/SOS_Proxy

Primary LanguagePythonGNU General Public License v3.0GPL-3.0

SOS_Proxy

Is it possible to proxy a device that does not support this functionality?

Sometime, under particular circumstances, YES. You can do that with Burp Suite and the invisible proxying technique explained at the following link. https://portswigger.net/burp/documentation/desktop/tools/proxy/options/invisible

  1. Create a separate virtual network interface for each destination host.
  2. Create a separate Proxy listener for each interface (or two listeners if HTTP and HTTPS are both in use).
  3. Using your hosts file, redirect each destination hostname to a different network interface (i.e., to a different listener).
  4. Configure Burp’s listener on each interface to redirect all traffic to the IP address of the host whose traffic was redirected to it.

SOS_Proxy is a simple Python tool that aims to automate the invisible proxy technique with the following features:

  • DNS traffic monitoring
  • Virtual interfaces creator
  • Print information to set Burp’s proxies
  • Possibility to choose which domain has to be intercepted
  • Possibility to backup and restore a hosts file configuration
$ python sos_proxy.py --help
usage: sos_proxy.py [-h] [-v] [-i PHYSICAL_INTERFACE] [-a] [-r RESTORE]
                    monitor_interface target_IPaddress

positional arguments:
  monitor_interface     the name of the interface that reaches the target
  target_IPaddress      the IP address of the target device

optional arguments:
  -h, --help            show this help message and exit
  -v, --verbose         increase the cli output verbosity
  -i PHYSICAL_INTERFACE, --physical-interface PHYSICAL_INTERFACE
                        the name of the interface for creating virtual
                        interfaces
  -a, --ask-toset       ask before set any new virtual interface
  -r RESTORE, --restore RESTORE
                        restore a previously made proxy configuration using a
                        hosts file and go ahead from that

Video Demo

Please note that on the device it was already installed a custom CA in order to break the SSL connection.

Dependencies

  • tmux
  • tcpdump
  • ifconfig/ip
  • python 2.7
$ sudo apt install tmux tcpdump

Useful Resources

In order to start Burp with enough privileges to bind a proxy on port 80/443 I suggest the use of this tool: authbind https://www.gremwell.com/node/387

Notes

  • This tool was made quick & dirty, actually it has been tested only on Ubuntu 18.04.3 LTS so be careful and use -a and -v parameters the first time you run it.
  • Following a simple list of useful commands for debugging the tool:
    • $ tail -f /tmp/domains <- tcpdump write here the found domains
    • $ watch -n 2 ip a <- monitor the virtual interface creation
    • $ sudo tmux att -t Domain_Monitor <- check if tcpdump is working or not