Jump to content

ddwrt ->kali ->proxy-> iptables help...


i8igmac
 Share

Recommended Posts

I have been ssearching online for 'ddwrt iptables proxy'

I have found some nice example scripts...

I'm looking for help with iptables... maybe there is a skilled iptables guru that is actave here...

I figured I will use burpsuit for a quick proxy

Proxy ip 192.168.69.103:666

ddwrt ip 192.168.69.1/255.255.255.0

Link to comment
Share on other sites

I played _some_ with that. Guru... not really (really not).

But fire away. Worst that can happen is people will say "buggered if I know".

Link to comment
Share on other sites

nc 192.168.69.1 23

logged into root on ddwrt and iptables is acceptable command

here is a basic example

PROXY_IP=192.168.69.103
PROXY_PORT=666
LAN_IP=`nvram get lan_ipaddr`
LAN_NET=$LAN_IP/`nvram get lan_netmask`

iptables -t nat -A PREROUTING -i br0 -s $LAN_NET -d $LAN_NET -p tcp --dport 80 -j ACCEPT
iptables -t nat -A PREROUTING -i br0 -s ! $PROXY_IP -p tcp --dport 80 -j DNAT --to $PROXY_IP:$PROXY_PORT
iptables -t nat -I POSTROUTING -o br0 -s $LAN_NET -d $PROXY_IP -p tcp -j SNAT --to $LAN_IP
iptables -I FORWARD -i br0 -o br0 -s $LAN_NET -d $PROXY_IP -p tcp --dport $PROXY_PORT -j ACCEPT
Link to comment
Share on other sites

So above script will forward http traffic to kali running burpsuit on port 666...

Seems to work just fine... I would like to put sslstrip in front of the proxy...

Any ideas for how kali could configure iptables o place sslstrip in the mix

Link to comment
Share on other sites

so I have been running test all day... your wifi router running ddwrt and iptables script above you can easly send traffic to kali...

sslstrip is only effective when a client request htttp://face-book

If the client request htttps://face-book then ssltrip will miss this request

if you try sslstrip on android applications like facebook gmail yahoo twitter. you will notice some red flags with the certificates... fb was blood red!

So... I found sslsniff and sslsplit... these tools seem to be the key to success...

But I get segment faults when I test these tools...

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...