1 changed file with 0 additions and 0 deletions.There are no files selected for viewing
File renamed without changes. -
joshenders revised this gist
Feb 11, 2016 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -46,7 +46,7 @@ Start mitmproxy mitmproxy -T -p 8181 --host --palette-transparent ``` Statically configure the IP address of the machine running mitmproxy as a router on the iPad, make sure both devices are on the same network and any AP isolation mode is disabled. You can also get creative with DHCP, [ARP spoofing](https://ettercap.github.io/ettercap/), [DNS spoofing](https://github.com/iphelix/dnschef), DNAT on your router or what have you. Install the CA cert on the iPad by visitng https://mitm.it -
joshenders revised this gist
Feb 11, 2016 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -46,7 +46,7 @@ Start mitmproxy mitmproxy -T -p 8181 --host --palette-transparent ``` Statically configure the IP address of the machine running mitmproxy as a router on the iPad, make sure both devices are on the same network and any AP isolation mode is disabled. You can also get creative with rogue DHCP, [ARP spoofing](https://ettercap.github.io/ettercap/), [DNS spoofing](https://github.com/iphelix/dnschef), DNAT on your router or what have you. Install the CA cert on the iPad by visitng https://mitm.it -
joshenders revised this gist
Feb 11, 2016 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -46,7 +46,7 @@ Start mitmproxy mitmproxy -T -p 8181 --host --palette-transparent ``` Statically configure the IP address of the machine running mitmproxy as a router on the iPad, make sure both devices are on the same network and any AP isolation mode is disabled. You can also get creative with rogue DHCP, ARP spoofing (ettercap), [DNS spoofing](https://github.com/iphelix/dnschef), DNAT on your router or what have you. Install the CA cert on the iPad by visitng https://mitm.it -
joshenders revised this gist
Feb 11, 2016 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -46,7 +46,7 @@ Start mitmproxy mitmproxy -T -p 8181 --host --palette-transparent ``` Statically configure the IP address of the machine running mitmproxy as a router on the iPad, make sure both devices are on the same network and any AP isolation mode is disabled. You can also get creative with rogue DHCP, ARP spoofing (ettercap), (DNS spoofing)[https://github.com/iphelix/dnschef], DNAT on your router or what have you. Install the CA cert on the iPad by visitng https://mitm.it -
joshenders revised this gist
Feb 11, 2016 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -46,7 +46,7 @@ Start mitmproxy mitmproxy -T -p 8181 --host --palette-transparent ``` Statically configure the IP address of the machine running mitmproxy as a router on the iPad, make sure both devices are on the same network and any AP isolation mode is disabled. You can also get creative with rogue DHCP, ARP spoofing (ettercap), [DNS spoofing](https://github.com/iphelix/dnschef, DNAT on your router or what have you. Install the CA cert on the iPad by visitng https://mitm.it -
joshenders revised this gist
Feb 10, 2016 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -43,7 +43,7 @@ ALL ALL=NOPASSWD: /sbin/pfctl -s state Start mitmproxy ``` mitmproxy -T -p 8181 --host --palette-transparent ``` Statically configure the IP address of the machine running mitmproxy as a router on the iPad, make sure both devices are on the same network and any AP isolation mode is disabled. You can also get creative with rogue DHCP, ARP spoofing (ettercap), DNS spoofing, DNAT on your router or what have you. -
joshenders revised this gist
Feb 9, 2016 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -24,7 +24,7 @@ sudo sysctl -w net.inet.ip.redirect=0 Create a new file with the following pf rules. Replace ext_if and ext_ip with the appropriate values. ``` ext_if = "en0" ext_ip = "192.168.1.141" rdr on $ext_if inet proto tcp from any to any port 80 -> $ext_ip port 8181 rdr on $ext_if inet proto tcp from any to any port 443 -> $ext_ip port 8181 -
joshenders revised this gist
Dec 3, 2015 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -46,7 +46,7 @@ Start mitmproxy mitmproxy -T -p 8181 --host ``` Statically configure the IP address of the machine running mitmproxy as a router on the iPad, make sure both devices are on the same network and any AP isolation mode is disabled. You can also get creative with rogue DHCP, ARP spoofing (ettercap), DNS spoofing, DNAT on your router or what have you. Install the CA cert on the iPad by visitng https://mitm.it -
joshenders revised this gist
Dec 3, 2015 . No changes.There are no files selected for viewing
-
joshenders revised this gist
Dec 3, 2015 . 1 changed file with 3 additions and 3 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -51,6 +51,6 @@ Statically configure the IP address of the machine running mitmproxy as a router Install the CA cert on the iPad by visitng https://mitm.it [1] http://www.cisco.com/c/en/us/support/docs/ip/routing-information-protocol-rip/13714-43.html [2] http://docs.mitmproxy.org/en/stable/transparent/osx.html [3] https://notroot.wordpress.com/2010/10/22/freebsd-net-inet-ip-sysctls-explained/ -
joshenders revised this gist
Nov 27, 2015 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,6 +1,6 @@ Successful mitmproxy setup tested on OS X 10.11.1 and iPad running 9.0.2 Enable IP forwarding and disable ICMP redirects to keep the iPad sending traffic to the proxy ``` sudo sysctl -w net.inet.ip.forwarding=1 sudo sysctl -w net.inet.ip.redirect=0 -
joshenders revised this gist
Nov 27, 2015 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -12,7 +12,7 @@ sudo sysctl -w net.inet.ip.redirect=0 > IP forwarding is the process of forwarding internet packets from one network to another. By default the FreeBSD system will not forward IP packets between various network interfaces. In other words, routing functions (also known as gateway functions) are disabled. > > type: boolean, default: off > net.inet.ip.redirect > Enable sending IP redirects > -
joshenders revised this gist
Nov 27, 2015 . 1 changed file with 1 addition and 2 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -12,8 +12,7 @@ sudo sysctl -w net.inet.ip.redirect=0 > IP forwarding is the process of forwarding internet packets from one network to another. By default the FreeBSD system will not forward IP packets between various network interfaces. In other words, routing functions (also known as gateway functions) are disabled. > > type: boolean, default: off > net.inet.ip.redirect > Enable sending IP redirects > -
joshenders revised this gist
Nov 27, 2015 . 1 changed file with 1 addition and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -13,6 +13,7 @@ sudo sysctl -w net.inet.ip.redirect=0 > > type: boolean, default: off > net.inet.ip.redirect > Enable sending IP redirects > -
joshenders revised this gist
Nov 27, 2015 . 1 changed file with 3 additions and 2 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -13,8 +13,9 @@ sudo sysctl -w net.inet.ip.redirect=0 > > type: boolean, default: off > net.inet.ip.redirect > Enable sending IP redirects > > Allow (1) or disallow (0) send ICMP redirections when forwarding. This option is ignored unless the host is routing IP packets. Normally, this option should be enabled on all systems. > > type: boolean, dafault: 1 -
joshenders revised this gist
Nov 27, 2015 . 1 changed file with 2 additions and 2 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -6,8 +6,8 @@ sudo sysctl -w net.inet.ip.forwarding=1 sudo sysctl -w net.inet.ip.redirect=0 ``` > net.inet.ip.forwarding > Enable IP forwarding between interfaces > > IP forwarding is the process of forwarding internet packets from one network to another. By default the FreeBSD system will not forward IP packets between various network interfaces. In other words, routing functions (also known as gateway functions) are disabled. > -
joshenders revised this gist
Nov 27, 2015 . 1 changed file with 2 additions and 2 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -6,8 +6,8 @@ sudo sysctl -w net.inet.ip.forwarding=1 sudo sysctl -w net.inet.ip.redirect=0 ``` > net.inet.ip.forwarding \ > Enable IP forwarding between interfaces \ > > IP forwarding is the process of forwarding internet packets from one network to another. By default the FreeBSD system will not forward IP packets between various network interfaces. In other words, routing functions (also known as gateway functions) are disabled. > -
joshenders revised this gist
Nov 27, 2015 . 1 changed file with 4 additions and 4 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -6,15 +6,15 @@ sudo sysctl -w net.inet.ip.forwarding=1 sudo sysctl -w net.inet.ip.redirect=0 ``` > net.inet.ip.forwarding > Enable IP forwarding between interfaces > > IP forwarding is the process of forwarding internet packets from one network to another. By default the FreeBSD system will not forward IP packets between various network interfaces. In other words, routing functions (also known as gateway functions) are disabled. > > type: boolean, default: off > net.inet.ip.redirect > Enable sending IP redirects > Allow (1) or disallow (0) send ICMP redirections when forwarding. This option is ignored unless the host is routing IP packets. Normally, this option should be enabled on all systems. > > type: boolean, dafault: 1 -
joshenders revised this gist
Nov 27, 2015 . 1 changed file with 5 additions and 4 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -6,15 +6,16 @@ sudo sysctl -w net.inet.ip.forwarding=1 sudo sysctl -w net.inet.ip.redirect=0 ``` > net.inet.ip.forwarding\ > Enable IP forwarding between interfaces\ > > IP forwarding is the process of forwarding internet packets from one network to another. By default the FreeBSD system will not forward IP packets between various network interfaces. In other words, routing functions (also known as gateway functions) are disabled. > > type: boolean, default: off > net.inet.ip.redirect\ > Enable sending IP redirects\ > Allow (1) or disallow (0) send ICMP redirections when forwarding. This option is ignored unless the host is routing IP packets. Normally, this option should be enabled on all systems. > > type: boolean, dafault: 1
NewerOlder