Skip to content

Instantly share code, notes, and snippets.

@thekalinga

thekalinga/mitmproxy-wireshark-java-curl-reactor-netty.md

Last active September 19, 2022 00:28
Show Gist options
  • Save thekalinga/68e09aab87b884d8dd57eb59fd78d85b to your computer and use it in GitHub Desktop.
Save thekalinga/68e09aab87b884d8dd57eb59fd78d85b to your computer and use it in GitHub Desktop.
Download ZIP
Configuring mitmproxy, wireshark, curl, java, reactor netty to capture packets (pcap) so SSL/TLS/HTTPS/WSS traffic can be analysed in Ubuntu 20
Raw
mitmproxy-wireshark-java-curl-reactor-netty.md

Configuring mitmproxy, wireshark, curl, java, reactor for packet capture (pcap)

Install mitmproxy

Ensure you have python3 installed locally. Then install mitmproxy by running

pip install pipx mitmproxy
# configures path to use mitmproxy, mitmweb & mitmdump
pipx install mitmproxy

Configure certicates

# run mitmproxy once so it creates certificates under `~/.mitmproxy/*` & stop it by pressing Ctrl+C
mitmproxy

# create folder that contains additional certificates (with exact name `extra`)
sudo mkdir /usr/local/share/ca-certificates/extra
# convert .pem file into .crt file that OS expects
openssl x509 -in ~/.mitmproxy/mitmproxy-ca-cert.pem -inform PEM -out mitmproxy-ca-cert.crt
# copy crt
sudo cp mitmproxy-ca-cert.crt /usr/local/share/ca-certificates/extra
# refresh ca-cerficates at OS level. Make sure you check mitmproxy option aswell when prompted
sudo dpkg-reconfigure ca-certificates

Start mitmproxy

Configure mitmproxy to log all ssh session keys used by it when it estrablishes TLS connection (used by https/wss/…) with servers. By logging these SSL keys we can import them into wireshark to decrypt captured traffic. To configure mitmproxy log ssl keys into a log file, run

SSLKEYLOGFILE="$HOME/.mitmproxy/sslkeylogfile" mitmproxy

Configure wireshark

  1. Start wireshark & configure wireshark to ~/.mitmproxy/sslkeylogfile by going to Edit -> Preferences -> Protocols -> TLS
  2. Enter ~/.mitmproxy/sslkeylogfile in the file browsing text field named (Pre)-Master-Secret log file name & click Ok
  3. Click on appropriate nic & Start capturing packets (pcap aka packet capture)

Test mitmproxy & wireshark integration

Run below command to make a https call & ensure you are able to see decrypted traffic in wireshark & also verify mitmproxy is showing the call in its panel

https_proxy=127.0.0.1:8080 curl -v https://google.com

Integrate with Java applications

  1. Import CA certificate into JRE
sudo keytool -importcert -alias mitmproxy -storepass changeit -keystore $JAVA_HOME/lib/security/cacerts -trustcacerts -file ~/.mitmproxy/mitmproxy-ca-cert.pem
  1. Set following VM options (for https proxying) when running any java application
-Dhttps.proxyHost=127.0.0.1 -Dhttps.proxyPort=8080
  1. If you want to have http proxying too, add following additional VM arguments
-Dhttp.proxyHost=127.0.0.1 -Dhttp.proxyPort=8080

Integrate with reactor-netty application

Make sure you call .proxyWithSystemProperties() on HttpClient i.e

    HttpClient client = HttpClient.create(customProvider)
        ...
        .proxyWithSystemProperties();

References:

  1. https://askubuntu.com/questions/73287/how-do-i-install-a-root-certificate/94861
  2. https://docs.mitmproxy.org/stable/concepts-certificates/
  3. https://docs.mitmproxy.org/stable/howto-wireshark-tls/
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment