How To Run A MITM Proxy

How To Run A MITM Proxy - a simple way to simulate man in the middle attack
When you want to record a HTTP conversation you can use a MITM (Man In The Middle) Proxy.

I was trying to record a replay a HTTP request for one of my projects and stumbled across the MITMProxy project. The tools is really powerful however documentation is not detailed so after some research on web I realized that I need to try on my own.

It took me a day to figure out, I hope to be able to save your time by this article.

This tutorial is focused mainly for beginners like me. I have created a simple tutorial to run a proxy on your local machine that can record and replay HTTP request on a HTTP server. I have taken tomcat manager app as the example.

This can also be treated as a sample MITM attack demonstration since I am recording the tomcat manager login session and then able to replay it to get execute more requests as tomcat manager account without client initiating any requests.

What Is Man In The Middle (MITM) Attack

Man in the middle attack is a type of communication hacking attack where an attacker can modify the information between client and server.

For example just imagine you are logged into your bank account and want to transfer money from your account to a friends account. If a hacker having access to communication channel suing MITM attack is able to modify the information in your transfer request and change the friends account number to someone else. This way you may not realize that the money was transferred to someone else.

What is mitmproxy Project

This is a command line utility that can intercept the traffic flows and record it to be replayed later. For more details visit project website - mitmproxy project

How A Man In The Middle (MITM) Attack Is Performed

MITM attack requires an attacker to have control over the communication channel. A common scenario could be a internet cafe that has all the traffic going through a proxy. A proxy server can see the traffic between client and server and may modify it. In case when a hacker has control of the proxy, it can be really easy for them to intercept a non encrypted traffic and see all the information. This is main reason why HTTP is not considered secure since it sends data in plain text and any proxy in between can see the plain text traffic.

How To Avoid Man In The Middle (MITM) Attack ?

MITM attack can be easily avoided (or at least made very difficult to perform) by using HTTPS connection between client and server.

How To Simulate A Man In The Middle (MITM) Attack Using MITM Proxy

Below are the steps to perform a MITM attack using MITM proxy tool. Real MITM attack may involve much more complex steps, however we have avoided it to keep the tutorial simple.

Running A Reverse Proxy To Record Tomcat Requests

Below command should run a reverse proxy on port 8081 and record any request sent to port 8081

mitmdump -w tomcat-mgr-login.dump -d --keepserving --anticache -p 8081 -R http://localhost:8080 &

Understanding The Options In This Command

  • -w
    This option tells the tool to record and write into a file called “tomcat-mgr-login.dump"
  • -d
    This option will enable tool to show more details
  • —keepserving
    This option will keep the mitmdump reverse proxy running. Otherwise your proxy will stop after one request.
  • --anticache
    This option will ensure to avoid any web server level caching.
  • -p
    Tells the port at which the reverse proxy needs to listen to client request.
  • -R
    This option tells mitmdump tool to run in Reverse proxy mode. The host:port details are used to forward traffic from the port specified in -p option.
  • &
    This is a unix way to run process in background, not specific to this tool.

Start Tomcat Server

Start tomcat on your machine, make sure its running on port 8080

You can check it by going to browser on this url http://localhost:8080

Configure Tomcat Manager Password

Go to tomcat_home/conf/tomcat-users.xml and un comment these lines.

Make sure the change the roles value to manager-gui for tomcat user.

<role rolename="tomcat"/>
<role rolename="role1"/>
<user username="tomcat" password="tomcat" roles="manager-gui"/>
<user username="both" password="tomcat" roles="tomcat,role1"/>
<user username="role1" password="tomcat" roles="role1"/>

Lets Start Recording

  • Now point your browser to localhost:8081
  • Make sure to use the proxy port 8081, not tomcat default port. This is the main trick that enables proxy to be able to record.
  • Visit the tomcat manger app.
  • Login to tomcat manager app.
  • The mitmdump should record it in the tomcat.dump file

Sample Output GET http://localhost:8080/
Host: localhost:8081
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us
Connection: keep-alive
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/600.6.3 (KHTML, like Gecko) Version/8.0.6 Safari/600.6.3

<< 200 OK 11.16kB Server: Apache-Coyote/1.1 Content-Type: text/html;charset=ISO-8859-1 Transfer-Encoding: chunked Date: Fri, 05 Jun 2015 23:44:56 GMT

How To Stop Mitmdump Process

To stop the mitmdump process follow below steps.

  • find the mitmdump process using ps command

    ps -aef | grep “mitmdump"
  • you will see two process ids. I prefer doing kill -9 on both

    kill -9 pid1 pid2

How To Replay The Recorded Request

Now open a new shell and run following command to replay the recorded actions.

mitmdump -c tomcat.dump -n --replay-ignore-host

This should show you below output. GET http://localhost:8080/
<< 200 OK 11.16kB GET http://localhost:8080/manager/html << 200 OK 19.11kB

Learn More Mitmdump Commands

Doing more learning on mitmdump tool, use below command to see the help options.

mitmdup -h

Help Manual In PDF Downloadable Format

I have also exported the command output to a PDF file for convenient reading.


Web 1438055291112024647

Post a Comment Default Comments