Small fixes and new post. mitmproxy post

5 files changed, 148 insertions, 2 deletions

diff --git a/md/about.md b/md/about.md
index 5b804ed..adacd33 100644
--- a/md/about.md
+++ b/md/about.md
@@ -2,5 +2,11 @@
 This site is more like small notes thats I use time to time
 it is more like reference guide. 
 
+# GitHub
+https://github.com/FreeArtMan
+
+# IRC
+	chat.freenode.net #mainlv
+
 # Contact 
  dos21h.......gmail..... 
\ No newline at end of file
diff --git a/md/index.md b/md/index.md
index 0ff47c8..f373d7a 100644
--- a/md/index.md
+++ b/md/index.md
@@ -1,3 +1,6 @@
+# Index
 Collection notes on different topics about computer related stuff
 
+Current reasearches are around API traffic and SDR
+
 
diff --git a/md/writeup.md b/md/writeup.md
index 5fad0eb..62fc4b5 100644
--- a/md/writeup.md
+++ b/md/writeup.md
@@ -2,7 +2,8 @@
 
 ### SDR
 
-[RTLSDR usage](writeup/rtlsdr_usage.md)  
+[Using RTLSDR](writeup/rtlsdr_usage.md)  
+[Using mitmproxy](writeup/mitmproxy.md)  
 
 # Archive
 [Create ELF file from scratch](http://archive.main.lv/writeup/create_elf_file_from_scratch.html)  
diff --git a/md/writeup/mitmproxy.md b/md/writeup/mitmproxy.md
new file mode 100644
index 0000000..8f36f57
--- /dev/null
+++ b/md/writeup/mitmproxy.md
@@ -0,0 +1,136 @@
+# MITMproxy
+
+## Intro
+
+MITMproxy is proxy that allows easily to make MITM attacks on traffic that
+come trough proxy. It supports HTTP/HTTPS and SOCKS5 modes. It allow to modify
+traffic on the fly or just trigger some interesting info for further analysis.
+Its good to for researching API interfaces on mobile platforms.
+
+Project page is https://mitmproxy.org/ where you can find additional info.
+
+
+## Install
+
+There is possible to install mitmproxy from distribution repositories
+
+On Debian like systems
+```bash
+sudo apt-get install mitmproxy
+```
+
+On archlinux system
+```bash
+pacman -S mitmproxy
+```
+
+### Sources
+
+Mitmproxy uses github for development here is project page on github
+
+https://github.com/mitmproxy/mitmproxy
+
+If you whant just clone it
+
+```bash
+git clone https://github.com/mitmproxy/mitmproxy.git
+```
+
+## Using
+
+There is many scenarios when you would like to use mitmproxy here is some
+that are for fun or serious job to do with proxy.
+
+### Use proxy for browser
+
+Okey lets cover just setting up mitmproxy in simple scenario for some browser.
+
+Here is snippet how to run mitmporxy in HTTP mode on port 10000
+```bash
+#!/bin/sh
+export LANG=en_US.UTF-8
+mitmproxy --port 10000
+```
+
+Setup your browser to http proxy mode and you try some http pages and will
+see all requests.
+
+### Setting up your own proxy for Android
+
+Lets try now mitmproxy as Android proxy. First way how to setup proxy is
+
+As application can just bypass proxy setting that you set in Android default
+way, its better way to use ProxyDroid otherwise some APPs will ignore proxy
+settings.
+
+#### Setting up mitmproxy certificate on Android device
+
+mitmproxy certificates are stored in _~/.mitmproxy_ directory
+
+To install certificate in Android _Setting->Security_ you should choose option
+_Install from storage_ and point where you saved mitmproxy certificate.
+
+How to transfer mitmproxy certificate on you device is up to you, there is
+many ways from old-school ftp style to some Bluetooth connected file sharing.
+
+Final step is to setup proxy. You can do it in Network menu but
+applications can bypass it. That why rooted device with ProxyDroid is better
+solution. Set in ProxyDroid you port to **8080** (default port of mitmproxy) and
+_Proxy Type_ to **SOCKS**. You can choose also **HTTP** or **HTTPS** proxy type 
+but if application uses both of them then you will not see one or other.
+
+#### Starting mitmproxy in SOCKS5 mode
+
+```bash
+mitmproxy --socks
+```
+
+Now when you will use apps you will see how some traffic going in or out.
+Also as mitmproxy is HTTP/HTTPS proxy you will not see if there is some 
+other protocols.
+
+Here is some top applications on Android
+[Top 50](http://www.techradar.com/news/phone-and-communications/mobile-phones/top-210-best-android-apps-2013-693696)
+you can search for many other list of "top" Android applications. 
+
+Now when you have something to explore you there is few tips. 
+* You could experience that application works but you dont see any traffic
+mitmproxy, check network traffic with wireshark maybe just non-http protocol 
+used.
+* If application fail to connect while you sure that proxy works properly
+it could be it use some MTIM attack protection such as certificate pinning.
+* If application fail to connect while you sure that proxy works run such
+application with different MTIM proxy like [Charles](http://www.charlesproxy.com/)
+it could be just mitmproxy bug (as its in active development)
+* If there is some streaming in application and it doesnt work with mitmproxy
+confirm that with [Charles](http://www.charlesproxy.com/) sometime mitmproxy
+couldnt stream http while [Charles](http://www.charlesproxy.com/) could do it.
+
+### Writing you own scripts
+
+### Traffic monitoring
+
+## Conclusion
+
+As any open source project mitmproxy suffers from usual open source project
+diseases, like lack of support bad documentation and small amount users who use
+it professionally. From other point it written in python and its easy to hack
+into source by extending with your own use case specific scripts. And unlimited
+libraries that python have allows to integrate mitmproxy in anything you would
+like from statistical libraries for analyzing traffic to where you imagination
+stops.
+
+If speak about how applications work on Android then they all definitely suck.
+There you can find plain usernames/password sended in HTTPS to secret API's
+whose only security is trust in HTTPS. Many applications uses many external
+API's for extra services with requires plain password to authenticate. And
+definitely OAuth 2.0 suck more then OAuth1.0 from user security point. Here is
+some talks from guy who worked on OAuth standard 
+[http://hueniverse.com/2012/07/26/oauth-2-0-and-the-road-to-hell/comment-page-1/](http://hueniverse.com/2012/07/26/oauth-2-0-and-the-road-to-hell/comment-page-1/).
+Probably you will find much more about how security suck in application API 
+level.
+
+## Links
+
+1. [https://mitmproxy.org/](https://mitmproxy.org/)
+2. [https://github.com/mitmproxy/mitmproxy](https://github.com/mitmproxy/mitmproxy)
\ No newline at end of file
diff --git a/md/writeup/rtlsdr_usage.md b/md/writeup/rtlsdr_usage.md
index 0c8bb27..68ec170 100644
--- a/md/writeup/rtlsdr_usage.md
+++ b/md/writeup/rtlsdr_usage.md
@@ -33,7 +33,7 @@ All binaries is in src dir.
 
 Util | Desc 
 --- | ---
-*rtl_adsb* | recieve plain ADSB plain packets 
+_rtl_adsb_ | recieve plain ADSB plain packets 
 _rtl_eeprom_ | read |   
 _rtl_power_ | log power over frequency range  
 _rtl_fm_ | demodulate signals