glider Posted December 1, 2010 Share Posted December 1, 2010 Hello, I'd like to ask if it is possibole to make a SOCKS proxy to receive any connection made by one of the Jassager's wireless clients. I'm interested in writing a security proxy that inspects all TCP sessions (security man in the middle), So far, i have not found any hints about previous work and iptables seems too raw (it routes a specific session and looses the information about where it originally wanted to go). help is much appreciated. Glider Quote Link to comment Share on other sites More sharing options...
digininja Posted December 3, 2010 Share Posted December 3, 2010 What are you trying to achieve? This doesn't sound like a tool that would work with Jasager rather one that should be on a bare OpenWrt install, purely to make your life easier. Quote Link to comment Share on other sites More sharing options...
glider Posted December 3, 2010 Author Share Posted December 3, 2010 (edited) What are you trying to achieve? This doesn't sound like a tool that would work with Jasager rather one that should be on a bare OpenWrt install, purely to make your life easier. I'm simply trying to better utilize the Jasager as a "man in the middle". It seems to me that the Jasager can do some very primitive "man in the middle tasks" and I was more hoping to master the TCP session which is being created by a network node on it's way to the destination (any port, any destination ip). If there is a way to master the TCP session (serve the client and open a new connection to the target), one could embed new content in client's web pages, solicit for installing root certificates on the client and eventually elevate to be SSL/TLS man in the middle. the best way of mastering all TCP sessions is to (somehow) wrap all client outgoing connections for a standard SOCKS or HTTP proxy (without a client ever noticing) and tweaking the proxy code (external to Jasager) to do various tasks, weather malicious or positive (virus scanning, parental monitoring, commercial embedding, etc). if any idea comes to mind about how to demonstrate that, this will save me a great time. thanks Glider Edited December 3, 2010 by glider Quote Link to comment Share on other sites More sharing options...
digininja Posted December 3, 2010 Share Posted December 3, 2010 Modify the default route so it goes through a PC with some power and do all that kind of thing on there. I'd go for transparent web proxy, sslstrip and stuff like that. You can also run things like that on the Fon using iptables to redirect traffic but it isn't really powerful enough to do anything that requires heavy lifting. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.