Search Here

Friday, 5 August 2016

How to run a man in the middle attack proxy

In this article we are going to know how to run a man in the middle proxy to record the conversation between the client and the server.
Here is a simple tutorial that will help you rum proxy on your local machine which can record the HTTP requests between the client and the server.
Take a software like TOMCAT manager.which can also be treated as the man in the middle attack in the below tutorial we also demonstrate a basic man in the middle attack.

What is the man in the middle attack

Man in the middle attack is a kinda communication where the middle man gets to modify the data between the client and the server
Take an example you have logged into your NETFLIX account and you want to pay your monthly subscription for the game of thrones if the hacker gets access to the data in the network he will modify the data to get you subscribe to silicon valley premier.

What is mitmproxy Project

This is a command line utility that can intercept the traffic flows and record it to be replayed later. For more details visit project website – mitmproxy project

How the MITM is performed

Well it requires the hacker to take control over the communication channel scenario, Consider an internet cafe where all the traffic goes through a proxy which many computers have access to proxy port there the hacker modifies the data passing if we use the HTTP there is no encryption present in the text hence the data is transferred in the plain text which can be changed to the hacker’s wish.

How To Simulate A Man In The Middle (MITM) Attack Using MITM Proxy

Below are the steps to perform a MITM attack using MITM proxy tool. Real MITM attack may involve much more complex steps, however we have avoided it to keep the tutorial simple.

Running A Reverse Proxy To Record Tomcat Requests

Below command should run a reverse proxy on port 8081 and record any request sent to port 8081
mitmdump -w tomcat-mgr-login.dump -d --keepserving --anticache -p 8081 -R http://localhost:8080 &

Understanding The Options In This Command

  • -w
    This option tells the tool to record and write into a file called “tomcat-mgr-login.dump”
  • -d
    This option will enable tool to show more details
  • —keepserving
    This option will keep the mitmdump reverse proxy running. Otherwise your proxy will stop after one request.
  • –anticache
    This option will ensure to avoid any web server level caching.
  • -p
    Tells the port at which the reverse proxy needs to listen to client request.
  • -R
    This option tells mitmdump tool to run in Reverse proxy mode. The host:port details are used to forward traffic from the port specified in -p option.
  • &
    This is a unix way to run process in background, not specific to this tool.

Start Tomcat Server

Start tomcat on your machine, make sure its running on port 8080
You can check it by going to browser on this url http://localhost:8080

Configure Tomcat Manager Password

Go to tomcat_home/conf/tomcat-users.xml and un comment these lines.
Make sure the change the roles value to manager-gui for tomcat user.

<role rolename="tomcat"/>
<role rolename="role1"/>
<user username="tomcat" password="tomcat" roles="manager-gui"/>
<user username="both" password="tomcat" roles="tomcat,role1"/>
<user username="role1" password="tomcat" roles="role1"/>

Lets Start Recording

  • Now point your browser to localhost:8081
  • Make sure to use the proxy port 8081, not tomcat default port. This is the main trick that enables proxy to be able to record.
  • Visit the tomcat manger app.
  • Login to tomcat manager app.
  • The mitmdump should record it in the tomcat.dump file

Sample Output GET http://localhost:8080/
Host: localhost:8081
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us
Connection: keep-alive
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/600.6.3 (KHTML, like Gecko) Version/8.0.6 Safari/600.6.3

<< 200 OK 11.16kB Server: Apache-Coyote/1.1 Content-Type: text/html;charset=ISO-8859-1 Transfer-Encoding: chunked Date: Fri, 05 Jun 2015 23:44:56 GMT

How To Stop Mitmdump Process

To stop the mitmdump process follow below steps.
  • find the mitmdump process using ps command ps -aef | grep “mitmdump"
  • you will see two process ids. I prefer doing kill -9 on both kill -9 pid1 pid2

How To Replay The Recorded Request

Now open a new shell and run following command to replay the recorded actions.
mitmdump -c tomcat.dump -n --replay-ignore-host
This should show you below output. GET http://localhost:8080/
<< 200 OK 11.16kB GET http://localhost:8080/manager/html << 200 OK 19.11kB

Learn More Mitmdump Commands

Doing more learning on mitmdump tool, use below command to see the help options.
mitmdup -h
Take your time to comment on this article.

Also See :- Learn How Elliot From Mr. Robot Hacked Into His Therapist's New Boyfriend's Email & Bank Account (Using Metasploit)
Also See :- How To Install Linux On Your Android Without Rooting