Jump to content

ddwrt ->kali ->proxy-> iptables help...

i8igmac

By i8igmac
in Questions

 Share

Recommended Posts

i8igmac Newbie

i8igmac

Posted
Posted

I have been ssearching online for 'ddwrt iptables proxy'

I have found some nice example scripts...

I'm looking for help with iptables... maybe there is a skilled iptables guru that is actave here...

I figured I will use burpsuit for a quick proxy

Proxy ip 192.168.69.103:666

ddwrt ip 192.168.69.1/255.255.255.0

cooper Newbie

cooper

Posted
Posted

I played _some_ with that. Guru... not really (really not).

But fire away. Worst that can happen is people will say "buggered if I know".

i8igmac Newbie

i8igmac

Posted
  • Author
Posted

nc 192.168.69.1 23

logged into root on ddwrt and iptables is acceptable command

here is a basic example

PROXY_IP=192.168.69.103
PROXY_PORT=666
LAN_IP=`nvram get lan_ipaddr`
LAN_NET=$LAN_IP/`nvram get lan_netmask`

iptables -t nat -A PREROUTING -i br0 -s $LAN_NET -d $LAN_NET -p tcp --dport 80 -j ACCEPT
iptables -t nat -A PREROUTING -i br0 -s ! $PROXY_IP -p tcp --dport 80 -j DNAT --to $PROXY_IP:$PROXY_PORT
iptables -t nat -I POSTROUTING -o br0 -s $LAN_NET -d $PROXY_IP -p tcp -j SNAT --to $LAN_IP
iptables -I FORWARD -i br0 -o br0 -s $LAN_NET -d $PROXY_IP -p tcp --dport $PROXY_PORT -j ACCEPT
i8igmac Newbie

i8igmac

Posted
  • Author
Posted

So above script will forward http traffic to kali running burpsuit on port 666...

Seems to work just fine... I would like to put sslstrip in front of the proxy...

Any ideas for how kali could configure iptables o place sslstrip in the mix

i8igmac Newbie

i8igmac

Posted
  • Author
Posted

so I have been running test all day... your wifi router running ddwrt and iptables script above you can easly send traffic to kali...

sslstrip is only effective when a client request htttp://face-book

If the client request htttps://face-book then ssltrip will miss this request

if you try sslstrip on android applications like facebook gmail yahoo twitter. you will notice some red flags with the certificates... fb was blood red!

So... I found sslsniff and sslsplit... these tools seem to be the key to success...

But I get segment faults when I test these tools...

cooper Newbie

cooper

Posted
Posted

Think you can acquire a core dump for them? If so it's decidedly easier to see what the tool is borking on.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...