Here is a simple tutorial that will help you rum proxy on your local machine which can record the HTTP requests between the client and the server.
Take a software like TOMCAT manager.which can also be treated as the man in the middle attack in the below tutorial we also demonstrate a basic man in the middle attack.
What is the man in the middle attack
Man in the middle attack is a kinda communication where the middle man gets to modify the data between the client and the server
Take an example you have logged into your NETFLIX account and you want to pay your monthly subscription for the game of thrones if the hacker gets access to the data in the network he will modify the data to get you subscribe to silicon valley premier.
What is mitmproxy Project
This is a command line utility that can intercept the traffic flows and record it to be replayed later. For more details visit project website – mitmproxy project
How the MITM is performed
Well it requires the hacker to take control over the communication channel scenario, Consider an internet cafe where all the traffic goes through a proxy which many computers have access to proxy port there the hacker modifies the data passing if we use the HTTP there is no encryption present in the text hence the data is transferred in the plain text which can be changed to the hacker’s wish.
How To Simulate A Man In The Middle (MITM) Attack Using MITM Proxy
Below are the steps to perform a MITM attack using MITM proxy tool. Real MITM attack may involve much more complex steps, however we have avoided it to keep the tutorial simple.
Running A Reverse Proxy To Record Tomcat Requests
Below command should run a reverse proxy on port 8081 and record any request sent to port 8081
mitmdump -w tomcat-mgr-login.dump -d --keepserving --anticache -p 8081 -R http://localhost:8080 &
Understanding The Options In This Command
This option tells the tool to record and write into a file called “tomcat-mgr-login.dump”
This option will enable tool to show more details
This option will keep the mitmdump reverse proxy running. Otherwise your proxy will stop after one request.
This option will ensure to avoid any web server level caching.
Tells the port at which the reverse proxy needs to listen to client request.
This option tells mitmdump tool to run in Reverse proxy mode. The host:port details are used to forward traffic from the port specified in -p option.
This is a unix way to run process in background, not specific to this tool.
Start Tomcat Server
Start tomcat on your machine, make sure its running on port 8080
You can check it by going to browser on this url http://localhost:8080
Configure Tomcat Manager Password
Go to tomcat_home/conf/tomcat-users.xml and un comment these lines.
Make sure the change the roles value to manager-gui for tomcat user.
Lets Start Recording
- Now point your browser to localhost:8081
- Make sure to use the proxy port 8081, not tomcat default port. This is the main trick that enables proxy to be able to record.
- Visit the tomcat manger app.
- Login to tomcat manager app.
- The mitmdump should record it in the tomcat.dump file
127.0.0.1 GET http://localhost:8080/
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/600.6.3 (KHTML, like Gecko) Version/8.0.6 Safari/600.6.3
<< 200 OK 11.16kB Server: Apache-Coyote/1.1 Content-Type: text/html;charset=ISO-8859-1 Transfer-Encoding: chunked Date: Fri, 05 Jun 2015 23:44:56 GMT
How To Stop Mitmdump Process
To stop the mitmdump process follow below steps.
- find the mitmdump process using ps command
ps -aef | grep “mitmdump"
- you will see two process ids. I prefer doing kill -9 on both
kill -9 pid1 pid2
How To Replay The Recorded Request
Now open a new shell and run following command to replay the recorded actions.
mitmdump -c tomcat.dump -n --replay-ignore-host
This should show you below output.
127.0.0.1 GET http://localhost:8080/
<< 200 OK 11.16kB 127.0.0.1 GET http://localhost:8080/manager/html << 200 OK 19.11kB
Learn More Mitmdump Commands
Doing more learning on mitmdump tool, use below command to see the help options.
Take your time to comment on this article.