HOWTO: OpenWRT and Fiddler for HTTP and HTTPS Transparent Proxy traffic capture – Part 2

Goal:

Setup a Hyper-V test lab for capturing traffic from an Android client.
Use OpenWRT as the routing gateway for the private VM network and Transparent Proxy HTTP and HTTPS traffic to Fiddler.
Config Fidder for traffic capture.

Create Port Forward / Pre-routing rules for TCP port 80 and 443 to forward traffic to Fiddler.
- Assuming Fiddler is running at 192.168.1.2, port 8888 for HTTP proxy and 8443 for HTTPS proxy.
- Exclude the Fiddler machine from the port forward.
Create Source NAT / Post-routing rule
OR write the rules in the Firewall Custom Rules page.

Enable “Allow remote computers to connect” in Fiddler Options and open corresponding ports in the Windows Firewall.
Use the command “!listen 8443 your_dummy_CN” to make Fiddler to listen to port 8443 for HTTPS proxy.
- The dummy CN value is important. Without the CN value Fiddler will not handle the HTTPS handshake.
Use the command “prefs set fiddler.network.https.SetCNFromSNI true” to make Fiddler to generate the cert with CN to match the incoming request.

Setup a Hyper-V test lab for capturing traffic from an Android client.
Use OpenWRT as the routing gateway for the private VM network and Transparent Proxy HTTP and HTTPS traffic to Fiddler.
Config Fidder for traffic capture.

The OpenWRT installation basically follows the guide at https://miracoin.wordpress.com/2014/05/28/openwrt-in-hyper-v/. Here a few more tips for building the Hyper-V image:

Configure the Hyper-V virtual switch for the connection to the physical network and a private virtual machine network to the VM.
Create a new Hyper-V machine with the following settings:
- 1 virtual processor and 64MB memory (You don’t need too much power for OpenWRT)
- 2 Legacy Network Adapters (This is important. There’s no driver for the standard Network Adapter)
- Bind the adapters to the physical and private virtual network.
Create the OpenWRT disk image
- Download the OpenWRT x86 image from http://downloads.openwrt.org/attitude_adjustment/12.09/x86/generic/openwrt-x86-generic-combined-ext4.img.gz
- Create an empty VHD file (e.g. 100MB)
- Attach the VHD in Windows
- Use WinImage (http://winimage.com/ ) to write the image to VHD.
- Check “Include non-removable disk” to see the new attached disk.

Add the driver package to the disk image.
- Download the driver from http://downloads.openwrt.org/attitude_adjustment/12.09/x86/generic/packages/kmod-tulip_3.3.8-1_x86.ipk
- Use Ext2Fsd mount the ext4 partition as a driver letter (http://www.ext2fsd.com/)
- Write the driver .ipk file to the disk.
Add the VHD to the Hyper-V virtual machine and start the machine.
Install the network driver by “opkg install kmod-tulip_3.3.8-1_x86.ipk”
Edit “/etc/config/network” to config eth0 for WAN (DHCP) and eth1 for LAN (192.168.1.1)
After reboot, the router web UI http://192.168.1.1/ should be accessible from the private VM network (192.168.1.x).

Edit CustomRules.js and look for function OnExecAction()
Add a new custom action to the switch(sAction){} case statement

e.g. the following “dailydump” action will save the captured sessions to C:\temp\

case “dailydump”:

FiddlerObject.UI.actSelectAll();

if(FiddlerObject.UI.lvSessions.SelectedItems.Count > 0){

FiddlerObject.UI.actSaveSessionsToZip(String.Format(“c:\\temp\\{0:yyyy-MM-dd_HHmmss}.saz”,DateTime.UtcNow));

FiddlerObject.UI.actRemoveAllSessions();

}

break;
Add a new task in Task Scheduler to run ExecAction.exe your_custom_action_name

RulesCustomize Rules
Under OnBeforeRequest(), set the oSession[“x-overrideGateway”] value to your custom proxy server

	Rick StePHan on KB: Connecting OpenWRT/LEDE ro…
	Wojciech Wrodarczyk on KB: Microsoft iSCSI Software T…
	jeffchiu on HOWTO: OpenWRT and Fiddler for…
	Adam Baxter on HOWTO: OpenWRT and Fiddler for…
	Phreak on KB: Microsoft iSCSI Software T…