I found this very informative site that walks one through the details of setting up a MITM rig to decompose SSL traffic. Exactly what I was looking for since busybox was not being nice to me.
http://forums.remote-exploit.org/tutorials-guides/9011-sniffing-ssl-traffic-using-mitm-attack-ettercap-fragrouter-webmitm-dnsspoof.html
(I think blogspot filters URLS with HTML tags), the above wouldn't show up....prolly because it's got the word EXPLOIT in it.)
Seems simple enough...just gonna take some time setting all this crap up, I love this stuff though and that's why I'm doing it.
In the mean time, I wanted to set up something to capture all the traffic to/from the router and I was looking at various firewalls etc...I finally settled on centos as a transparent bridge. One interface to the router, one to my switch, and Oreo stuffing in between.
If you want to do this yourself...it's DIRT SIMPLE, here's my rc.local script to get it going.
#!/bin/sh
brctl addbr br0
brctl addif br0 eth0
brctl addif br0 eth1
ip link set br0 up
ifconfig br0 192.168.0.3 netmask 255.255.255.0
route add default gw 192.168.0.1 dev br0
btw I'm running this on a 8 year old box I found in my basement under some paint rags. Aside from the oily smell the packets flow just fine.
Posts
No comments:
Post a Comment