A TLS inspection proxy is a very useful system if you need to read encrypted traffic. It can be use to prevent proliferation of malware, as well as to prevent leakage in internal documents. One popular tool that can be used is MITM (man in the middle).
Let’s set up a system using which you will be able to read incoming network traffic. First, you will need two independent computers running a Debian Linux. Here, we implemented a system with Raspberry PIs.
At first, you will need to install both tools on both systems:
sudo apt update
sudo apt install -y mitmproxyYou can use IP tables on linux machines to reroute traffic through another device:
Main system
sudo ip link set eth0 up
sudo ip addr flush dev eth0
sudo ip addr add 10.0.0.2/24 dev eth0
sudo ip route add default via 10.0.0.1Proxy
sudo iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE
sudo iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 443 -j REDIRECT --to-port 8080
sudo iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080
You can see that we are rerouting traffic. from http and https ports through port 8080
After setting up these steps, you should have one system sending network traffic through your other system
Conclusion
The setup we created establishes a network interceptor using two Raspberry Pis, where one Pi acts as a gateway and proxy for the other. The key networking concept we implemented is Network Address Translation (NAT), which allows the client Pi to access the internet through the proxy Pi’s wireless connection.
On the proxy Pi (Pi2), we configured it with two network interfaces: a wireless connection (wlan0) that connects to the internet, and an ethernet connection (eth0) that connects directly to the client Pi. We set up IP forwarding, which allows Pi2 to pass network traffic between these two interfaces. This was done by enabling the IP forwarding flag in the Linux kernel. We then used iptables to set up NAT rules, specifically using the MASQUERADE target in the POSTROUTING chain. This masquerading allows the proxy Pi to modify outgoing packets so they appear to come from its own wireless interface, and then correctly route returning packets back to the client Pi.
On the client Pi (Pi1), we set up a simple network configuration where it uses a static IP address on its ethernet interface and points to Pi2 as its default gateway. This means all network traffic from Pi1 must pass through Pi2 to reach the internet. The foundation of this setup – the IP forwarding and NAT rules – establishes the basic network routing that’s necessary before we can add the MITM proxy functionality. In essence, we created a controlled network bottleneck where all traffic must pass through a single point, making it possible to later inspect and modify that traffic using mitmproxy.