1

I discovered mitmproxy and would like to use it to simulate a replay attack.

The application uses MTProto on top of TCP, and I would like to replay entire MTProto messages.

My idea:

  1. Route traffic from client to server over a proxy
  2. Sniff all TCP packets
  3. Replay single TCP packets

The last part is the difficult part. The forged TCP packet must

  • increase the sequence number,
  • recompute the checksum

in order to get accepted.

I tried to use mitmproxy for this, but I only found out how to copy the entire flow, but not single packets.

Is it possible to achieve my goal with mitmproxy? If so, how to forge a single packet? Otherwise: Are there better tools for this attack?

Theova
  • 11
  • 2
  • May be a specialized TCP interception proxy suits better your needs: https://blog.susanka.eu/how-to-modify-general-tcp-ip-traffic-on-the-fly-with-trudy/ – Robert Oct 13 '21 at 09:30
  • You can't inject specific packets with mitmproxy, but you can inject additional bytes into a live connection using the `inject.tcp` command. Does that help? – Maximilian Hils Oct 13 '21 at 11:20
  • Good idea! This led me to the solution! – Theova Oct 14 '21 at 09:14

1 Answers1

0

The following add-on does the job for me solution (similar in spirit to Susanka):

class Replayer:
    def __init__(self):
        self.num = 0
        self.saved = None

    def tcp_message(self, flow):
        message = flow.messages[-1]
        if len(str(message)) > 700:
            if self.saved is None:
                self.saved = message.content
            else:
                message.content = self.saved
                self.saved = None


addons = [
    Replayer()
]
Theova
  • 11
  • 2