diff options
| author | Thomas Kriechbaumer <thomas@kriechbaumer.name> | 2017-12-21 10:44:30 +0100 |
|---|---|---|
| committer | Thomas Kriechbaumer <thomas@kriechbaumer.name> | 2017-12-21 10:47:41 +0100 |
| commit | e1f4d17ea74beb21069beb958447bb405836227f (patch) | |
| tree | c633f88e66c5ead932b01f90a88d3dcb05740b79 /docs | |
| parent | 907ef4a02c3f37edc25f512a0714ad95cac628dd (diff) | |
| download | mitmproxy-e1f4d17ea74beb21069beb958447bb405836227f.tar.gz mitmproxy-e1f4d17ea74beb21069beb958447bb405836227f.tar.bz2 mitmproxy-e1f4d17ea74beb21069beb958447bb405836227f.zip | |
cleanup transparent linux docs
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/transparent/linux.rst | 34 |
1 files changed, 8 insertions, 26 deletions
diff --git a/docs/transparent/linux.rst b/docs/transparent/linux.rst index d1804d46..ab3fd707 100644 --- a/docs/transparent/linux.rst +++ b/docs/transparent/linux.rst @@ -12,15 +12,15 @@ achieve transparent mode. >>> sysctl -w net.ipv4.ip_forward=1 - You may also want to consider enabling this permanently in ``/etc/sysctl.conf``. + You may also want to consider enabling this permanently in ``/etc/sysctl.conf`` or newly created ``/etc/sysctl.d/mitmproxy.conf``, see `here <https://superuser.com/a/625852>`__. 3. If your target machine is on the same physical network and you configured it to use a custom gateway, disable ICMP redirects: - >>> echo 0 | sudo tee /proc/sys/net/ipv4/conf/*/send_redirects + >>> sysctl -w net.ipv4.conf.all.accept_redirects=0 + >>> sysctl -w net.ipv4.conf.all.send_redirects=0 - You may also want to consider enabling this permanently in ``/etc/sysctl.conf`` - as demonstrated `here <https://unix.stackexchange.com/a/58081>`_. + You may also want to consider enabling this permanently in ``/etc/sysctl.conf`` or a newly created ``/etc/sysctl.d/mitmproxy.conf``, see `here <https://superuser.com/a/625852>`__. 4. Create an iptables ruleset that redirects the desired traffic to the mitmproxy port. Details will differ according to your setup, but the @@ -29,8 +29,10 @@ achieve transparent mode. .. code-block:: none iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080 - iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 443 -j REDIRECT --to-port 8080 - + iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 443 -j REDIRECT --to-port 8080 + + You may also want to consider enabling this permanently with the ``iptables-persistent`` package, see `here <http://www.microhowto.info/howto/make_the_configuration_of_iptables_persistent_on_debian.html>`__. + 5. Fire up mitmproxy. You probably want a command like this: >>> mitmproxy -T --host @@ -43,23 +45,3 @@ achieve transparent mode. For a detailed walkthrough, have a look at the :ref:`transparent-dhcp` tutorial. - -Debain -====== - -To make the changes permanent on on Debian (inc ubuntu and raspbian) -systems: - - 1. Write the sysctl changes to a new config file at (for example) /etc/sysctl.d/mitm.conf - - .. code-block:: none - - net.ipv4.ip_forward = 1 - net.ipv4.conf.all.accept_redirects = 0 - net.ipv4.conf.all.send_redirects = 0 - - If your system doesn't have a directory /etc/sysctl.d you can instead add the rule to the end of /etc/sysctl.conf - - 2. To make iptables changes persistent, install the package iptables-persistent: - - >>> sudo apt-get install iptables-persistent |