Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

burpSuite proxy+arpspoof - does not work completely.

Archimag | Last updated: Feb 13, 2022 03:51PM UTC

Good day perhaps the question is not about burpSuite - but about a bunch of two utilities and iptables settings, but probably people who use burpSuite as a proxy have enough experience in just such a setting. --iptables echo 1 > /proc/sys/net/ipv4/ip_forward iptables -t nat -A PREROUTING -p tcp --dport 443 -j DNAT --to-destination 192.168.1.103 iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination 192.168.1.103 --arpspoof arpspoof -i wlan0 -t 192.168.1.105 192.168.1.1 spoofing works, I see it through tracert some_https_site.com on the windows side. in burpSuite set up a transparent proxy on port 443 on windows, when trying to connect to a https site, the message ERR_CERT_AUTHORITY_INVALID appears, but below there is a link to still go to the site. After clicking on it, in burpSuite I see connection attempts, but as a result on a windows machine - the connection hangs and the site does not open. As soon as I remove the rule from iptables, the site immediately starts working. is there something wrong with the iptables rules that I set or is something not done yet?

Hannah, PortSwigger Agent | Last updated: Feb 14, 2022 07:56AM UTC

Hi Do HTTP sites function fine? Have you followed the directions in "Handling TLS Certificates" found here? - https://portswigger.net/burp/documentation/desktop/tools/proxy/options/invisible

Archimag | Last updated: Feb 14, 2022 03:10PM UTC

No, HTTP sites also not working. I changed iptables rules to iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 8888 iptables -t nat -A PREROUTING -p tcp --destination-port 443 -j REDIRECT --to-port 8888 # iptables -t nat -L 1 ⨯ Chain PREROUTING (policy ACCEPT) target prot opt source destination REDIRECT tcp -- anywhere anywhere tcp dpt:http redir ports 8888 REDIRECT tcp -- anywhere anywhere tcp dpt:https redir ports 8888 Chain INPUT (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain POSTROUTING (policy ACCEPT) target prot opt source destination # and how looks proxy settings and HTTP history tab you can see on screenshots here https://ibb.co/phNjJ8x https://ibb.co/gJ7yPq9 and as I said, if I delete iptables rules - all sites (HTTP and HTTPS) works fine. So problem only when the proxy starts to be used.

Hannah, PortSwigger Agent | Last updated: Feb 15, 2022 03:18PM UTC

Hi

Did you set up Burp to redirect outbound traffic? You can find out more information about this under "Redirecting outbound requests" here: https://portswigger.net/burp/documentation/desktop/tools/proxy/options/invisible

Without setting this up, Burp will resolve the hostname to your listener address, and unless configured differently will forward the request back to itself, creating an infinite loop. As your connection is hanging and not opening, this sounds like it may be the cause of the issue.

Alternatively, "Intercept" may still be enabled on your Burp installation. You can check this by going to "Proxy > Intercept" and making sure that intercept is turned off, or that you forward any requests that come through Burp.

Have you tried modifying your hosts file instead of using iptables, like in the documentation? If you are having issues getting proxy listeners to bind to ports 80 and 443, you will need to launch Burp using sudo.

Archimag | Last updated: Feb 20, 2022 07:02AM UTC

interception was enabled - and this was the problem. Thank you very much for your help!

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.