Last active
December 7, 2024 16:18
-
-
Save ninlith/33d90e47f78b09c20a39fa8ae97cb3fa to your computer and use it in GitHub Desktop.
Revisions
-
ninlith revised this gist
Feb 12, 2021 . 1 changed file with 9 additions and 5 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -23,6 +23,14 @@ prior_sysctl_values=$(/sbin/sysctl \ net.ipv4.ip_forward \ net.ipv6.conf.all.forwarding \ net.ipv4.conf.all.send_redirects) cleanup () { sudo nft delete table ip mitm_ipv4 sudo nft delete table ip6 mitm_ipv6 echo "$prior_sysctl_values" | sudo sysctl -qw --load - exit } trap cleanup EXIT sudo sysctl -qw net.ipv4.ip_forward=1 sudo sysctl -qw net.ipv6.conf.all.forwarding=1 sudo sysctl -qw net.ipv4.conf.all.send_redirects=0 @@ -38,8 +46,4 @@ sudo nft add chain ip6 mitm_ipv6 c { type nat hook output priority 0 \; } sudo nft add rule ip6 mitm_ipv6 c skuid != mitmproxyuser tcp dport \ {http, https} counter redirect to :8080 sudo -u mitmproxyuser $command -
Feb 11, 2021 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,45 @@ #!/usr/bin/env bash # -*- indent-tabs-mode: nil; tab-width: 4 -*- command=${@:-"mitmproxy --mode transparent --showhost --set block_global=false"} if [ ! -f "/etc/ssl/certs/mitmproxyuser.pem" ]; then sudo apt --yes install inotify-tools mitmproxy nftables sudo useradd --create-home mitmproxyuser grep --max-count 1 "mitmproxy-ca-cert.pem" < <( \ sudo inotifywait -mrq -e close_write --format "%f" \ /home/mitmproxyuser) & grep_pid=$! # --include in inotifywait 3.20.1 sudo -u mitmproxyuser mitmdump --no-server & mitmdump_pid=$! wait $grep_pid && sudo kill -INT $mitmdump_pid sudo mkdir /usr/share/ca-certificates/extra/ sudo openssl x509 -in /home/mitmproxyuser/.mitmproxy/mitmproxy-ca-cert.pem \ -inform PEM -out /usr/share/ca-certificates/extra/mitmproxyuser.crt sudo sh -c 'echo "extra/mitmproxyuser.crt" >> /etc/ca-certificates.conf' sudo update-ca-certificates sudo systemctl enable --now nftables.service fi prior_sysctl_values=$(/sbin/sysctl \ net.ipv4.ip_forward \ net.ipv6.conf.all.forwarding \ net.ipv4.conf.all.send_redirects) sudo sysctl -qw net.ipv4.ip_forward=1 sudo sysctl -qw net.ipv6.conf.all.forwarding=1 sudo sysctl -qw net.ipv4.conf.all.send_redirects=0 # "No matter what the documentation says, it appears that NAT statements can't # be in an "inet" table." https://bugzilla.netfilter.org/show_bug.cgi?id=1173 sudo nft add table ip mitm_ipv4 sudo nft add chain ip mitm_ipv4 c { type nat hook output priority 0 \; } sudo nft add rule ip mitm_ipv4 c skuid != mitmproxyuser tcp dport \ {http, https} counter redirect to :8080 sudo nft add table ip6 mitm_ipv6 sudo nft add chain ip6 mitm_ipv6 c { type nat hook output priority 0 \; } sudo nft add rule ip6 mitm_ipv6 c skuid != mitmproxyuser tcp dport \ {http, https} counter redirect to :8080 sudo -u mitmproxyuser $command sudo nft delete table ip mitm_ipv4 sudo nft delete table ip6 mitm_ipv6 echo "$prior_sysctl_values" | sudo sysctl -qw --load -