diff options
Diffstat (limited to 'docs/tutorials/transparent-dhcp.rst')
| -rw-r--r-- | docs/tutorials/transparent-dhcp.rst | 101 |
1 files changed, 0 insertions, 101 deletions
diff --git a/docs/tutorials/transparent-dhcp.rst b/docs/tutorials/transparent-dhcp.rst deleted file mode 100644 index d993707d..00000000 --- a/docs/tutorials/transparent-dhcp.rst +++ /dev/null @@ -1,101 +0,0 @@ -.. _transparent-dhcp: - -Transparently proxify virtual machines -====================================== - -This walkthrough illustrates how to set up transparent proxying with mitmproxy. -We use VirtualBox VMs with an Ubuntu proxy machine in this example, -but the general *Internet <--> Proxy VM <--> (Virtual) Internal Network* setup can be applied to -other setups. - -1. Configure Proxy VM ---------------------- - -On the proxy machine, **eth0** is connected to the internet. **eth1** is connected to the internal -network that will be proxified and configured to use a static ip (192.168.3.1). - -VirtualBox configuration -^^^^^^^^^^^^^^^^^^^^^^^^ - -.. image:: transparent-dhcp/step1_vbox_eth0.png - -.. image:: transparent-dhcp/step1_vbox_eth1.png - -VM Network Configuration -^^^^^^^^^^^^^^^^^^^^^^^^ - -.. image:: transparent-dhcp/step1_proxy.png - :align: center - -2. Configure DHCP and DNS -------------------------- - -We use dnsmasq to provide DHCP and DNS in our internal network. -Dnsmasq is a lightweight server designed to provide DNS (and optionally -DHCP and TFTP) services to a small-scale network. - -- Before we get to that, we need to fix some Ubuntu quirks: - **Ubuntu >12.04** runs an internal dnsmasq instance (listening on loopback only) by default - `[1] <https://www.stgraber.org/2012/02/24/dns-in-ubuntu-12-04/>`_. For our use case, this needs - to be disabled by changing ``dns=dnsmasq`` to ``#dns=dnsmasq`` in - **/etc/NetworkManager/NetworkManager.conf** and - - if on Ubuntu 16.04 or newer running: - - >>> sudo systemctl restart NetworkManager - - if on Ubuntu 12.04 or 14.04 running: - - >>> sudo restart network-manager - - afterwards. -- Now, dnsmasq can be be installed and configured: - - >>> sudo apt-get install dnsmasq - - Replace **/etc/dnsmasq.conf** with the following configuration: - - .. code-block:: none - - # Listen for DNS requests on the internal network - interface=eth1 - # Act as a DHCP server, assign IP addresses to clients - dhcp-range=192.168.3.10,192.168.3.100,96h - # Broadcast gateway and dns server information - dhcp-option=option:router,192.168.3.1 - dhcp-option=option:dns-server,192.168.3.1 - - Apply changes: - - if on Ubuntu 16.04 or newer: - - >>> sudo systemctl restart dnsmasq - - if on Ubuntu 12.04 or 14.04: - - >>> sudo service dnsmasq restart - - Your **proxied machine** in the internal virtual network should now receive an IP address via DHCP: - - .. image:: transparent-dhcp/step2_proxied_vm.png - -3. Redirect traffic to mitmproxy ------------------------------------------- - -To redirect traffic to mitmproxy, we need to add two iptables rules: - -.. code-block:: none - - sudo iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 8080 - sudo iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 443 -j REDIRECT --to-port 8080 - -4. Run mitmproxy ----------------- - -Finally, we can run mitmproxy in transparent mode with - ->>> mitmproxy -T - -The proxied machine cannot to leak any data outside of HTTP or DNS requests. -If required, you can now :ref:`install the mitmproxy certificates on the proxied machine -<certinstall>`. |