Http redirect to proxy

[cr1spyj0nes]

hey i no there will be an easy answer to this but i cant work it out, im trying to redirect all traffic on a subnet through my proxy, or even port 80 traffic, im thinking ettercap but im not shaw please help me out im thinking about posting a tut about my project thanks,

[brathadair]

errm. this may not be what you are trying to do, but i followed this:
wiki.squid-cache(dot)org/SquidFaq/InterceptionProxy

when i set up a transparent squid proxy...

[cr1spyj0nes]

and where you able to redirect local http requests and responces through a proxy?
i using burp suit as my proxy,

[lupin]

and where you able to redirect local http requests and responces through a proxy?
i using burp suit as my proxy,

That method is usually used when all of the http traffic you may want to redirect to the proxy goes through a particular node. The redirection is then performed on that node for all traffic that goes through.

Example: You have a Linux box acting as the default gateway to the Internet for your internal network, and you configure iptables on that box to redirect all traffic destined for TCP port 80 to a squid proxy running in transparent mode. The proxy will then capture all outgoing http requests, will process them, forward them on (taking any filtering rules into consideration), and the responses from the destination web site on the Internet should go back to the proxy and then be forwarded back to the original client (again taking any filtering rules into consideration).

I was also going to suggest this to you, but I wasn't sure it was what you were after. The way this is usually set up, it wont capture all http traffic on a network, it will only capture traffic destined for certain ports (usually 80 but this can be configured using filtering rules) that is sent through a filtering host. Its possible that you may be able to work around this limitation by doing something funky with ettercap though...

Be aware that the proxy must support transparent operation for this to work.

Have a read of the link provided by brathadair, it has some good technical detail about how this works...

Edit: Linkified

[cr1spyj0nes]

iv got the proxy working right but its getting the browser to establish a connection through it thats the problem,,

[lupin]

iv got the proxy working right but its getting the browser to establish a connection through it thats the problem,,

OK...

...

If you want more assistance with this you might want to provide more detail about how you're trying to redirect traffic to your proxy, what you've done to troubleshoot the problem, and what the results of your troubleshooting was, etc...

[cr1spyj0nes]

ok iv got burp suite set acting as my proxy on my macbook with ubuntu 9.04, target is backtrack 4 on my eeepc 100 HE both are connected to wireless AP wpa, on macbook ubuntu 9.04 iv try'd ettercap mitm to poison arp tables on backtrack eepc, but that didnt redirect through the proxy only through ettercap then i configured ubuntu 9.04 macbook to run all connections through the proxy and tested ubuntu browser, to see if it ran through burp and it did, then poisoned arp tables with ettercap again and still no go, also try'd arpspoof and no go there eather, im just wondering if maby ubuntu is haveing problems poisoning maby?

[lupin]

ok iv got burp suite set acting as my proxy on my macbook with ubuntu 9.04, target is backtrack 4 on my eeepc 100 HE both are connected to wireless AP wpa, on macbook ubuntu 9.04 iv try'd ettercap mitm to poison arp tables on backtrack eepc, but that didnt redirect through the proxy only through ettercap then i configured ubuntu 9.04 macbook to run all connections through the proxy and tested ubuntu browser, to see if it ran through burp and it did, then poisoned arp tables with ettercap again and still no go, also try'd arpspoof and no go there eather, im just wondering if maby ubuntu is haveing problems poisoning maby?

I'm not sure I followed all of that... you probably want to try breaking messages into shorter sentences in future.

When you were testing the redirect to the proxy (running on Ubuntu right?), did you try and capture incoming packets to confirm that the connections were indeed being correctly redirected to the proxy service? For this type of forwarding to work I believe the proxy needs to support transparent operation, and I'm not sure if Burp does. Confirming that the packets you want to forward are indeed reaching the right system may help you determine whether the issue is due to the packets not being redirected properly by Ettercap or instead due to the proxy (Burp) not being able to handle transparent operation.

Transparent operation requires that the proxy you use needs to be able to accept traffic on its listening port that's not destined for its own IP address, and it then uses that destination IP address to determine where to forward the traffic to. This usually requires that any connection redirection should be done by setting the MAC address in the frame to be redirected to the MAC of the proxy system, or encapsulation of the traffic in a tunneling protocol. (The link above explains this)

Maybe you should try using a squid proxy that's configured for transparent usage instead or Burp, to see if that works. Also you should make sure that the Ubuntu system is not going to drop any packets not destined for its own IP address (consider firewall rules, routing etc). I would also imagine (untested theory) that to successfully use Ettercap to do this, you will need to edit the MAC address of all interesting packets to that of your proxy host, and the TCP destination port to the one that your proxy is listening on, all while making sure that the destination IP address is not changed.

[cr1spyj0nes]

i think its ettercap not redirection right,,
i cant seem to poison the vic's arp tables,
when i use chk_poison there is no poisoning at all,
is there any other arp poisoning tools i can use?

[lupin]

I haven't tried it, but maybe this might work.