From 92966e7c48c754189b0578fc5202dd1d57d1dd7a Mon Sep 17 00:00:00 2001 From: Maximilian Hils Date: Tue, 14 Jan 2014 17:47:33 +0100 Subject: add tutorial for transparent proxying, other minor docs improvements --- doc-src/02-docstyle.css | 4 ++ doc-src/_layout.html | 5 +- doc-src/index.py | 15 +++--- doc-src/transparent/linux.html | 3 ++ doc-src/tutorials/index.py | 3 +- doc-src/tutorials/transparent-dhcp.html | 54 +++++++++++++++++++++ doc-src/tutorials/transparent-dhcp/step1_proxy.png | Bin 0 -> 246413 bytes .../tutorials/transparent-dhcp/step1_vbox_eth0.png | Bin 0 -> 28237 bytes .../tutorials/transparent-dhcp/step1_vbox_eth1.png | Bin 0 -> 28765 bytes .../transparent-dhcp/step2_proxied_vm.png | Bin 0 -> 36775 bytes 10 files changed, 75 insertions(+), 9 deletions(-) create mode 100644 doc-src/tutorials/transparent-dhcp.html create mode 100644 doc-src/tutorials/transparent-dhcp/step1_proxy.png create mode 100644 doc-src/tutorials/transparent-dhcp/step1_vbox_eth0.png create mode 100644 doc-src/tutorials/transparent-dhcp/step1_vbox_eth1.png create mode 100644 doc-src/tutorials/transparent-dhcp/step2_proxied_vm.png (limited to 'doc-src') diff --git a/doc-src/02-docstyle.css b/doc-src/02-docstyle.css index 9b8a8edc..8e07434b 100644 --- a/doc-src/02-docstyle.css +++ b/doc-src/02-docstyle.css @@ -10,3 +10,7 @@ body { .nowrap { white-space: nowrap; } + +h1 { + line-height: 1.1; +} \ No newline at end of file diff --git a/doc-src/_layout.html b/doc-src/_layout.html index 72b27cd3..836a3e9d 100644 --- a/doc-src/_layout.html +++ b/doc-src/_layout.html @@ -6,7 +6,7 @@ - mitmproxy 0.9 docs + mitmproxy $!VERSION!$ docs @@ -51,9 +51,10 @@ $!nav("transparent/linux.html", this, state)!$ $!nav("transparent/osx.html", this, state)!$ -
  • Tutorials
    • +
  • Tutorials
    • $!nav("tutorials/30second.html", this, state)!$ $!nav("tutorials/gamecenter.html", this, state)!$ + $!nav("tutorials/transparent-dhcp.html", this, state)!$
  • Scripting mitmproxy
    • $!nav("scripting/inlinescripts.html", this, state)!$ diff --git a/doc-src/index.py b/doc-src/index.py index 3333a1b9..e62c1709 100644 --- a/doc-src/index.py +++ b/doc-src/index.py @@ -1,11 +1,12 @@ -import os, sys +import os, sys, datetime import countershape from countershape import Page, Directory, PythonModule, markup, model import countershape.template sys.path.insert(0, "..") -from libmproxy import filt +from libmproxy import filt, version -MITMPROXY_SRC = "~/mitmproxy/mitmproxy" +MITMPROXY_SRC = os.path.abspath("..") +ns.VERSION = version.VERSION if ns.options.website: ns.idxpath = "doc/index.html" @@ -16,18 +17,20 @@ else: ns.title = countershape.template.Template(None, "

    @!this.title!@

    ") -this.titlePrefix = "mitmproxy 0.10 - " +this.titlePrefix = "%s - " % version.NAMEVERSION this.markup = markup.Markdown(extras=["footnotes"]) ns.docMaintainer = "Aldo Cortesi" ns.docMaintainerEmail = "aldo@corte.si" -ns.copyright = u"\u00a9 mitmproxy project, 2013" +ns.copyright = u"\u00a9 mitmproxy project, %s" % datetime.date.today().year def mpath(p): p = os.path.join(MITMPROXY_SRC, p) return os.path.expanduser(p) -ns.index_contents = file(mpath("README.mkd")).read() +with open(mpath("README.mkd")) as f: + readme = f.read() + ns.index_contents = readme.split("\n", 1)[1] #remove first line (contains build status) def example(s): d = file(mpath(s)).read().rstrip() diff --git a/doc-src/transparent/linux.html b/doc-src/transparent/linux.html index 41840c75..d07155aa 100644 --- a/doc-src/transparent/linux.html +++ b/doc-src/transparent/linux.html @@ -38,3 +38,6 @@ iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 443 -j REDIRECT --to-port 8 running as the default gateway. + + +For a detailed walkthrough, have a look at the Transparently proxify virtual machines tutorial. diff --git a/doc-src/tutorials/index.py b/doc-src/tutorials/index.py index 22cc2b7f..1cb04679 100644 --- a/doc-src/tutorials/index.py +++ b/doc-src/tutorials/index.py @@ -3,4 +3,5 @@ from countershape import Page pages = [ Page("30second.html", "Client playback: a 30 second example"), Page("gamecenter.html", "Setting highscores on Apple's GameCenter"), -] + Page("transparent-dhcp.html", "Transparently proxify virtual machines") +] \ No newline at end of file diff --git a/doc-src/tutorials/transparent-dhcp.html b/doc-src/tutorials/transparent-dhcp.html new file mode 100644 index 00000000..e0148afa --- /dev/null +++ b/doc-src/tutorials/transparent-dhcp.html @@ -0,0 +1,54 @@ +This walkthrough illustrates how to set up transparent proxying with mitmproxy. We use VirtualBox VMs with an Ubuntu proxy machine in this example, but the general principle can be applied to other setups. + +1. **Configure VirtualBox Network Adapters for the proxy machine** + The network setup is simple: `internet <--> proxy vm <--> (virtual) internal network`. + For the proxy machine, *eth0* represents the outgoing network. *eth1* is connected to the internal network that will be proxified, using a static ip (192.168.3.1). +
    VirtualBox configuration: +

    + +
    Proxy VM: + +
    +2. **Configure DHCP and DNS** + We use dnsmasq to provide DHCP and DNS in our internal network. + Dnsmasq is a lightweight server designed to provide DNS (and optionally DHCP and TFTP) services to a small-scale + network. + + - Before we get to that, we need to fix some Ubuntu quirks: + **Ubuntu >12.04** runs an internal dnsmasq instance (listening on loopback only) by default + [1]. For our use case, this needs to be + disabled by changing
    `dns=dnsmasq` to `#dns=dnsmasq` in */etc/NetworkManager/NetworkManager.conf* + and running `sudo restart network-manager` afterwards. + - Now, dnsmasq can be be installed and configured: + `sudo apt-get install dnsmasq` + Replace */etc/dnsmasq.conf* with the following configuration: + 
    \# Listen for DNS requests on the internal network
+        interface=eth1
+        \# Act as a DHCP server, assign IP addresses to clients
+        dhcp-range=192.168.3.10,192.168.3.100,96h
+        \# Broadcast gateway and dns server information
+        dhcp-option=option:router,192.168.3.1
+        dhcp-option=option:dns-server,192.168.3.1
+
    + Apply changes: + `sudo service dnsmasq restart` +
    + Your proxied machine's network settings should now look similar to this: + +
    + +3. **Set up traffic redirection to mitmproxy** + To redirect traffic to mitmproxy, we need to add two iptables rules: + 
    +    iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 \
+        -j REDIRECT --to-port 8080
+    iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 443 \
+        -j REDIRECT --to-port 8080
+
    + +4. If required, install the mitmproxy + certificates on the test device. + +5. Finally, we can run mitmproxy -T. + The proxied machine cannot to leak any data outside of HTTP or DNS requests. + diff --git a/doc-src/tutorials/transparent-dhcp/step1_proxy.png b/doc-src/tutorials/transparent-dhcp/step1_proxy.png new file mode 100644 index 00000000..a0c94484 Binary files /dev/null and b/doc-src/tutorials/transparent-dhcp/step1_proxy.png differ diff --git a/doc-src/tutorials/transparent-dhcp/step1_vbox_eth0.png b/doc-src/tutorials/transparent-dhcp/step1_vbox_eth0.png new file mode 100644 index 00000000..4b7b4e9b Binary files /dev/null and b/doc-src/tutorials/transparent-dhcp/step1_vbox_eth0.png differ diff --git a/doc-src/tutorials/transparent-dhcp/step1_vbox_eth1.png b/doc-src/tutorials/transparent-dhcp/step1_vbox_eth1.png new file mode 100644 index 00000000..b994d4cb Binary files /dev/null and b/doc-src/tutorials/transparent-dhcp/step1_vbox_eth1.png differ diff --git a/doc-src/tutorials/transparent-dhcp/step2_proxied_vm.png b/doc-src/tutorials/transparent-dhcp/step2_proxied_vm.png new file mode 100644 index 00000000..2046cc57 Binary files /dev/null and b/doc-src/tutorials/transparent-dhcp/step2_proxied_vm.png differ -- cgit v1.2.3