HOWTO: OpenWRT and Fiddler for HTTP and HTTPS Transparent Proxy traffic capture – Part 2

Goal:

  • Setup a Hyper-V test lab for capturing traffic from an Android client.
  • Use OpenWRT as the routing gateway for the private VM network and Transparent Proxy HTTP and HTTPS traffic to Fiddler.
  • Config Fidder for traffic capture.

See Also:


Configuring OpenWRT for Transpart Proxy

  • Create Port Forward / Pre-routing rules for TCP port 80 and 443 to forward traffic to Fiddler.
    • Assuming Fiddler is running at 192.168.1.2, port 8888 for HTTP proxy and 8443 for HTTPS proxy.
    • Exclude the Fiddler machine from the port forward.


  • Create Source NAT / Post-routing rule


     

  • OR write the rules in the Firewall Custom Rules page.


     

Configuring Fiddler for Transpart Proxy

  • Enable “Allow remote computers to connect” in Fiddler Options and open corresponding ports in the Windows Firewall.


  • Use the command “!listen 8443 your_dummy_CN” to make Fiddler to listen to port 8443 for HTTPS proxy.
    • The dummy CN value is important. Without the CN value Fiddler will not handle the HTTPS handshake.


  • Use the command “prefs set fiddler.network.https.SetCNFromSNI true” to make Fiddler to generate the cert with CN to match the incoming request.

HOWTO: OpenWRT and Fiddler for HTTP and HTTPS Transparent Proxy traffic capture – Part 1

Goal:

  • Setup a Hyper-V test lab for capturing traffic from an Android client.
  • Use OpenWRT as the routing gateway for the private VM network and Transparent Proxy HTTP and HTTPS traffic to Fiddler.
  • Config Fidder for traffic capture.

See Also:

Notes on the OpenWRT installation

The OpenWRT installation basically follows the guide at https://miracoin.wordpress.com/2014/05/28/openwrt-in-hyper-v/. Here a few more tips for building the Hyper-V image:

  • Configure the Hyper-V virtual switch for the connection to the physical network and a private virtual machine network to the VM.

  • Create a new Hyper-V machine with the following settings:
    • 1 virtual processor and 64MB memory (You don’t need too much power for OpenWRT)
    • 2 Legacy Network Adapters (This is important. There’s no driver for the standard Network Adapter)
    • Bind the adapters to the physical and private virtual network.

  • Create the OpenWRT disk image

KB: How to create a Windows 7/Windows 8 Azure VM

Step 1: Prepare the Windows 7/Windows 8 .vhd image

  1. Install Windows 7 on a Hyper-V virtual machine
    1. [IMPORTANT] Create .vhd virtual hard disk insteadl of .vhdx. Azure VM doesn’t support .vhdx.
    2. [IMPORTANT] Install Enterprise edition so the image can be activated when provisioned in Azure.
    3. [IMPORTANT] Enable Remote Desktop (Updated 2013/10/3: It will be enabled by default when provisioning.)
    4. [IMPORTANT] Create an admin account with password. Otherwise cannot login through Remote Desktop.
  2. SYSPREP the Windows 7/Windows 8 VM
    1. Run C:\WINDOWS\system32\sysprep\sysprep.exe
    2. Select the following options:

    3. Press OK and wait until the VM shutdown.

Step 2: Create the Azure Storage Account (if not exist)

Step 3: Prepare the client machine for uploading the .vhd (if necessary)

  1. Download and install Windows Azure Powershell – http://go.microsoft.com/?linkid=9811175&clcid=0x409
  2. Install the Azure management certificate and private key to User Personal cert store.
  3. Get the Azure subscription ID from the “My Bill” page of the Azure Portal.
  4. Start Windows Azure Powershell
  5. Run Set-AzureSubscription –SubscriptionName YourSubcriptionName –Certificate “file path of the management certificate .cer file” – SubscriptionId YourSubscriptionID

Step 4: Upload the .vhd to Azure Storage

  1. Run Select-AzureSubscription –SubscriptionName YourSubcriptionName
  2. Run Add-AzureVhd -Destination http://{YourAzureStore}.blob.core.windows.net/{YourContainer}/{YourVhd}.vhd -LocalFilePath “file path of the .vhd

Step 5: Create Virtual Machine Image

Step 6: Create Virtual Machine from My Image Gallery