From 44c8bbba1c46b7acc79bec36f83a7702d20652a0 Mon Sep 17 00:00:00 2001 From: FreeArtMan Date: Sat, 26 Sep 2015 15:56:53 +0100 Subject: Small fixes and new post. mitmproxy post --- md/about.md | 6 ++ md/index.md | 3 + md/writeup.md | 3 +- md/writeup/mitmproxy.md | 136 +++++++++++++++++++++++++++++++++++++++++++++ md/writeup/rtlsdr_usage.md | 2 +- 5 files changed, 148 insertions(+), 2 deletions(-) create mode 100644 md/writeup/mitmproxy.md (limited to 'md') diff --git a/md/about.md b/md/about.md index 5b804ed..adacd33 100644 --- a/md/about.md +++ b/md/about.md @@ -2,5 +2,11 @@ This site is more like small notes thats I use time to time it is more like reference guide. +# GitHub +https://github.com/FreeArtMan + +# IRC + chat.freenode.net #mainlv + # Contact dos21h.......gmail..... \ No newline at end of file diff --git a/md/index.md b/md/index.md index 0ff47c8..f373d7a 100644 --- a/md/index.md +++ b/md/index.md @@ -1,3 +1,6 @@ +# Index Collection notes on different topics about computer related stuff +Current reasearches are around API traffic and SDR + diff --git a/md/writeup.md b/md/writeup.md index 5fad0eb..62fc4b5 100644 --- a/md/writeup.md +++ b/md/writeup.md @@ -2,7 +2,8 @@ ### SDR -[RTLSDR usage](writeup/rtlsdr_usage.md) +[Using RTLSDR](writeup/rtlsdr_usage.md) +[Using mitmproxy](writeup/mitmproxy.md) # Archive [Create ELF file from scratch](http://archive.main.lv/writeup/create_elf_file_from_scratch.html) diff --git a/md/writeup/mitmproxy.md b/md/writeup/mitmproxy.md new file mode 100644 index 0000000..8f36f57 --- /dev/null +++ b/md/writeup/mitmproxy.md @@ -0,0 +1,136 @@ +# MITMproxy + +## Intro + +MITMproxy is proxy that allows easily to make MITM attacks on traffic that +come trough proxy. It supports HTTP/HTTPS and SOCKS5 modes. It allow to modify +traffic on the fly or just trigger some interesting info for further analysis. +Its good to for researching API interfaces on mobile platforms. + +Project page is https://mitmproxy.org/ where you can find additional info. + + +## Install + +There is possible to install mitmproxy from distribution repositories + +On Debian like systems +```bash +sudo apt-get install mitmproxy +``` + +On archlinux system +```bash +pacman -S mitmproxy +``` + +### Sources + +Mitmproxy uses github for development here is project page on github + +https://github.com/mitmproxy/mitmproxy + +If you whant just clone it + +```bash +git clone https://github.com/mitmproxy/mitmproxy.git +``` + +## Using + +There is many scenarios when you would like to use mitmproxy here is some +that are for fun or serious job to do with proxy. + +### Use proxy for browser + +Okey lets cover just setting up mitmproxy in simple scenario for some browser. + +Here is snippet how to run mitmporxy in HTTP mode on port 10000 +```bash +#!/bin/sh +export LANG=en_US.UTF-8 +mitmproxy --port 10000 +``` + +Setup your browser to http proxy mode and you try some http pages and will +see all requests. + +### Setting up your own proxy for Android + +Lets try now mitmproxy as Android proxy. First way how to setup proxy is + +As application can just bypass proxy setting that you set in Android default +way, its better way to use ProxyDroid otherwise some APPs will ignore proxy +settings. + +#### Setting up mitmproxy certificate on Android device + +mitmproxy certificates are stored in _~/.mitmproxy_ directory + +To install certificate in Android _Setting->Security_ you should choose option +_Install from storage_ and point where you saved mitmproxy certificate. + +How to transfer mitmproxy certificate on you device is up to you, there is +many ways from old-school ftp style to some Bluetooth connected file sharing. + +Final step is to setup proxy. You can do it in Network menu but +applications can bypass it. That why rooted device with ProxyDroid is better +solution. Set in ProxyDroid you port to **8080** (default port of mitmproxy) and +_Proxy Type_ to **SOCKS**. You can choose also **HTTP** or **HTTPS** proxy type +but if application uses both of them then you will not see one or other. + +#### Starting mitmproxy in SOCKS5 mode + +```bash +mitmproxy --socks +``` + +Now when you will use apps you will see how some traffic going in or out. +Also as mitmproxy is HTTP/HTTPS proxy you will not see if there is some +other protocols. + +Here is some top applications on Android +[Top 50](http://www.techradar.com/news/phone-and-communications/mobile-phones/top-210-best-android-apps-2013-693696) +you can search for many other list of "top" Android applications. + +Now when you have something to explore you there is few tips. +* You could experience that application works but you dont see any traffic +mitmproxy, check network traffic with wireshark maybe just non-http protocol +used. +* If application fail to connect while you sure that proxy works properly +it could be it use some MTIM attack protection such as certificate pinning. +* If application fail to connect while you sure that proxy works run such +application with different MTIM proxy like [Charles](http://www.charlesproxy.com/) +it could be just mitmproxy bug (as its in active development) +* If there is some streaming in application and it doesnt work with mitmproxy +confirm that with [Charles](http://www.charlesproxy.com/) sometime mitmproxy +couldnt stream http while [Charles](http://www.charlesproxy.com/) could do it. + +### Writing you own scripts + +### Traffic monitoring + +## Conclusion + +As any open source project mitmproxy suffers from usual open source project +diseases, like lack of support bad documentation and small amount users who use +it professionally. From other point it written in python and its easy to hack +into source by extending with your own use case specific scripts. And unlimited +libraries that python have allows to integrate mitmproxy in anything you would +like from statistical libraries for analyzing traffic to where you imagination +stops. + +If speak about how applications work on Android then they all definitely suck. +There you can find plain usernames/password sended in HTTPS to secret API's +whose only security is trust in HTTPS. Many applications uses many external +API's for extra services with requires plain password to authenticate. And +definitely OAuth 2.0 suck more then OAuth1.0 from user security point. Here is +some talks from guy who worked on OAuth standard +[http://hueniverse.com/2012/07/26/oauth-2-0-and-the-road-to-hell/comment-page-1/](http://hueniverse.com/2012/07/26/oauth-2-0-and-the-road-to-hell/comment-page-1/). +Probably you will find much more about how security suck in application API +level. + +## Links + +1. [https://mitmproxy.org/](https://mitmproxy.org/) +2. [https://github.com/mitmproxy/mitmproxy](https://github.com/mitmproxy/mitmproxy) \ No newline at end of file diff --git a/md/writeup/rtlsdr_usage.md b/md/writeup/rtlsdr_usage.md index 0c8bb27..68ec170 100644 --- a/md/writeup/rtlsdr_usage.md +++ b/md/writeup/rtlsdr_usage.md @@ -33,7 +33,7 @@ All binaries is in src dir. Util | Desc --- | --- -*rtl_adsb* | recieve plain ADSB plain packets +_rtl_adsb_ | recieve plain ADSB plain packets _rtl_eeprom_ | read | _rtl_power_ | log power over frequency range _rtl_fm_ | demodulate signals -- cgit v1.2.3