1

As part of a security test of an iOS app I'm developing, I'd like to verify that it correctly validates SSL/TLS certificates when connecting to various APIs. I installed mitmproxy on my Mac and configured it as a transparent proxy, then configured the WiFi based on this transparent proxy iOS WiFi screenshot. The iPhone takes a very long time to show that it's connected to WiFi, and after it does, it can't access the network. Nothing at all shows up in mitmproxy, including in its event log: mitmproxy shows nothing

Details of the mitmproxy configuration

I installed mitmproxy 0.11.3 in my system python (and renamed the outdated pyOpenSSL that ships with OSX, so that it uses pyOpenSSL 0.14 as installed with mitmproxy by pip).

I'm using the following script to configure and start pf and mitmproxy:

#!/bin/bash -x
sudo sysctl -w net.inet.ip.forwarding=1

# sudo sysctl -w net.inet.ip.scopedroute=0
## OSX can't change the net.inet.ip.scopedroute kernel flag in user space so I used:
## sudo defaults write "/Library/Preferences/SystemConfiguration/com.apple.Boot" "Kernel     Flags" "net.inet.ip.scopedroute=0
## and then rebooted
sudo defaults read /Library/Preferences/SystemConfiguration/com.apple.Boot

cat > pf.conf << _EOF_
rdr on en0 inet proto tcp to any port 80 -> 127.0.0.1 port 8080
rdr on en0 inet proto tcp to any port 443 -> 127.0.0.1 port 8080
_EOF_
cat pf.conf

sudo pfctl -d
sudo pfctl -f pf.conf
sudo pfctl -e

mitmproxy -T --host

Interface en0 is my Mac's WiFi connection.

The output from that script (visible after stopping mitmproxy with control-C) looks like this:

$ ./transparent.sh 
+ sudo sysctl -w net.inet.ip.forwarding=1
net.inet.ip.forwarding: 1 -> 1
+ sudo defaults read /Library/Preferences/SystemConfiguration/com.apple.Boot
{
    "Kernel Flags" = "net.inet.ip.scopedroute=0";
}
+ cat
+ cat pf.conf
rdr on en0 inet proto tcp to any port 80 -> 127.0.0.1 port 8080
rdr on en0 inet proto tcp to any port 443 -> 127.0.0.1 port 8080
+ sudo pfctl -d
No ALTQ support in kernel
ALTQ related functions disabled
pf disabled
+ sudo pfctl -f pf.conf
pfctl: Use of -f option, could result in flushing of rules
present in the main ruleset added by the system at startup.
See /etc/pf.conf for further details.

No ALTQ support in kernel
ALTQ related functions disabled
+ sudo pfctl -e
No ALTQ support in kernel
ALTQ related functions disabled
pf enabled
+ mitmproxy -T --host

Details of the iOS configuration

I'm using a physical iPhone5s on iOS 8.1 and connecting to the same WiFi network as the Mac. My WiFi configuration looks like this: transparent proxy wifi config on iPhone

I've used 192.168.20.118 because that is the IP address of my Mac on the same WiFi network, which I found using ifconfig:

$ ifconfig
[...]
en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
    ether xx:xx:xx:xx:xx:xx 
    inet6 fe80::22c9:d0ff:fe84:983b%en0 prefixlen 64 scopeid 0x4 
    inet 192.168.20.118 netmask 0xffffff00 broadcast 192.168.20.255
    nd6 options=1<PERFORMNUD>
    media: autoselect
    status: active
[...]
Alex Nauda
  • 4,126
  • 1
  • 24
  • 24
  • This looks really good to me. (1) Which OSX Version are you using? (2) Can you observe anything interesting on the Network in Wireshark? Feel free to hop in the mitmproxy irc channel and ping cortesi or me, so that we can take a closer look together. – Maximilian Hils Jan 15 '15 at 23:17
  • OSX 1.9.5 (Mavericks). Wireshark doesn't show any traffic from or to the device. I tried a second device as well, this time an iPad 4 also running iOS 8.1. Same result. – Alex Nauda Jan 16 '15 at 17:23
  • I'm pretty sure that mitmproxy is working fine, because I'm able to connect to it by configuring an https proxy on the iOS device (after removing the -T flag from the mitmproxy command line). The transparent proxy, however, just does not seem to work. – Alex Nauda Jan 18 '15 at 03:34
  • Very wierd. Any unusual firewall/router configuration? Do you have access to another computer which you could configure to use mitmproxy transparently and then run wireshark there? You may be getting ICMP redirects from the router or something similar. – Maximilian Hils Jan 19 '15 at 13:59
  • I gave up on using a transparent proxy and just tested what I needed with a regular HTTP proxy. This works fine for iOS apps, since every NSURLRequest goes through the proxy. The same isn't true for Android, so I'll avoid trying to test the security of Android apps using mitmproxy on OSX. – Alex Nauda Feb 02 '15 at 07:02
  • 2
    Why not use `virtualenv` rather than renaming system OpenSSL python modules? http://www.dabapps.com/blog/introduction-to-pip-and-virtualenv-python/ – NoBugs Oct 10 '15 at 05:14
  • Good point (because hack, hack, hack) but that's not what's preventing this from working. I'm still using mitmproxy to test apps' cert validation and some other features, but I go through the proxy config explicitly on each iOS device instead of using a transparent proxy. – Alex Nauda Oct 12 '15 at 21:24

2 Answers2

1

I got the same problem. In my case, i turn off Mac OS Firewall in Setting panel. It works and i can use mitmproxy as a transparent proxy.

khapota
  • 11
  • 1
  • My firewall has been off the whole time, so that's not the same break. – Alex Nauda Feb 09 '15 at 18:16
  • This is my pf.conf and redirect rule: https://gist.github.com/khapota/91ec42b125d4814b9856 https://gist.github.com/khapota/1058b8ad6a1d0f99ba80 – khapota Feb 13 '15 at 02:18
1

i occur the same problem today .and i solve it only set the dns.and i think the mitmproxy did not provide dns

Minghai Xu
  • 11
  • 1
  • It's been over three years, so I don't have either of the devices I was using to test this, but I believe DNS would explain the behavior I saw. – Alex Nauda Apr 22 '18 at 20:40