HOWTO: OpenWRT and Fiddler for HTTP and HTTPS Transparent Proxy traffic capture – Part 2

Goal:

  • Setup a Hyper-V test lab for capturing traffic from an Android client.
  • Use OpenWRT as the routing gateway for the private VM network and Transparent Proxy HTTP and HTTPS traffic to Fiddler.
  • Config Fidder for traffic capture.

See Also:


Configuring OpenWRT for Transpart Proxy

  • Create Port Forward / Pre-routing rules for TCP port 80 and 443 to forward traffic to Fiddler.
    • Assuming Fiddler is running at 192.168.1.2, port 8888 for HTTP proxy and 8443 for HTTPS proxy.
    • Exclude the Fiddler machine from the port forward.


  • Create Source NAT / Post-routing rule


     

  • OR write the rules in the Firewall Custom Rules page.


     

Configuring Fiddler for Transpart Proxy

  • Enable “Allow remote computers to connect” in Fiddler Options and open corresponding ports in the Windows Firewall.


  • Use the command “!listen 8443 your_dummy_CN” to make Fiddler to listen to port 8443 for HTTPS proxy.
    • The dummy CN value is important. Without the CN value Fiddler will not handle the HTTPS handshake.


  • Use the command “prefs set fiddler.network.https.SetCNFromSNI true” to make Fiddler to generate the cert with CN to match the incoming request.
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s