Does Martian works as a transparent proxy like mitmproxy?

[Bruno Bigras]

Does Martian works as a transparent proxy like mitmproxy and generate certificates on the fly to intercept HTTPS traffic no matter which host is requested?

I run it with:

$GOPATH/bin/proxy -generate-ca-cert

I redirect the traffic to Martian with iptables:

sudo /sbin/iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080

sudo /sbin/iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 443 -j REDIRECT --to-port 8080

I can access http pages but for https pages I get :

2016/01/14 15:41:55 DEBUG: martian: accepted connection from <ip>:3379

2016/01/14 15:41:55 DEBUG: martian: waiting for request: <ip>:3379

2016/01/14 15:41:56 ERROR: martian: failed to read request: malformed HTTP request "\x16\x03\x01\x00j\x01\x00\x00f\x03\x01V\x98\b^1W\x9d\x94\xa2\xd8ht\xce+8{ZD\xfe?\xc8\xfc\xc63\xb6\x1f\x98QＤ%\x00\x00*\x009\x008\x005\x00\x16\x00\x13\x00"

2016/01/14 15:41:56 DEBUG: martian: closing connection: <ip>:3379

[Adam Tanner]

This should be possible now that https://github.com/google/martian/pull/68 has been merged. We've supported transparent TLS via SNI in the Martian library for a while, but never got around to hooking it up in the proxy. We can't yet support them on the same port, but routing to port 4443 (default if MITM is active or overridable with -tls-addr) should do the trick for you.

Let us know if you need any help!

Adam 

--
You received this message because you are subscribed to the Google Groups "martianproxy-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to martianproxy-us...@googlegroups.com.
To post to this group, send email to martianpr...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/martianproxy-users/95b90255-972b-46bf-8ec2-89a4ec0b828a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Bruno Bigras]

Sorry that I didn't reply to the pull request in time. I got the notification but I wasn't at work on friday.

It works great.

Thanks!

Bruno

Le samedi 16 janvier 2016 16:47:51 UTC-5, Adam Tanner a écrit :

This should be possible now that https://github.com/google/martian/pull/68 has been merged. We've supported transparent TLS via SNI in the Martian library for a while, but never got around to hooking it up in the proxy. We can't yet support them on the same port, but routing to port 4443 (default if MITM is active or overridable with -tls-addr) should do the trick for you.

Let us know if you need any help!

Adam 

On Thu, Jan 14, 2016 at 12:43 PM Bruno Bigras <bigras...@gmail.com> wrote:

Does Martian works as a transparent proxy like mitmproxy and generate certificates on the fly to intercept HTTPS traffic no matter which host is requested?

I run it with:

$GOPATH/bin/proxy -generate-ca-cert

I redirect the traffic to Martian with iptables:

sudo /sbin/iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080

sudo /sbin/iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 443 -j REDIRECT --to-port 8080

I can access http pages but for https pages I get :

2016/01/14 15:41:55 DEBUG: martian: accepted connection from <ip>:3379

2016/01/14 15:41:55 DEBUG: martian: waiting for request: <ip>:3379

2016/01/14 15:41:56 ERROR: martian: failed to read request: malformed HTTP request "\x16\x03\x01\x00j\x01\x00\x00f\x03\x01V\x98\b^1W\x9d\x94\xa2\xd8ht\xce+8{ZD\xfe?\xc8\xfc\xc63\xb6\x1f\x98QＤ%\x00\x00*\x009\x008\x005\x00\x16\x00\x13\x00"

2016/01/14 15:41:56 DEBUG: martian: closing connection: <ip>:3379

--
You received this message because you are subscribed to the Google Groups "martianproxy-users" group.

To unsubscribe from this group and stop receiving emails from it, send an email to martianproxy-users+unsub...@googlegroups.com.