||6 months ago|
|Readme.md||6 months ago|
|android-install-mitmproxy-certificate.sh||6 months ago|
|gpl-3.0.txt||6 months ago|
|wireguard.sh||6 months ago|
Helper scripts for analyzing network traffic as a man in the middle
This script setups a wireguard server. Everything which is routed over it can be viewed with tools like wireshark.
- qrencode (optional)
- sysctl (part of systemd)
Launch the script with root permissions.
What does it do?
It setups a wireguard server which redirects the traffic from the client using network address translation. It creates a configuration for exactly one client. When you've finished your experiments, it disables the wireguard server again.
It is possible to enable and disable per port if it should be redirected to
This makes it easy to use
mitmproxy --mode transparent --showhost because the only thing
one must do is enabling the redirection for port 80 and 443.
There is the option to show the client configuration as text or as barcode. The barcode is very confortable when using the Wireguard Android Client which can scan it to use the configuration.
To make sure that you don't forget to connect the client, this script sends a
ping over the tunnel before it leaves the setup phase. It is possible to skip this, but that is not recommend.
https://docs.mitmproxy.org/stable/howto-install-system-trusted-ca-android/ tells one how to trust the mitmproxy certificate in the Android Emulator. This script does the same for a real device with an unlocked bootloader and custom recovery (like TWRP).
- launch mitmproxy once so that it generates its certificate
- launch the custom recovery at the phone
- mount the system partition in the recovery system and make sure that it is not mounted read only
- connect the phone to the computer
- run the script
- reboot the phone
- check that the system knows a CA which is called
During running the script, messages that start with
libc: Access denied finding property can be ignored.
They are not related to the executed commands.
What does it do?
This can be seen at its source code. It reads the certificate, calculates the required filename, copies it to the device using adb and sets the permissions and selinux context so that it looks like the other certificates.
This license only applies to the scripts, not to the tools which are used by the scripts.
MITM-Helper - Helper scripts for analyzing network traffic as a man in the middle
Copyright (C) 2021 Jonas Lochmann
This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, version 3 of the License.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with this program. If not, see https://www.gnu.org/licenses/.