diff options
Diffstat (limited to 'md/writeup')
| -rw-r--r-- | md/writeup/mitmproxy.md | 136 | ||||
| -rw-r--r-- | md/writeup/rtlsdr_usage.md | 2 |
2 files changed, 137 insertions, 1 deletions
diff --git a/md/writeup/mitmproxy.md b/md/writeup/mitmproxy.md new file mode 100644 index 0000000..8f36f57 --- /dev/null +++ b/md/writeup/mitmproxy.md @@ -0,0 +1,136 @@ +# MITMproxy + +## Intro + +MITMproxy is proxy that allows easily to make MITM attacks on traffic that +come trough proxy. It supports HTTP/HTTPS and SOCKS5 modes. It allow to modify +traffic on the fly or just trigger some interesting info for further analysis. +Its good to for researching API interfaces on mobile platforms. + +Project page is https://mitmproxy.org/ where you can find additional info. + + +## Install + +There is possible to install mitmproxy from distribution repositories + +On Debian like systems +```bash +sudo apt-get install mitmproxy +``` + +On archlinux system +```bash +pacman -S mitmproxy +``` + +### Sources + +Mitmproxy uses github for development here is project page on github + +https://github.com/mitmproxy/mitmproxy + +If you whant just clone it + +```bash +git clone https://github.com/mitmproxy/mitmproxy.git +``` + +## Using + +There is many scenarios when you would like to use mitmproxy here is some +that are for fun or serious job to do with proxy. + +### Use proxy for browser + +Okey lets cover just setting up mitmproxy in simple scenario for some browser. + +Here is snippet how to run mitmporxy in HTTP mode on port 10000 +```bash +#!/bin/sh +export LANG=en_US.UTF-8 +mitmproxy --port 10000 +``` + +Setup your browser to http proxy mode and you try some http pages and will +see all requests. + +### Setting up your own proxy for Android + +Lets try now mitmproxy as Android proxy. First way how to setup proxy is + +As application can just bypass proxy setting that you set in Android default +way, its better way to use ProxyDroid otherwise some APPs will ignore proxy +settings. + +#### Setting up mitmproxy certificate on Android device + +mitmproxy certificates are stored in _~/.mitmproxy_ directory + +To install certificate in Android _Setting->Security_ you should choose option +_Install from storage_ and point where you saved mitmproxy certificate. + +How to transfer mitmproxy certificate on you device is up to you, there is +many ways from old-school ftp style to some Bluetooth connected file sharing. + +Final step is to setup proxy. You can do it in Network menu but +applications can bypass it. That why rooted device with ProxyDroid is better +solution. Set in ProxyDroid you port to **8080** (default port of mitmproxy) and +_Proxy Type_ to **SOCKS**. You can choose also **HTTP** or **HTTPS** proxy type +but if application uses both of them then you will not see one or other. + +#### Starting mitmproxy in SOCKS5 mode + +```bash +mitmproxy --socks +``` + +Now when you will use apps you will see how some traffic going in or out. +Also as mitmproxy is HTTP/HTTPS proxy you will not see if there is some +other protocols. + +Here is some top applications on Android +[Top 50](http://www.techradar.com/news/phone-and-communications/mobile-phones/top-210-best-android-apps-2013-693696) +you can search for many other list of "top" Android applications. + +Now when you have something to explore you there is few tips. +* You could experience that application works but you dont see any traffic +mitmproxy, check network traffic with wireshark maybe just non-http protocol +used. +* If application fail to connect while you sure that proxy works properly +it could be it use some MTIM attack protection such as certificate pinning. +* If application fail to connect while you sure that proxy works run such +application with different MTIM proxy like [Charles](http://www.charlesproxy.com/) +it could be just mitmproxy bug (as its in active development) +* If there is some streaming in application and it doesnt work with mitmproxy +confirm that with [Charles](http://www.charlesproxy.com/) sometime mitmproxy +couldnt stream http while [Charles](http://www.charlesproxy.com/) could do it. + +### Writing you own scripts + +### Traffic monitoring + +## Conclusion + +As any open source project mitmproxy suffers from usual open source project +diseases, like lack of support bad documentation and small amount users who use +it professionally. From other point it written in python and its easy to hack +into source by extending with your own use case specific scripts. And unlimited +libraries that python have allows to integrate mitmproxy in anything you would +like from statistical libraries for analyzing traffic to where you imagination +stops. + +If speak about how applications work on Android then they all definitely suck. +There you can find plain usernames/password sended in HTTPS to secret API's +whose only security is trust in HTTPS. Many applications uses many external +API's for extra services with requires plain password to authenticate. And +definitely OAuth 2.0 suck more then OAuth1.0 from user security point. Here is +some talks from guy who worked on OAuth standard +[http://hueniverse.com/2012/07/26/oauth-2-0-and-the-road-to-hell/comment-page-1/](http://hueniverse.com/2012/07/26/oauth-2-0-and-the-road-to-hell/comment-page-1/). +Probably you will find much more about how security suck in application API +level. + +## Links + +1. [https://mitmproxy.org/](https://mitmproxy.org/) +2. [https://github.com/mitmproxy/mitmproxy](https://github.com/mitmproxy/mitmproxy)
\ No newline at end of file diff --git a/md/writeup/rtlsdr_usage.md b/md/writeup/rtlsdr_usage.md index 0c8bb27..68ec170 100644 --- a/md/writeup/rtlsdr_usage.md +++ b/md/writeup/rtlsdr_usage.md @@ -33,7 +33,7 @@ All binaries is in src dir. Util | Desc --- | --- -*rtl_adsb* | recieve plain ADSB plain packets +_rtl_adsb_ | recieve plain ADSB plain packets _rtl_eeprom_ | read | _rtl_power_ | log power over frequency range _rtl_fm_ | demodulate signals |