sudo apt-get update
sudo apt-get install python3-pip
sudo pip3 install --ignore-requires-python mitmproxy==6.0.2
The version constraint is due to Python, on Raspbian 10 (Buster) it is 3.7.3, version 6.0.2 is the latest supported version which supports Python 3.7.3
apt-cache madison python3
python3 | 3.7.3-1 | http://raspbian.raspberrypi.org/raspbian buster/main armhf Packages
python3-defaults | 3.7.3-1 | http://raspbian.raspberrypi.org/raspbian buster/main Sources
sudo mkdir /opt/mitmproxy
sudo addgroup --system mitmproxy
sudo adduser --system --home /opt/mitmproxy --shell /usr/sbin/nologin --no-create-home --gecos 'mitmproxy' --ingroup mitmproxy --disabled-login --disabled-password mitmproxy
sudo chown -R mitmproxy:mitmproxy /opt/mitmproxy
tee -a /etc/sysctl.conf <<'EOF' >/dev/null
net.ipv4.ip_forward = 1
net.ipv4.conf.default.rp_filter = 0
net.ipv4.conf.default.accept_source_route = 0
net.ipv4.conf.all.send_redirects = 0
EOF
sudo sysctl -p
sudo iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080
sudo iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 443 -j REDIRECT --to-port 8080
Replace
-A
with-D
to delete, useiptables -L -v -n --list-numbers
to list all rules available in NAT chain
sudo iptables-save > /etc/iptables.up.rules
sudo sed -i '/^exit 0/i iptables-restore < /etc/iptables.up.rules' /etc/rc.local
Create /etc/systemd/system/mitmproxy.service
file (change ip-addresses accordingly)
[Unit]
Description=mitmweb service
After=network-online.target
[Service]
Type=simple
User=mitmproxy
Group=mitmproxy
ExecStart=/usr/bin/python3 /usr/local/bin/mitmweb --mode transparent --showhost --web-port 9090 --web-host 192.168.1.200 --no-web-open-browser --listen-host 192.168.1.200 --listen-port 8080
Restart=on-failure
RestartSec=10
LimitNOFILE=65535
LimitNPROC=4096
PrivateTmp=true
PrivateDevices=true
ProtectHome=true
ProtectSystem=strict
NoNewPrivileges=true
DevicePolicy=closed
ProtectControlGroups=yes
ProtectKernelModules=yes
ProtectKernelTunables=yes
RestrictNamespaces=yes
RestrictRealtime=yes
RestrictSUIDSGID=yes
LockPersonality=yes
WorkingDirectory=/opt/mitmproxy
ReadOnlyDirectories=/
ReadWriteDirectories=/opt/mitmproxy
[Install]
WantedBy=multi-user.target
sudo systemctl daemon-reload
sudo systemctl enable mitmproxy.service
sudo systemctl start mitmproxy.service
sudo systemctl status mitmproxy.service
On your router enable conditional routing (policy-based routing), then navigate to mitm.it
, download self-signed certificate onto your device, and import it.
Navigate to http://192.168.1.200:9090 to see captured data.