Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: Http redirect to proxy

  1. #1
    Member cr1spyj0nes's Avatar
    Join Date
    Sep 2008
    Posts
    164

    Default Http redirect to proxy

    hey i no there will be an easy answer to this but i cant work it out, im trying to redirect all traffic on a subnet through my proxy, or even port 80 traffic, im thinking ettercap but im not shaw please help me out im thinking about posting a tut about my project thanks,
    I would rather be hated for what i am,
    Then loved for what i am not.

  2. #2
    Just burned his ISO
    Join Date
    Apr 2009
    Posts
    18

    Default

    errm. this may not be what you are trying to do, but i followed this:
    wiki.squid-cache(dot)org/SquidFaq/InterceptionProxy

    when i set up a transparent squid proxy...
    Hear no evil, Speak no evil...and you'll never be invited to a party.

  3. #3
    Member cr1spyj0nes's Avatar
    Join Date
    Sep 2008
    Posts
    164

    Default

    and where you able to redirect local http requests and responces through a proxy?
    i using burp suit as my proxy,
    I would rather be hated for what i am,
    Then loved for what i am not.

  4. #4
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default

    Quote Originally Posted by cr1spyj0nes View Post
    and where you able to redirect local http requests and responces through a proxy?
    i using burp suit as my proxy,
    That method is usually used when all of the http traffic you may want to redirect to the proxy goes through a particular node. The redirection is then performed on that node for all traffic that goes through.

    Example: You have a Linux box acting as the default gateway to the Internet for your internal network, and you configure iptables on that box to redirect all traffic destined for TCP port 80 to a squid proxy running in transparent mode. The proxy will then capture all outgoing http requests, will process them, forward them on (taking any filtering rules into consideration), and the responses from the destination web site on the Internet should go back to the proxy and then be forwarded back to the original client (again taking any filtering rules into consideration).

    I was also going to suggest this to you, but I wasn't sure it was what you were after. The way this is usually set up, it wont capture all http traffic on a network, it will only capture traffic destined for certain ports (usually 80 but this can be configured using filtering rules) that is sent through a filtering host. Its possible that you may be able to work around this limitation by doing something funky with ettercap though...

    Be aware that the proxy must support transparent operation for this to work.

    Have a read of the link provided by brathadair, it has some good technical detail about how this works...

    Edit: Linkified
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

  5. #5
    Member cr1spyj0nes's Avatar
    Join Date
    Sep 2008
    Posts
    164

    Default

    iv got the proxy working right but its getting the browser to establish a connection through it thats the problem,,
    I would rather be hated for what i am,
    Then loved for what i am not.

  6. #6
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default

    Quote Originally Posted by cr1spyj0nes View Post
    iv got the proxy working right but its getting the browser to establish a connection through it thats the problem,,
    OK...

    ...

    If you want more assistance with this you might want to provide more detail about how you're trying to redirect traffic to your proxy, what you've done to troubleshoot the problem, and what the results of your troubleshooting was, etc...
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

  7. #7
    Member cr1spyj0nes's Avatar
    Join Date
    Sep 2008
    Posts
    164

    Default

    ok iv got burp suite set acting as my proxy on my macbook with ubuntu 9.04, target is backtrack 4 on my eeepc 100 HE both are connected to wireless AP wpa, on macbook ubuntu 9.04 iv try'd ettercap mitm to poison arp tables on backtrack eepc, but that didnt redirect through the proxy only through ettercap then i configured ubuntu 9.04 macbook to run all connections through the proxy and tested ubuntu browser, to see if it ran through burp and it did, then poisoned arp tables with ettercap again and still no go, also try'd arpspoof and no go there eather, im just wondering if maby ubuntu is haveing problems poisoning maby?
    I would rather be hated for what i am,
    Then loved for what i am not.

  8. #8
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default

    Quote Originally Posted by cr1spyj0nes View Post
    ok iv got burp suite set acting as my proxy on my macbook with ubuntu 9.04, target is backtrack 4 on my eeepc 100 HE both are connected to wireless AP wpa, on macbook ubuntu 9.04 iv try'd ettercap mitm to poison arp tables on backtrack eepc, but that didnt redirect through the proxy only through ettercap then i configured ubuntu 9.04 macbook to run all connections through the proxy and tested ubuntu browser, to see if it ran through burp and it did, then poisoned arp tables with ettercap again and still no go, also try'd arpspoof and no go there eather, im just wondering if maby ubuntu is haveing problems poisoning maby?
    I'm not sure I followed all of that... you probably want to try breaking messages into shorter sentences in future.

    When you were testing the redirect to the proxy (running on Ubuntu right?), did you try and capture incoming packets to confirm that the connections were indeed being correctly redirected to the proxy service? For this type of forwarding to work I believe the proxy needs to support transparent operation, and I'm not sure if Burp does. Confirming that the packets you want to forward are indeed reaching the right system may help you determine whether the issue is due to the packets not being redirected properly by Ettercap or instead due to the proxy (Burp) not being able to handle transparent operation.

    Transparent operation requires that the proxy you use needs to be able to accept traffic on its listening port that's not destined for its own IP address, and it then uses that destination IP address to determine where to forward the traffic to. This usually requires that any connection redirection should be done by setting the MAC address in the frame to be redirected to the MAC of the proxy system, or encapsulation of the traffic in a tunneling protocol. (The link above explains this)

    Maybe you should try using a squid proxy that's configured for transparent usage instead or Burp, to see if that works. Also you should make sure that the Ubuntu system is not going to drop any packets not destined for its own IP address (consider firewall rules, routing etc). I would also imagine (untested theory) that to successfully use Ettercap to do this, you will need to edit the MAC address of all interesting packets to that of your proxy host, and the TCP destination port to the one that your proxy is listening on, all while making sure that the destination IP address is not changed.
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

  9. #9
    Member cr1spyj0nes's Avatar
    Join Date
    Sep 2008
    Posts
    164

    Default

    i think its ettercap not redirection right,,
    i cant seem to poison the vic's arp tables,
    when i use chk_poison there is no poisoning at all,
    is there any other arp poisoning tools i can use?
    I would rather be hated for what i am,
    Then loved for what i am not.

  10. #10
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default

    I haven't tried it, but maybe this might work.
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •