Difference between revisions of "Intercept SSL Traffic"
Jump to navigation
Jump to search
(Created page with "Run Internet Sharing on your host, gateway address is 10.0.2.1, client wifi address is 10.0.2.x Install burpsuite (must be run as root) Assumes you want to intercept traffic to...") |
|||
| (5 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
Run Internet Sharing on your host, gateway address is 10.0.2.1, client wifi address is 10.0.2.x | Run Internet Sharing on your host, gateway address is 10.0.2.1, client wifi address is 10.0.2.x | ||
| − | + | == Run burpsuite == | |
Assumes you want to intercept traffic to <target-host>:<target-port> | Assumes you want to intercept traffic to <target-host>:<target-port> | ||
| − | + | === proxy listeners === | |
| − | local listener port: | + | * local listener port: 8443 |
| − | listen on loopback interface only: no | + | * listen on loopback interface only: no |
| − | support invisible proxying for non-proxy-aware clients: yes | + | * support invisible proxying for non-proxy-aware clients: yes |
| − | redirect to host: <target-host> | + | * redirect to host: <target-host> |
| − | redirect to port: <target-port | + | * redirect to port: <target-port> |
| − | |||
| − | + | ==== server SSL certificate ==== | |
| − | + | * generate a CA-signed certification with a specific hostname: <target-host> | |
| − | |||
| − | intercept | + | ==== intercept client requests ==== |
| − | intercept-if: yes | + | * intercept-if: yes |
| − | update Content-Length: yes | + | * update Content-Length: yes |
| − | + | ==== intercept server responses ==== | |
| + | * intercept-if: yes | ||
| + | * update Content-Length: yes | ||
| − | + | ==== misc ==== | |
| + | * unpack gzip / deflate: yes | ||
| − | + | == On the device == | |
| − | + | ||
| + | iptables -t nat -A OUTPUT -p tcp --dst <target-host> --dport <target-port> -j DNAT --to-destination <intercept-host>:<intercept-port> | ||
| + | |||
| + | openssl s_client -connect <target-host>:<target-port> -showcerts | ||
| + | |||
| + | copy the PortSwigger server CA cert into /etc/ssl/certs/trustedcerts/PortSwigger.pem | ||
| + | |||
| + | link it into /etc/ssl/certs/trustedcerts/ and /var/ssl/trustedcerts/ as <hash>.0 | ||
| + | |||
| + | openssl x509 -hash -noout < PortSwigger.pem | ||
Latest revision as of 13:33, 20 April 2011
Run Internet Sharing on your host, gateway address is 10.0.2.1, client wifi address is 10.0.2.x
Run burpsuite
Assumes you want to intercept traffic to <target-host>:<target-port>
proxy listeners
- local listener port: 8443
- listen on loopback interface only: no
- support invisible proxying for non-proxy-aware clients: yes
- redirect to host: <target-host>
- redirect to port: <target-port>
server SSL certificate
- generate a CA-signed certification with a specific hostname: <target-host>
intercept client requests
- intercept-if: yes
- update Content-Length: yes
intercept server responses
- intercept-if: yes
- update Content-Length: yes
misc
- unpack gzip / deflate: yes
On the device
iptables -t nat -A OUTPUT -p tcp --dst <target-host> --dport <target-port> -j DNAT --to-destination <intercept-host>:<intercept-port>
openssl s_client -connect <target-host>:<target-port> -showcerts
copy the PortSwigger server CA cert into /etc/ssl/certs/trustedcerts/PortSwigger.pem
link it into /etc/ssl/certs/trustedcerts/ and /var/ssl/trustedcerts/ as <hash>.0
openssl x509 -hash -noout < PortSwigger.pem