Ssl Decrypting Proxy For Pineapple

[Karit]

Hi,

Are there any SSL decrypting Man in the Middle proxies fro the Pineapple? I am looking for something like The Burp Proxy. There is sslstrip but doesn't work for things that won't follow redirects and only do things over SSL like some Android Apps. Just the decrypting aspect would be a great start even if there wasn't the MitM tampering.

Thanks

[Karit]

Failing that does anyone know with ICS how to force all traffic through a proxy that will do SSL decryption and Man in the Middle? I normally use Backtrack as ICS OS.

Thanks

[gsuberland]

You could take a look at sslsniff, which seems to do exactly what you want. Might need some configuring to get it working on the Pineapple though.

[Sebkinne]

You could take a look at sslsniff, which seems to do exactly what you want. Might need some configuring to get it working on the Pineapple though.

# opkg instsall sslsniff

Failing that does anyone know with ICS how to force all traffic through a proxy that will do SSL decryption and Man in the Middle? I normally use Backtrack as ICS OS.

Thanks

IP tables will do the trick for you.

[Karit]

You could take a look at sslsniff, which seems to do exactly what you want. Might need some configuring to get it working on the Pineapple though.

I have had a look at sslsniff and it appears to just redirect requests to an http version and requires the user to be on http first as just changes links and redirects to be http rather than https. What I am trying to test are Andriod apps that are https only and don't respect the Andriod proxy settings, so just trying to get a shim inbetween and the internet. Yes the app's handling of bogus SSL certs is one of the things I am investigating here along with the server side of the application as well.

[Karit]

IP tables will do the trick for you.

Thanks cool, it will be my next weekend task then was hoping there was something a little simplier :( (though need to have some challenges right?) Though if I get it working I will post the info here.

[Sebkinne]

Thanks cool, it will be my next weekend task then was hoping there was something a little simplier :( (though need to have some challenges right?) Though if I get it working I will post the info here.

IPtables isn't that bad. If I wasn't on my phone right now I would point you in the right direction. Will update later.

[Karit]

Hi Sebkinne you are right iptables aren't too bad. This post told me what I needed to do http://serverfault.com/questions/211536/iptables-port-redirect-not-working-for-localhost

On to the helping future people.

I am needing to test an app on an Android phone and want to direct it through the Burp Proxy. It is HTTPS only with no HTTP start or HTTP fallback so SSL Strip wouldn't help in this situation. It also doesn't follow Andriod's "global" proxy.

1. On Backtrack download Burp from http://www.portswigger.net/burp/download.html
   
2. Unzip and run it with java -jar burpsuite,jar
   
3. Set up burp to listen on 8080 and listening on all interfaces
   
4. Plug in the cables and pineapple and internet
   
5. Run wp4.sh http://wifipineapple.com/wp4.sh
   
6. the interface linked with the pineapple is eth1 and I always need to ifconfig eth1 172.16.42.42 up
   
7. Connect my phone to the pineapple
   
8. Ensure that the app is working as expected
   
9. iptables -t nat -I PREROUTING -p tcp --dport 443 -j REDIRECT --to-ports 8080
   
10. iptables -t nat -I OUTPUT -p tcp -d 127.0.0.1 --dport 443 -j REDIRECT --to-ports 8080
    
11. Run your app and you will see it going through burp. You will see a cert error because it is using Burp's cert rather than the real cert
    

Thanks for the iptables pointer, hopefully this is helpful feel free to ask a questions if want to know more or if I have missed something.

[Karit]

Wrote this up in the blog post with some more of the why I am doing it as well

http://blog.karit.geek.nz/2012/11/testing-android-apps-for-ones-doing-ssl.html