Once the interceptor host is configured to act as a router, some interesting things can be done. For example, it is possible to determine the source and destination of the packages that pass through the host, we’re going to use this fact to redirect packages with destination port 80 to Hyperfox, so we can proxy them to the original destination (and capture them in the process).
First, see Hyperfox’s options:
Now start Hyperfox without providing a root CA certificate or key, so it starts in HTTP-only mode:
hyperfox # ... # 2014/12/31 07:53:29 Listening for incoming HTTP client requests on 0.0.0.0:1080.
In order for the target to redirect packages intended for the router to us we
arpfox, a tool that you can download from
sudo arpfox -i $HYPERFOX_IFACE -t $HYPERFOX_TARGET \ $HYPERFOX_GW
arpfox is very convenient and easy as you don’t have to change any
settings on the target not have any real interaction with it besides being on
the same LAN. If you don’t have success finding
arpfox you may as well just
set the IP of the host as the target gateway manually, this will of course
require physical access to the target.
Once the target starts sending traffic to the host machine, it will in turn redirect port 80 traffic to Hyperfox and we’ll be able to capture everything.
If you want to capture HTTPs traffic the proccess is a bit more complicated, see how can it be done.