@ensis
2016-03-21T08:45:57.000000Z
字数 809
阅读 1340
使用文档
在OS X中,可在/etc/pf.conf文件中rdr-anchor "com.apple/*"下加入语句
rdr on bridge100 inet proto tcp from 192.168.2.0/24 to any port https -> 127.0.0.1 port 8888
其中bridge100为目标流量经过的接口,192.168.2.0/24为目标流量的源ip范围,可根据测试环境进行相应更改。
在Linux中,通过iptables语句即可配置:
iptables -t nat -F PREROUTING
iptables -t nat -A PREROUTING -p tcp -s 192.168.2.0/24 --dport 443 -j REDIRECT --to-port 8888
此中间人攻击框架是用Python实现的,并且用到了scapy进行初级的包格式解析,因此需要安装:
python2.7, scapy2.3.1
将协议格式文件如ssl_tls.py, openvpn.py文件放置在scapy/layers/文件夹下,对于OS X,其路径为
/Library/Python/2.7/site-packages/scapy/layers/
对于Linux,其路径为:
/usr/lib/python2.7/dist-packages/scapy/layers/
并对scapy目录下的config.py文件进行修改,将373行load_layers列表中加入元素ssl_tls, openvpn,也就是改为
load_layers = ["sebek", "skinny", "smb", "snmp", ... , "tftp", "x509", "bluetooth", "dhcp6", "llmnr", "sctp", "vrrp", "ssl_tls", "openvpn"]