Transparent mode redirects to host itself - mitmproxy

I'm new to mitmproxy and and I'm probably doing something wrong.
I'm running Mitmproxy in transparent mode on Ubuntu and followed the steps on https://docs.mitmproxy.org/stable/howto-transparent/. Its IP is 10.50.10.117.
I then added a line to /etc/hosts in my client machine (10.50.10.116) that points to the mitmproxy server for a test domain (example.com). So this is only on the client machine, and not on the machine running mitmproxy.
Then when I execute 'curl http://example.com' on the client machine, I see the request get to mitmproxy but it errors out with:
10.50.10.116:60936: GET http://example.com/
Host: example.com
User-Agent: curl/7.68.0
Accept: */*
<< Server connection to ('10.50.10.117', 80) failed: Error connecting to "10.50.10.117": [Errno 111] Connection refused
So mitmproxy is trying to connect to its own host on port 80. Why is it not proxying the request to the real example.com?
Thanks.
Henry

https://docs.mitmproxy.org/stable/concepts-modes/#transparent-proxy has an illustration that shows your problem: The TCP packet's destination IP address is mitmproxy and not the actual target. Transparent mode expects Layer 2 redirection.
It looks like you want to run mitmproxy as a reverse proxy. Alternatively, starting with mitmproxy 7 (currently only available as development snapshots, but I encourage you to try them out), you can run it in regular mode and it will pick up host headers for the target information.

Related

An existing connection was forcibly closed by the remote host - Google Actions SDK (gactions)

We are trying to update our google action using actions SDK by executing the below command in CLI.
Command:
gactions update --action_package GoogleAssistantAction.json --project PROJECTNAMEHERE
Below is the error message we're getting
Error message:
Error: Get https://dl.google.com/gactions/updates.json: read tcp 172.30.63.145:1430->172.217.13.238:443: wsarecv: An existing connection was forcibly closed by the remote host.
Pushing the app for the Assistant for testing...
POST /v2/users/me/previews/PROJECT NAME HERE:batchUpdatePreviewFromAgentDraft HTTP/1.1
Host: actions.googleapis.com
User-Agent: Gactions-CLI/2.1.3 (windows; amd64; stable/dff629ae63fd0b047d19687b79274524569714e6)
Content-Length: 540
Content-Type: application/json
Accept-Encoding: gzip
However, based on our research and troubleshooting, we figured out that the issue stems from gactions not being proxy-aware. All internet traffic should be going through bluecoat proxy, where it will then be passed through the firewall. However, our internet traffic (port 443) is directly reaching out to the internet, which is causing it to be blocked by the firewall. Can anyone please help figuring the proxy settings in our application so that it won’t directly reach the internet? Thank you!
At present, gactions only supports transparent proxy configurations. That is, proxy configurations that processes don't need to be explicitly be aware of.
Unfortunately, I'm unable to give you specific guidance for bluecoat. If you're able configure it as a transparent proxy, gactions should work in your environment.

Is there any public PeerServer over HTTPS?

I have a simple web application using peerjs here: https://github.com/chakradarraju/bingo. I was planning to use github.io to put up a demo, and github.io will be served only in HTTPS, the default PeerServer that is used by the peerjs library doesn't support HTTPS.
Is there any public HTTPS PeerServer that I can use?
The simple answer to this is no. It's unfortunate that the browsers recently disallowed http for any address except localhost.
One way to do it is set up an SSH port forward so that you can fool the browser into thinking it is talking to localhost. Ok for a demo, but not production. Here is some info (from https://www.ssh.com/ssh/tunneling/example)
In OpenSSH, remote port forwardings are specified using the -R option.
For example:
ssh -R 8080:localhost:80 public.example.com
This allows anyone on the remote server to connect to TCP port 8080 on
the remote server. The connection will then be tunneled back to the
client host, and the client then makes a TCP connection to port 80 on
localhost. Any other host name or IP address could be used instead of
localhost to specify the host to connect to.
Alternatively if you have your own web server, you can use Let's encrypt: https://letsencrypt.org/ to make it run https without needing to buy an SSL cert. Their tools are so good it's a five minute exersize to get https on your server.
Give a try to www
Is can create automatically valid certificates by using letsencrypt or self-signed.
https://go-www.com/post/how-it-works/
Usage of ./www:
-p port
Listen on port (default 8000)
-q quiet
quiet mode
-r root
Document root path (default ".")
-s your-domain.tld
https://your-domain.tld if "localhost", port can be other than 443
This issue can be resolved by setting options.secure to true as mentioned here.

Trying to set Fiddler as a Reverse Proxy

I have been trying to set Fiddler as a Reverse Proxy, I've been following these instructions, but I just don't understand the point 3.
Option #1: Configure Fiddler as a Reverse-Proxy
Fiddler can be configured so that any traffic sent to http://127.0.0.1:8888 is automatically sent to a different port on the same machine. To set this configuration:
Start REGEDIT
Create a new DWORD named ReverseProxyForPort inside HKCU\SOFTWARE\Microsoft\Fiddler2.
Set the DWORD to the local port you'd like to re-route inbound traffic to (generally port 80 for a standard HTTP server)
Restart Fiddler
Navigate your browser to http://127.0.0.1:8888
How can I set the DWORD to the local port??? Sorry Im novice in network connections, please hope some good fellaw could explain step by step how can I do that. Do I have to do it inside Fiddler? Do I have to do it in windows? Im using windows8.1
PD: I know Im missing that step, cuz after doing steps 4 and 5 I get this message in the browser: "[Fiddler] The connection to '127.0.0.1' failed.
Error: ConnectionRefused (0x274d).
System.Net.Sockets.SocketException No connection could be made because the target machine actively refused it 127.0.0.1:8888"
EDIT>
When I set on fiddler>Fiddler Options>Connections>Fiddler listens on port: 8888
I get the same message, but instead of 127.0.0.1:8888 now I get 127.0.0.1:80
[Fiddler] The connection to 'localhost' failed.
Error: ConnectionRefused (0x274d).
System.Net.Sockets.SocketException No connection could be made because the target machine actively refused it 127.0.0.1:80
I have notice that in fiddler set reverse proxy page, it says...
Configure Fiddler as Reverse Proxy:
To use this method, the hostname for the request to reroute must be 127.0.0.1:8888, localhost:8888, [::1]:8888, or the machine's NETBIOS hostname on port 8888.
Is perhaps that why I can't get it to work? how can I set my machine NETBIOS hostname on port 8888?
I had the same issue... this fixed it...
In the menu click 'Tools' >> 'Fiddler options' >> 'Connections'
Find out the port number
Use the port number noted here instead! e.g. http://127.0.0.1:[port number]
Let's step back a bit. Why specifically are you trying to run Fiddler as a Reverse Proxy? What service are you trying to pass traffic into (e.g. IIS?) What port did you move that service to? What is the exact (original) URL of the traffic you're trying to collect?
You don't need to mess with the registry if you're going to write FiddlerScript.

Connecting Orion Context Broker from another machine

I can't connect to ContextBroker from another machine, even a machine in the same LAN.
Accessing by ssh without any problem
ssh geezar#192.168.1.115
and then
curl localhost:1026/statistics
the terminal shows the statistics, all right
<orion>
<xmlRequests>3</xmlRequests>
<jsonRequests>1</jsonRequests>
<updates>1</updates>
<versionRequests>1</versionRequests>
<statisticsRequests>2</statisticsRequests>
<uptime_in_secs>84973</uptime_in_secs>
<measuring_interval_in_secs>84973</measuring_interval_in_secs>
</orion>
But when I try without ssh connection...
curl 192.168.1.115:1026/statistics
curl: (7) Failed to connect to 192.168.1.115 port 1026: No route to host
Even, I routed the port 1026 to that machine (192.168.1.115) on the router configuration, and tried to access from my public IP, the result is the same, failed to connect
I think I am missing something, but.. what is it?
The most probable causes of this problem are:
Something in the host (e.g a firewall or security group) is blocking the incoming connection
Something in the client (e.g a firewall) is blocking the outcoming connection
There is some other network issue is causing the connection problem.
EDIT: in GNU/Linux system, iptables is usually used as firewall. It can be disabled typically running iptables -F.

Connection failed in QuteCom SIP client

I have chosen QuteCom SIP client for windows to chat.I have installed and configured the account with my public server. My SIP server is kamailio.The connection to the server is not established. The application is connecting to the server for a long time.
Any help is appreciated.
If looks like keep connecting, then I guess the SIP messages don't get to the server.
You can install Wireshark to monitor traffic on windows host on port 5060 (the SIP port) in order to see if SIP messages are sent to the server.
On server, you can install ngrep for the purpose of seeing if traffic from the phone comes there. The command would be like:
ngrep -d any -qt -W byline port 5060
If you don't see traffic coming to the SIP server, then might be a firewall or an ALG between the client and the server, or, a firewall even on client host or server itself.
If it is something in between (not on client host or server), then you should try to use TCP or better TLS.
Note that if you have the firewall on the server, you will see the SIP packets coming on the network, but they will be dropped by the kernel before getting to application layer. Typically on Linux you can see the firewall rules with:
iptables -L
If the SIP packets come to the server, then set debug=3 in kamailio.cfg, restart kamailio and watch the syslog file (e.g., /var/log/syslog or /var/log/messgaes) for kamailio-specific debug messages -- you should get hints of what happens during processing.