0

I have mitmproxy running in reverse mode; I don't specify a listening port: 

sudo mitmpdump -vv --mode reverse:http://target.server.example.com:80/ --set block_global=false -R ":~q ~m GET:^.*$:/test.html"

I get "Proxy server listening at http://*:8080", and it works for connections on port 80, 443 or 8080.

I added two new NICs to the server; I get no response for traffic sent to either new NIC. Is there something that I need to tweak?

Can traffic be proxies to different destinations based on the NIC/address that the traffic arrived on?

imac
  • 47
  • 9
  • I've confirmed the traffic hits the server (tcpdump) but mitmproxy only responds on one interface, the one that was present when it was installed. I tried re-install mitmproxy but: `sudo apt-get remove mitmproxy Reading package lists... Done Building dependency tree Reading state information... Done Package 'mitmproxy' is not installed, so not removed :~$ sudo apt-get remove pip3 Reading package lists... Done Building dependency tree Reading state information... Done E: Unable to locate package pip3` Can anyone advise, regarding the multiple interfaces, or how to uninstall? – imac Mar 05 '20 at 11:52

1 Answers1

0

Going back through my command history revealed that - 4 months earlier - I'd configured transparent proxying on the first interface. e.g.

sudo iptables -t nat -A PREROUTING -i ens160 -p tcp --dport 80 -j REDIRECT --to-port 8080

Re-reading [https://docs.mitmproxy.org/stable/howto-transparent/] gave a bit of background.

I used a destination match to determine the port for Mitm to listen on, e.g.: sudo iptables -t nat -A PREROUTING -i ens192 -p tcp -m tcp -d x.88.164.10 --dport 443 -j REDIRECT --to-ports 8082

Having added the second NIC, with two addresses, for both ports, sudo iptables -t nat -L looked like:

Chain PREROUTING (policy ACCEPT) target prot opt source destination REDIRECT tcp -- anywhere this.host tcp dpt:http redir ports 8080 REDIRECT tcp -- anywhere this.host tcp dpt:https redir ports 8080 REDIRECT tcp -- anywhere this.host tcp dpt:http redir ports 8081 REDIRECT tcp -- anywhere this.host tcp dpt:https redir ports 8081 REDIRECT tcp -- anywhere this.host tcp dpt:http redir ports 8082 REDIRECT tcp -- anywhere this.host tcp dpt:https redir ports 8082

Requests are now picked up on either interface, including the IP alias.

sudo iptables-save changes permanent.

I almost feel like I understand what's going on now...

imac
  • 47
  • 9