0

Goal: capture traffic from my mobile phone, even with ssl connection.

I set up a Laptop with a Ethernet connection. Turned on a hotspot to share this connection to my mobile phone. Followed the Documentation. Internet on the phone is working perfectly fine until I enable the PREROUTING rules. 

iptables -t nat -A PREROUTING -i wlan0 -p tcp --dport 80 -j REDIRECT --to-port 8080
iptables -t nat -A PREROUTING -i wlan0 -p tcp --dport 443 -j REDIRECT --to-port 8080

Why can't I access the Internet from the phone after applying these rules?

Thank you already for your help.

Dave
  • 1

2 Answers2

0

you need to 1. enable port forwarding with setting 

sysctl net.ipv4.ip_forward=1

2. to capture SSL traffic you would use a tool called ssl-snarf, read up on it. 3. while you are statically setting the IP tables, I would use a tool like arpspoof instead. this is assuming you are using Ubuntu.

vlad mcandrew
  • 189
  • 9
  • sysctl net.ipv4.ip_forward=1 is set and I couldn't find information about a tool called ssl-snarf, could you post a link? – Dave May 09 '18 at 14:55
0

Your configuration looks correct. It should work even with forwarding disabled.

  1. Can you see incomming packets in tcpdump? No> phone does not send anything
  2. Do you see ICMP redirects? Yes> sysctl -w net.ipv4.conf.wlan0.send_redirects=0
    • Remove the PREROUTING rules
    • Start nc -lp 8080 instead of mitmproxy
    • Connect from the phone to to wlanIP:8080
    • Can netcat see the connection? No> local firewall blocks the connection
user185953
  • 83
  • 1
  • 6