jrmdev / mitm_relay Goto Github PK

I want to use mitm_relay + burpsuite to intercept my root andriod rcs messages.
I configure Android using the ip of linux running mitm_relay and burpsuite as router ip. (the provider's rcs service port is 5260)
And I use iptables to redirect tcp to 5261 port (from 5260) locally.
Then error occured:
---------------------- Wrapping sockets ----------------------
Exception in thread Thread-8:
Traceback (most recent call last):
File "/usr/lib/python3.8/threading.py", line 932, in _bootstrap_inner
self.run()
File "/usr/lib/python3.8/threading.py", line 870, in run
self._target(*self._args, **self._kwargs)
File "mitm_relay.py", line 419, in handle_tcp_client
do_relay_tcp(client_sock, server_sock, cfg)
File "mitm_relay.py", line 301, in do_relay_tcp
receiving, _, _ = select([client_sock, server_sock], [], [])
ValueError: file descriptor cannot be a negative integer (-1)
Exiting...

Now I want to exec the script and listen on my desktop, meanwhile let mobile device connect to it, all requests are sent by APP, but there are Http and non-Http requests in the whole process, so how should I write the param -r? Is my command right?
python mitm_relay.py -l 0.0.0.0 -p 127.0.0.1:8888 -r 4500:.*.com:8082 -c server.pem -k server.key

For client authentication on need a client certificate and client key file. The client key file usually is password protected.
mitm_relay asks for the password several times after starting.

Is it possible to enter the password as parameter in the program call?

Hi There,
i am tring to use the following flag with mitm_relay script :
-c , --cert
Certificate file to use for SSL/TLS interception
-k , --key
Private key file to use for SSL/TLS interception
i did the whole guide on creating the relevant certificate and key.
I can see everything encrypted within burp suite.
Any ideas?

Hello - I was wondering if in the case of ssl interception if there are times where you are mitm the traffic and it will fallback to a transparent mode where the certificate and key are not used and the traffic is just forwarded like a transparent proxy? So I have a listener and a relay but no -p flag to intercept. I'm seeing a message Wrapping sockets and an error:

ValueError: file descriptor cannot be a negative integer (-1) in the beginning of comms but then it starts to appear to work. The inner traffic appears proprietary/encrypted but I haven't been able to get ssl dissectors in wireshark to work yet.

So in short, does this tool fail silently and turn into a packet forwarded and all I am observing after the initial error is SSL/TLS traffic that is encrypted and mitm_relay is not utilizing the cert and key I am telling it to?

Since the major update of 2022 the tool works great, however when setting a proxy with -p it does not actually forward traffic to the proxy, because the urlopen call is never told to use a proxy.
I was able to fix this by prefixing the call to mitm_relay.py with the environment variable HTTP_PROXY like this:

HTTP_PROXY=127.0.0.1:8080 python3 mitm_relay -p 127.0.0.1:8080

Hi, Please i'm trying to set this up to use with burp suite on a windows system. I didn't totally understand what you said.

Would appreciate if you could drop clearer steps/videos to help noobs like me. Thank you

First of all, looks like a nice/simple project.
Secondly, I'm trying to bind it like this:

python mitm_relay.py -l 127.0.0.1 -p 127.0.0.1:8081 -r port:164.132.238.228:port

it's an online website. I've found that IP source through wireshark. What do you mean with putting two ports (before and after the IP address you're targeting at?).
Thanks.

Hi,

I would like to say this is by far the best and most practical non-HTTP proxy that I’ve used!

I am currently doing research on thick client testing. The app that I’m testing uses the TCP protocol to connect to a remote database. One of the requests that the app sends contains a SELECT query that dynamically generates a SQL statement based on the credentials provided in the login form.

I would like to change the SQL query’s …WHERE username = ‘admin’ clause to …WHERE username = ‘bob’

I am able to replace admin with bob using the following script:

 def handle_request(client_request):
	#'admin' is '61646d696e' in HEX
	#'bob' is '626f62' in HEX

	modified_request = client_request.replace('\x00\x61\x00\x64\x00\x6d\x00\x69\x00\x6e\x00', '\x00\x62\x00\x6f\x00\x62\x00')
	return modified_request

However, due to the fact that the length of the modified TCP packet is different to the original packet the thick client that I’m testing just crashes after I receive the FIN, ACK response from the database server.

Your MySQL demo states that the corresponding fields in the TCP protocol will have to be changed if I make changes to the length of the SQL message. Do you have any ideas/suggestions how I should do that? I presume I will have to add some python code to the above script that I’m sending using your tool? I am not fluent in Python so I'm not sure how easy it will be to achieve this task.

Thank you!

Sorry for posting this to issues but i cannot make it work... i have a windows client that does not support proxy.. I used another application to proxify the client and sent all the traffic to your script but after the first request i never get a response.

Your traffic flow diagram confused me . Do i need to instances of your script ?

Thank you

I use mitm_relay to relay SIP protocol. It works perfect.
But I want to send some packet myself, Repeater of burp is more convenient.
Is this possible to support Burp Repeater ?

Hi, I may be wrong, but I think BIND_WEBSERVER should be configurable. I have mitm_relay configured in a RPi and Burp in another machine. Thus, mitm_relay is proxifing the requests to Burp with success, but Burp can not send them back to mitm_relay as they are pointing to 127.0.0.1 instead of the actual RPi IP where the mitm_relay webserver is listening to and not in the machine where Burp is running as there is nothing listening in there.

Regards,

Hi,
I wanted to ask whether anyone encountered the error "EOF occurred in violation of protocol (_ssl.c:1122)" when trying to capture and decrypt TLS 1.2 traffic with cipher suite EOF occurred in violation of protocol (_ssl.c:1122).

Everything works perfectly with capturing the raw traffic (without TLS inspection), however when I specify the cert and key, the above error appears. What might be the optimal way to debug this error (e.g.: some code change to print more data instead of just "EOF occured")?

Any help is appreciated, thanks!

The LICENSE file is still in template form.

To apply the Apache License to your work, attach the following
boilerplate notice, with the fields enclosed by brackets "{}"
replaced with your own identifying information. (Don't include
the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a
file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier
identification within third-party archives.

Copyright {yyyy} {name of copyright owner}

If it is possible to add something for mitm_relay to support Burp Repeater, where I can use my crafted SIP message? (maybe, Burp Repeater -> mitm_web_server -> ... -> SIP endpoint).
As in the description of intercept procedure in your README, ,we can use Burp Proxy to intercept and modify messages. (like, thick client -> listeners ->Burp Proxy -> web sever -> ... -> endpoint).

Or, say it, like Burp Proxy procedure (intercept and modify messages, then send it to dummy web sever... then to endpoint through mitm_relay), is it possible to do similar thing using Burp Repeater (send crafted messages directly to dummy web sever... then to endpoint through mitm_relay).

Hi,

Thank you very much for your contributions.
In my case, I am running a client on my host machine (Mac Ventura) and an SMB server on my VM (Ubuntu 14.04).
The VM is configured to use the private network (interface: vmenet3) with the host.

Here are the IP addresses and the port numbers:

Server on my VM has the IP 192.168.139.130, and listens on port 445.
Client connects to the VM using the IP 192.168.139.1, and connects using the port 55419.

I would like to run the relay server on my host machine running the client.
Therefore, relay's IP address will also be 192.168.139.1 but it will listen on 445 (the same with the SMB server on my VM).

Here is my host configuration below.
I first enable IP forwarding, then forward the packets to the relay using pfctl.

sysctl -w net.inet.ip.forwarding=1
echo "rdr pass inet proto tcp from any to any port 445 -> 192.168.139.1 port 445" | sudo pfctl -ef -

Then, I run the script as below.
sudo python3 mitm_relay.py -l 192.168.139.1 -r 445:192.168.139.130:445

However, it does not capture any packets. Do you have any intuition why?
Any help is much appreciated,

SSLv3 has been deprecated in the standard ssl library for Python 2 and 3.

Is there a solution for downgrading the ssl library to support ssl.PROTOCOL_SSLv3?

There is PROTOCOL_SSLv23, but I was unable to get this to send an SSLv3 handshake.

First, great code :D
But I wanna ask something, I'm really bad in Networking. What do you mean by relay ? Is that a proxy server or something? And what you mean by the argument "-l" is that something like a IP address of the server? Which you can intercept | listen all incoming request that was made for it?
Thanks

Any update to support IPv6?