From a9f6d53562b8020b87a8feaba2ac1d16d0d869ee Mon Sep 17 00:00:00 2001 From: Aldo Cortesi Date: Mon, 18 May 2015 12:05:29 +1200 Subject: certificate docs: reorg, wording, tweaks --- doc-src/tutorials/transparent-dhcp.html | 41 ++++++++++++++++----------------- 1 file changed, 20 insertions(+), 21 deletions(-) (limited to 'doc-src/tutorials/transparent-dhcp.html') diff --git a/doc-src/tutorials/transparent-dhcp.html b/doc-src/tutorials/transparent-dhcp.html index ce8a10fd..c34dd700 100644 --- a/doc-src/tutorials/transparent-dhcp.html +++ b/doc-src/tutorials/transparent-dhcp.html @@ -1,27 +1,27 @@ This walkthrough illustrates how to set up transparent proxying with mitmproxy. We use VirtualBox VMs with an Ubuntu proxy machine in this example, but the general principle can be applied to other setups. -1. **Configure VirtualBox Network Adapters for the proxy machine** - The network setup is simple: `internet <--> proxy vm <--> (virtual) internal network`. - For the proxy machine, *eth0* represents the outgoing network. *eth1* is connected to the internal network that will be proxified, using a static ip (192.168.3.1). +1. **Configure VirtualBox Network Adapters for the proxy machine** + The network setup is simple: `internet <--> proxy vm <--> (virtual) internal network`. + For the proxy machine, *eth0* represents the outgoing network. *eth1* is connected to the internal network that will be proxified, using a static ip (192.168.3.1).
VirtualBox configuration:

- +
Proxy VM: - +
-2. **Configure DHCP and DNS** - We use dnsmasq to provide DHCP and DNS in our internal network. - Dnsmasq is a lightweight server designed to provide DNS (and optionally DHCP and TFTP) services to a small-scale - network. +2. **Configure DHCP and DNS** + We use dnsmasq to provide DHCP and DNS in our internal network. + Dnsmasq is a lightweight server designed to provide DNS (and optionally DHCP and TFTP) services to a small-scale + network. - - Before we get to that, we need to fix some Ubuntu quirks: - **Ubuntu >12.04** runs an internal dnsmasq instance (listening on loopback only) by default + - Before we get to that, we need to fix some Ubuntu quirks: + **Ubuntu >12.04** runs an internal dnsmasq instance (listening on loopback only) by default [1]. For our use case, this needs to be - disabled by changing
`dns=dnsmasq` to `#dns=dnsmasq` in */etc/NetworkManager/NetworkManager.conf* + disabled by changing
`dns=dnsmasq` to `#dns=dnsmasq` in */etc/NetworkManager/NetworkManager.conf* and running `sudo restart network-manager` afterwards. - - Now, dnsmasq can be be installed and configured: - `sudo apt-get install dnsmasq` - Replace */etc/dnsmasq.conf* with the following configuration: + - Now, dnsmasq can be be installed and configured: + `sudo apt-get install dnsmasq` + Replace */etc/dnsmasq.conf* with the following configuration: 
\# Listen for DNS requests on the internal network
         interface=eth1
         \# Act as a DHCP server, assign IP addresses to clients
@@ -30,15 +30,15 @@ This walkthrough illustrates how to set up transparent proxying with mitmproxy.
         dhcp-option=option:router,192.168.3.1
         dhcp-option=option:dns-server,192.168.3.1
- Apply changes: + Apply changes: `sudo service dnsmasq restart`
Your proxied machine's network settings should now look similar to this:
-3. **Set up traffic redirection to mitmproxy** - To redirect traffic to mitmproxy, we need to add two iptables rules: +3. **Set up traffic redirection to mitmproxy** + To redirect traffic to mitmproxy, we need to add two iptables rules: 
     iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 \
         -j REDIRECT --to-port 8080
@@ -46,9 +46,8 @@ This walkthrough illustrates how to set up transparent proxying with mitmproxy.
         -j REDIRECT --to-port 8080
-4. If required, install the mitmproxy +4. If required, install the mitmproxy certificates on the test device. -5. Finally, we can run mitmproxy -T. +5. Finally, we can run mitmproxy -T. The proxied machine cannot to leak any data outside of HTTP or DNS requests. - -- cgit v1.2.3