0

I am trying to reroute HTTP traffic from 80 to 8080 to be used by Burp Suite.

Using iptables, my command was:

iptables -t nat -A OUTPUT -p tcp --dport 80 -j DNAT --to 127.0.0.1:8080

By doing so, traffic did get rerouted to port 8080 and shown in Burp. However, the GET request keeps loading and if I disable the intercept, the requests flood the Burp history until it is full.

I have done a full flush and reset of iptables to no effect.

EDIT: After investigating more, I suspect that the same request keeps going back to Burp Suite after forwarding. This may be a problem with Burp instead. Help?

MORE INFO: I am doing this on an ubuntu 13 virtual machine and testing this with the browser of an android emulator (running in the VM) without proxy.

bunbun
  • 157
  • 1
  • 1
  • 7

2 Answers2

1

Correct me if I'm wrong, but Burp Suite is a proxy, so for every connection in there'll be another connection back out. Your first connection is getting properly re-routed to Burp and, then, Burp's own outbound connections are being rerouted as well. You may be able to exclude Burp by modifying your iptables rule as so:

   iptables -t nat -A OUTPUT -p tcp --dport 80 ! --uid-owner <UID OF BURP PROCESS> -j DNAT --to 127.0.0.1:8080

Of course, it'd be important for you to run the Burp as a different user than your browser. I could likely give you a better answer if I had more details or an example scenario describing what you're trying to accomplish?

Good Luck.

EDIT: the proper command that worked was

iptables -t nat -A OUTPUT -p tcp --dport 80 -m owner ! --uid-owner 0 -j DNAT --to 127.0.0.1:8080

after running Burp Suite as root.

bunbun
  • 157
  • 1
  • 1
  • 7
etherfish
  • 1,757
  • 10
  • 12
  • what do you mean by running as another user? sounds like a good way to circumvent the problem – bunbun Jan 21 '14 at 07:45
  • Gimme a little bit to double check a few things? I'm checking how both Burp Suite and the android emulator install/run. If you're starting the Burp Suite from a terminal window, then as a quick hack, try running it as root and using 0 as the argument to --uid-owner. Don't forget to iptables -t nat -F OUTPUT to flush out the old rule before you add the corrected one. – etherfish Jan 21 '14 at 07:53
  • my god, this actually worked! points to you thanks! – bunbun Jan 21 '14 at 08:13
  • I'm happy to help. Incidentally, did you know you can run x86 builds of android inside of vmware? That'd make things like this easier because vmware uses virtual network devices that are exposed to iptables. (vmnet0, vmnet9, etc.) Android on x86/vmware isn't perfect, but it is a lot faster than the ARM emulators. Good Luck. – etherfish Jan 21 '14 at 08:16
  • good point, I'll try that the next time – bunbun Jan 21 '14 at 08:17
0

My solution was to simply state the source of the HTTP request and limit all routing to those from that ip address.

sudo iptables -t nat -A OUTPUT -p tcp -s 127.0.0.1 --dport 80 -j DNAT --to 127.0.0.1:8080

after the request passes thru burp, it won't get routed again.

However, this only works for browsers (I'm using firefox).

When I tried this with the Android emulator, and changing the iptable rule to different sources like 10.0.2.1 (emulator's gateway address), 10.0.2.2, 10.0.2.15, the requests do not get routed.

bunbun
  • 157
  • 1
  • 1
  • 7
  • That was clever! I was about to point out that the android emulator itself has a provision for forcing all emulated device traffic through a proxy. Check http://developer.android.com/tools/help/emulator.html search for the -http-proxy option. – etherfish Jan 21 '14 at 07:57
  • Sorry, when I read "My solution" I assumed you'd fixed it. I'd suggest removing the iptables rules and try configuring the emulator to force the use of the proxy. – etherfish Jan 21 '14 at 07:59
  • hi yes thanks! I already tried using a proxy on the emulator and it works 100%. but I want to avoid configuring anything on the emulator. Having everything done by the host computer make its more elegant dont you think? – bunbun Jan 21 '14 at 08:01
  • Well, you could always use the http_proxy environment variable, because it sounds like your iptables solution is quickly becoming more complicated and fragile. If you check my comment below, if you run the Burp Suite as root or some other user, you can exempt it from the iptables rules. Unfortunately, the 10.0.x.x addresses are fictitious and translated inside of the android emulator itself. They never even reach anything iptables can work with. – etherfish Jan 21 '14 at 08:10