|
1 | | -## mitmproxy-tools |
| 1 | +# mitmproxy-setup |
2 | 2 |
|
3 | | -List of generic mitmproxy scripts I use while working on various researches, pentests and bug bounties. |
| 3 | +Here's the mitmproxy setup I use when working on various researches, pentests, and bug bounties. |
4 | 4 |
|
5 | | -Previously |
| 5 | +Contributions are welcome! Feel free to share any interesting addons or views you have. |
6 | 6 |
|
7 | | -* I wrote a blog post about my [mitmproxy + openvpn](https://blog.flatt.tech/entry/mitmproxy) setup at my former workpace. |
8 | | -* then I wrote another [mitmproxy + openvpn](https://gist.github.com/stypr/abe9ef83556759847c063ae9389fa0ae) setup to show the current setup |
| 7 | +## Background |
9 | 8 |
|
10 | | -What has been changed this time |
| 9 | +### Previous Work |
11 | 10 |
|
12 | | -* Directory structures have been changed for convenient addons |
13 | | - - `views/*` can be used to auto decrypt some of request/response data for better visuals |
14 | | - - `addons/*` can be used to work like plugins to do actions upon send/receive. |
| 11 | +Long ago, I wrote a blog post of my [mitmproxy + OpenVPN setup](https://blog.flatt.tech/entry/mitmproxy) at my former workplace. |
| 12 | +Then I later published another [mitmproxy + OpenVPN setup](https://gist.github.com/stypr/abe9ef83556759847c063ae9389fa0ae) to show the current setup both in English and Korean. |
15 | 13 |
|
16 | | -* Replacing openvpn setups to wireguard setups |
17 | | - - When upstream SOCK5 proxy only supports TCP, UDP packets have to be passed through somehow. |
18 | | - 1. Unfortunately, transparent proxy will not pass UDP packets, while the wireguard mode does support DNS and UDP packet mitm. |
19 | | - - Setups are much simpler than typical openvpn setup. |
20 | | - - Reference: https://mitmproxy.org/posts/wireguard-mode/ |
21 | | - - There are still some limitations like lack of handling for HTTP2 and HTTP3, but we can still use the old HTTPS. |
| 14 | +### What's New? |
22 | 15 |
|
23 | | -Feel free to contribute if you have any interesting addons/views to share. |
| 16 | +This time introduces a few more changes: |
24 | 17 |
|
25 | | -### Installations |
| 18 | +### Directory Structure Updates |
26 | 19 |
|
27 | | -#### Summary |
| 20 | +- **`views/*`**: Automates decryption of specific request/response data to enhance data visualization. |
| 21 | +- **`addons/*`**: Acts as plugins to perform actions on send/receive HTTP data |
28 | 22 |
|
29 | | -Most of them are same as [the gist version](https://gist.github.com/stypr/abe9ef83556759847c063ae9389fa0ae), except that you don't have to install OpenVPN anymore. |
| 23 | +#### Transition to WireGuard Setup |
30 | 24 |
|
31 | | -1. Install `wireguard` on your system (`apt install -y wireguard`) |
| 25 | +- Completely Replaced OpenVPN with WireGuard for improved functionality. (Ref. [WireGuard Mode](https://mitmproxy.org/posts/wireguard-mode/)) |
| 26 | + - WireGuard mode supports DNS and UDP packet manipulation, unlike the transparent proxy, which cannot pass UDP packets when the upstream SOCKS5 proxy only supports TCP. |
| 27 | + - WireGuard setups are significantly simpler compared to traditional OpenVPN configurations. |
| 28 | + - Some limitations remain, such as partial handling of HTTP2/HTTP3 traffics, but there seems not much problem of just using old HTTPS. |
32 | 29 |
|
33 | | -2. `bind9` is not needed anymore. Also, [mitmproxy now has its own way to handle DNS manipulations now](https://github.com/Kriechi/mitmproxy/blob/dns-addon/docs/src/content/overview-features.md#dns-manipulation). |
34 | 30 |
|
35 | | -2. Install [Caddy](https://caddyserver.com/docs/install) |
| 31 | +## Installations |
36 | 32 |
|
37 | | -3. Add passwords on [caddy/Caddyfile](caddy/Caddyfile) using `caddy hash-password`, move files to `/etc/caddy` |
| 33 | +### Overview |
38 | 34 |
|
39 | | -4. Install mitmproxy to latest |
40 | | -```sh |
41 | | -apt install -y python3-pyasn1 python3-flask python3-dev python3-urwid python3-pip libxml2-dev libxslt-dev libffi-dev |
42 | | -pip3 install -U mitmproxy --break-system-packages |
43 | | -mitmproxy --version |
44 | | -``` |
| 35 | +The installation process is similar to the [old gist](https://gist.github.com/stypr/abe9ef83556759847c063ae9389fa0ae), with a few key differences: |
| 36 | +- OpenVPN is no longer required. |
| 37 | +- The `bind9` dependency is removed, as [mitmproxy now handles DNS manipulations](https://github.com/Kriechi/mitmproxy/blob/dns-addon/docs/src/content/overview-features.md#dns-manipulation). |
| 38 | + |
| 39 | +1. Install WireGuard |
| 40 | + ```sh |
| 41 | + apt install -y wireguard |
| 42 | + ``` |
| 43 | + |
| 44 | +2. Install Caddy |
| 45 | + Follow instructions [here](https://caddyserver.com/docs/install). |
| 46 | + - Add passwords to the [Caddyfile](caddy/Caddyfile) using `caddy hash-password`. |
| 47 | + - Move [Caddyfile](caddy/Caddyfile) to `/etc/caddy`. |
| 48 | + |
| 49 | +3. Install mitmproxy |
| 50 | + ```sh |
| 51 | + apt install -y python3-pyasn1 python3-flask python3-dev python3-urwid python3-pip libxml2-dev libxslt-dev libffi-dev |
| 52 | + pip3 install -U mitmproxy --break-system-packages |
| 53 | + mitmproxy --version |
| 54 | + ``` |
45 | 55 |
|
46 | | -5. The script proxies through upstream [WARP](https://one.one.one.one/) by default. |
47 | | - You might want to install or make appropriate changes to the script. |
| 56 | +4. Set up WARP proxy (default) |
| 57 | + The script proxies through [WARP](https://one.one.one.one/) by default. You may need to customize the script for your needs. |
48 | 58 |
|
49 | | -6. Once everything is done, `screen ./run.sh` |
| 59 | +5. Run the Setup: |
| 60 | + Once everything is ready, use: |
| 61 | + ```sh |
| 62 | + screen ./run.sh |
| 63 | + ``` |
50 | 64 |
|
51 | 65 | #### Installing WARP on Linux |
52 | 66 |
|
|
0 commit comments