crepsidro Posted September 14, 2013 Share Posted September 14, 2013 Hello peeps. I am wondering, how hard it would be to make infusion out of amazing http://mitmproxy.org/ ? Also, pointers on how to install it manually will be greatly appreciated. There's so many ssl-capable mitm proxy software out now (mitmproxy, sslsniff, burp proxy) and none is available for pineapple, otherwise fine pentesting device?! Sure there's schemes, where pineapple is used to karma clients to it, and route the traffic to the notebook. But just imagine ssl logging proxy on the pineapple connected to 3g/phone/ethernet/wlan1?! Thanks! Quote Link to comment Share on other sites More sharing options...
crepsidro Posted September 14, 2013 Author Share Posted September 14, 2013 Actually did some research. I'm on 2.8.1. With mitm infusion installed, i get mitmproxy (fails to start) and mitmdump 0.8.1. mitmdump seems to work, BUT it fails to proxy plain http requests - it treats all requests as https, thus breaking functionality. I tryed updating mitmdump to current version, but that broke it, 0.9 fails to start. Please, some help here on how to install the new version? And i tryed opkg install sslsniff. Sslsniff --help produces help, BUT when i try to use it = segmentation fault. I just want a decent http/https logging proxy running on pineapple. Thanks Quote Link to comment Share on other sites More sharing options...
Foxtrot Posted September 14, 2013 Share Posted September 14, 2013 You can get SSLSniff on the pineapple... as for an infusion, their is none. Why not make one? Quote Link to comment Share on other sites More sharing options...
crepsidro Posted September 14, 2013 Author Share Posted September 14, 2013 (edited) As i said, sslsniff package loads, but produces segmentation fault upon launch in 'work' mode. I have 2gb swap, all processes stopped, but still get seg.fault. Hoping for pros to investigate. Just imagine smoothly running sslsniff?! Why focus on completely obsolete sslstrip? Edited September 14, 2013 by crepsidro Quote Link to comment Share on other sites More sharing options...
Whistle Master Posted September 14, 2013 Share Posted September 14, 2013 The MITM infusion is indeed already using mitmdump but I haven't port it to firmware 3.0 yet. I remember that I tried to install mitmproxy on 2.8.X but had some difficulties except for mitmdump so that's why I developed the infusion. Quote Link to comment Share on other sites More sharing options...
crepsidro Posted September 14, 2013 Author Share Posted September 14, 2013 Ok, thanks for info. Any tips on getting sslsniff to work? Quote Link to comment Share on other sites More sharing options...
crepsidro Posted September 16, 2013 Author Share Posted September 16, 2013 Ok, i did some research and disappointed with results... I tried flashing to 3.0 and installing sslsniff (openwrt version, which is waaay obsolete). Still get seg.fault upon running. Got back to 2.8.1 and still wondering about possibility of having autonomous ssl sniffing proxy (NOT sslstrip, which is useless for most modern sites). Still cannot properly invoke mitmdump (from mitm infusion) to catch and reroute both HTTP and HTTPS traffic TO it. It takes HTTPS traffic and mitms it, but still cannot get plain HTTP proxied to the mitmdump. If i hard-set proxy address in 'victim browser' i DO get somewhat reliable ssl pass-thru decoding proxy (yes, i get wrong cert dialogs, but that's acceptable for pentesting). Can anyone help me with proper iptables commands to route, say, all 80 and 443 traffic to port say 9999 on the pineapple? Say, i use 3g-wan2 interface OR/AND eth1 interface to get internet to the pineapple. Thanks. Guys, i mean, why still no working ssl proxy on the device? Just imagine how cool and almost 100% transparent it can be. PS. any progress on getting last (not ancient) sslstrip working? Thanks Quote Link to comment Share on other sites More sharing options...
crepsidro Posted September 17, 2013 Author Share Posted September 17, 2013 Yup, urwid fails due to absence of compiler. I edited setup.py for urwid to comment out ext.module requirement, it went thru setup. I also had to do the same for PIL and lxml... Thing is, lxml fails to compile and i get error Traceback (most recent call last): File "/usb/usr/bin/mitmdump", line 4, in <module> from libmproxy import proxy, dump, cmdline, version, console File "/usb/usr/lib/python2.7/site-packages/libmproxy/console/__init__.py", line 5, in <module> import flowlist, flowview, help, common, grideditor, palettes, contentview, flowdetailview File "/usb/usr/lib/python2.7/site-packages/libmproxy/console/flowview.py", line 3, in <module> import common, grideditor, contentview File "/usb/usr/lib/python2.7/site-packages/libmproxy/console/contentview.py", line 10, in <module> import lxml.html, lxml.etree File "/usb/usr/lib/python2.7/site-packages/lxml-3.2.3-py2.7.egg/lxml/html/__init__.py", line 42, in <module> from lxml import etree ImportError: cannot import name etree Also tried manually do a static build of lxml (python setup.py --static-deps to no avail. I guess lxml does needs some binaries compiled... Please, do something! I want mitmproxy on my pineapple again. It WAS working couple of months ago, but i guess PIP distro changed.. Thanks Maybe just tell me what to comment out and where to force mitm to run. Quote Link to comment Share on other sites More sharing options...
crepsidro Posted September 17, 2013 Author Share Posted September 17, 2013 Edited contentview.py and ran mitmdump (and mitmproxy). Now, it needs pyopenssl 0.13 and opkg have 0.10-1. I cannot resolve a conflict there. It either runs with 0.10 but drops all SSL traffic OR it doesnt run with 0.13 pip'ed over 0.10 HELP PLEASE, i guess i need some pyopenssl 0.13 bins ((( Quote Link to comment Share on other sites More sharing options...
crepsidro Posted September 17, 2013 Author Share Posted September 17, 2013 Can somebody please compile the binaries for pyopenssl 0.13? it needs it to proceed. not familliar with pineapple build enviroment etc. thanks! Quote Link to comment Share on other sites More sharing options...
crepsidro Posted September 17, 2013 Author Share Posted September 17, 2013 (edited) Ok, nobody? What? More futility from me then... :( I managed to install mitmproxy 0.8.1 by using pip install "mitmproxy<=0.8.1". But it lacks -T (transarent http/https mode), it lack --host option, and it's basically useless. I also tried to build some binaries 'on-device'. I tried root_fs_mips and root_fs_mipsel uClibs' packs, both fail to chroot on device (architecture mismatch most probably). We need pyOpenSSL compiled for pineapple ASAP! That will lead to mitmproxy 0.9.2 (which works GREAT on linux machine, sniffs/mitms ALL ssl traffic!) and NEW version of SSLstrip many folks love. Please, please devs. Compile the opkg .ipk or just 3 binaries needed for pyOpenSSL 0.13 (crypto and 2 more). THANKS! Edited September 17, 2013 by crepsidro Quote Link to comment Share on other sites More sharing options...
crepsidro Posted September 18, 2013 Author Share Posted September 18, 2013 i guess nobody gives a crap... that's sad. this infusion is broken, as updated mitmproxy requires many new deps, which is not compiled for pineapple/ar71xx yes. i thought hak5 are almost gods... Quote Link to comment Share on other sites More sharing options...
crepsidro Posted September 18, 2013 Author Share Posted September 18, 2013 nobody gives a toss? guess i gotta buy Pi for all the work... had high hopes for pineapple but it turned out to be outdated meh.... Quote Link to comment Share on other sites More sharing options...
Foxtrot Posted September 18, 2013 Share Posted September 18, 2013 (edited) crepsidro : How about you stop posting all the time for the same thing, eh? Developers of both infusions and the system, especially sebkinne who is always working on the pineapple, aswell as other tinkerers 'give a toss'. Developers are incredibly busy, they do what they can when they can. So my advice to you sir, is back off. Edited September 18, 2013 by Foxtrot Quote Link to comment Share on other sites More sharing options...
crepsidro Posted September 18, 2013 Author Share Posted September 18, 2013 Thanks Quote Link to comment Share on other sites More sharing options...
Sebkinne Posted September 19, 2013 Share Posted September 19, 2013 Can somebody please compile the binaries for pyopenssl 0.13? it needs it to proceed. not familliar with pineapple build enviroment etc. thanks! Yes. We can and will - but please don't keep posting the same things. I suggest creating a bug / suggestion in the appropriate manner so that it is added to our to-do lists. Best Regards, Sebkinne Quote Link to comment Share on other sites More sharing options...
crepsidro Posted September 19, 2013 Author Share Posted September 19, 2013 done! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.