0

To get a locally running, non-proxy aware app to go anyway through my proxy (running on localhost:8081) I've been trying out various combinations of iptables rules that have all failed.

One that looked like it was supposed to do exactly what I want. Redirect to another port before leaving the computer:

iptables -t nat -A PREROUTING -i ens33 -p tcp --dport 443 -j REDIRECT --to-port 8081

This one just simply didn't redirect anything.

The following one, got the app to redirect everything successfully to my proxy, but something else went wrong. Looking at the proxy logs, the proxy received the answer, but kept requesting the same files. My assumption is that it didn't forward the responses back to the original application. 

iptables -t nat -A OUTPUT -p tcp --dport 443 -j DNAT --to-destination 127.0.0.1:8081

Despite those two I have tried various other combinations, read all sorts of tutorials and answers on serverfault and stackoverflow and flushed the chains in between also to ensure that it actually starts with a clean slate. Now that all of that failed, I hope someone can point me to the answer.

user857990
  • 287
  • 3
  • 13
  • You need to make sure (1) your proxy server support transparent proxying and (2) be configured to do so. – Khaled Apr 25 '18 at 14:38
  • transparently proxying encrypted communication without the client being aware... it would require at least to install a root CA on the client to be able to carry a man in the middle. Wouldn't work with certificate pinning anyway (eg a chrome navigator going to https://google.com will never be fooled) – A.B Apr 30 '18 at 21:09

1 Answers1

0

Ok, the easy way around was to set the DNS entry of the server the app was trying to connect to, to the proxy. Listen on port 80/tcp and 443/tcp. Enable invisible proxying and done.

user857990
  • 287
  • 3
  • 13