I'm trying to capture TCP requests through Burp Suite with this hacky method.
Basically it listens for user selected protocol requests (TCP/UDP) and then forwards them to Burp Suite (or any other tool, if you want to) just like they're HTTP requests. All this by setting a proxy, and Burp Suite will listen to that proxy IP/Port.
However, what I need to do is listening to a website which sends TCP packets, so I should see HTTP/HTTPS requests too. This is what I tried:
sudo python mitm_relay.py -l 0.0.0.0 -p 127.0.0.1:8081 -r tcp:80:example.com:80
where 0.0.0.0
listens to any local interface, proxy listener has been set to 127.0.0.1:8081
and example.com
hostname will be converted to his IP address I will send TCP packets to (port set to 80).
However, I've set my default Firefox proxy to 127.0.0.1:8081
and when I navigate to example.com
I can't see any packet being sniffed under my terminal.
Also this is not an HTTP request, so I've generated my server.pem
and server.key
just exactly it's been described here:
~/mitm_relay/ $ ls | grep -iE 'ca|ser'
cacert.cer
cacert.pem
cacert.srl
cakey.cer
cakey.pem
server.csr
server.key
server.pem
(those are all generated files through those commands).
- How can I intercept TCP requests to
example.com
on port 80? - How can I intercept any domain TCP request on port 80?
- What's an example command of intercepting SSL data (like HTTPS) through that script with those generated certificate files?
- Is setting Burp to listen to
127.0.0.1:8081
proxy enough for applying the 3 precedent questions?