diff options
| author | Aldo Cortesi <aldo@nullcube.com> | 2018-02-22 17:21:34 +1300 |
|---|---|---|
| committer | Aldo Cortesi <aldo@nullcube.com> | 2018-02-22 18:07:58 +1300 |
| commit | 982508d30f887b4fe8b2a855792ae1e33f378222 (patch) | |
| tree | 9d749a57929a950f0e177a9bf4d6cd7d9a88c16b /docs/tutorials/transparent-dhcp.rst | |
| parent | 1cacefa104626e4e0df5ffb2aa8b0c6f16b615b2 (diff) | |
| download | mitmproxy-982508d30f887b4fe8b2a855792ae1e33f378222.tar.gz mitmproxy-982508d30f887b4fe8b2a855792ae1e33f378222.tar.bz2 mitmproxy-982508d30f887b4fe8b2a855792ae1e33f378222.zip | |
All new documentation
This patch does a lot.
- Ditch sphinx in favor of hugo. This gives us complete control of the layout
and presentation of our docs. Henceforth, docs will be hosted on our website
rather than ReadTheDocs.
- Create a simple, clean doc layout and theme.
- Remove large parts of the documentaion. I've ditched anything that was a)
woefully out of date, b) too detailed, or c) too hard to maintain in the long
term.
- Huge updates to the docs themselves: completely rewrite addons documentation,
add docs for core concepts like commands and options, and revise and tweak a
lot of the existing docs.
With this patch, we're also changing the way we publish and maintain the docs.
From now on, we don't publish docs for every release. Instead, the website will
contain ONE set of docs for each major release. The online docs will be updated
if needed as minor releases are made. Docs are free to improve during minor
releases, but anything that changes behaviour sufficiently to require a doc
change warrants a new major release. This also leaves us free to progressively
update and improve docs out of step with our release cadence.
With this new scheme, I feel CI over the docs is less important. I've removed
it for now, but won't object if someone wants to add it back in.
Diffstat (limited to 'docs/tutorials/transparent-dhcp.rst')
| -rw-r--r-- | docs/tutorials/transparent-dhcp.rst | 101 |
1 files changed, 0 insertions, 101 deletions
diff --git a/docs/tutorials/transparent-dhcp.rst b/docs/tutorials/transparent-dhcp.rst deleted file mode 100644 index d993707d..00000000 --- a/docs/tutorials/transparent-dhcp.rst +++ /dev/null @@ -1,101 +0,0 @@ -.. _transparent-dhcp: - -Transparently proxify virtual machines -====================================== - -This walkthrough illustrates how to set up transparent proxying with mitmproxy. -We use VirtualBox VMs with an Ubuntu proxy machine in this example, -but the general *Internet <--> Proxy VM <--> (Virtual) Internal Network* setup can be applied to -other setups. - -1. Configure Proxy VM ---------------------- - -On the proxy machine, **eth0** is connected to the internet. **eth1** is connected to the internal -network that will be proxified and configured to use a static ip (192.168.3.1). - -VirtualBox configuration -^^^^^^^^^^^^^^^^^^^^^^^^ - -.. image:: transparent-dhcp/step1_vbox_eth0.png - -.. image:: transparent-dhcp/step1_vbox_eth1.png - -VM Network Configuration -^^^^^^^^^^^^^^^^^^^^^^^^ - -.. image:: transparent-dhcp/step1_proxy.png - :align: center - -2. Configure DHCP and DNS -------------------------- - -We use dnsmasq to provide DHCP and DNS in our internal network. -Dnsmasq is a lightweight server designed to provide DNS (and optionally -DHCP and TFTP) services to a small-scale network. - -- Before we get to that, we need to fix some Ubuntu quirks: - **Ubuntu >12.04** runs an internal dnsmasq instance (listening on loopback only) by default - `[1] <https://www.stgraber.org/2012/02/24/dns-in-ubuntu-12-04/>`_. For our use case, this needs - to be disabled by changing ``dns=dnsmasq`` to ``#dns=dnsmasq`` in - **/etc/NetworkManager/NetworkManager.conf** and - - if on Ubuntu 16.04 or newer running: - - >>> sudo systemctl restart NetworkManager - - if on Ubuntu 12.04 or 14.04 running: - - >>> sudo restart network-manager - - afterwards. -- Now, dnsmasq can be be installed and configured: - - >>> sudo apt-get install dnsmasq - - Replace **/etc/dnsmasq.conf** with the following configuration: - - .. code-block:: none - - # Listen for DNS requests on the internal network - interface=eth1 - # Act as a DHCP server, assign IP addresses to clients - dhcp-range=192.168.3.10,192.168.3.100,96h - # Broadcast gateway and dns server information - dhcp-option=option:router,192.168.3.1 - dhcp-option=option:dns-server,192.168.3.1 - - Apply changes: - - if on Ubuntu 16.04 or newer: - - >>> sudo systemctl restart dnsmasq - - if on Ubuntu 12.04 or 14.04: - - >>> sudo service dnsmasq restart - - Your **proxied machine** in the internal virtual network should now receive an IP address via DHCP: - - .. image:: transparent-dhcp/step2_proxied_vm.png - -3. Redirect traffic to mitmproxy ------------------------------------------- - -To redirect traffic to mitmproxy, we need to add two iptables rules: - -.. code-block:: none - - sudo iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 8080 - sudo iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 443 -j REDIRECT --to-port 8080 - -4. Run mitmproxy ----------------- - -Finally, we can run mitmproxy in transparent mode with - ->>> mitmproxy -T - -The proxied machine cannot to leak any data outside of HTTP or DNS requests. -If required, you can now :ref:`install the mitmproxy certificates on the proxied machine -<certinstall>`. |