Host configuration

We’re going to set up IP Forwarding in the host Hyperfox will be capturing traffic.

IP Forwarding on Linux

Identify both the local IP of the legitimate gateway and its matching network interface.

sudo route -n
# Kernel IP routing table
# Destination  Gateway   Genmask  Flags  Metric  Ref  Use  Iface
# 0.0.0.0      10.0.0.1  0.0.0.0  UG     1024    0    0    wlan0
# ...

The interface in this case is called wlan0 and the interface’s gateway is 10.0.0.1.

export HYPERFOX_GW=10.0.0.1
export HYPERFOX_IFACE=wlan0

Identify the IP address of the target, let’s suppose it is 10.0.0.143.

export HYPERFOX_TARGET=10.0.0.143

Enable IP Forwarding on the host for it to act (temporarily) as a common router.

sudo sysctl -w net.ipv4.ip_forward=1

Issue an iptables rule to instruct the host to redirect all traffic that goes to port 80 (commonly HTTP) to the local port where Hyperfox is listening to (1080, by default).

sudo iptables -A PREROUTING -t nat -i $HYPERFOX_IFACE -p tcp \
--destination-port 80 -j REDIRECT --to-port 1080

If you’re planning to capture HTTPs traffic, then issue another iptables rule to instruct the host to redirect all traffic that goes to port 443 (commonly HTTPs) to the local port where Hyperfox is listening to (10443, by default).

sudo iptables -A PREROUTING -t nat -i $HYPERFOX_IFACE -p tcp \
--destination-port 443 -j REDIRECT --to-port 10443

Make sure to undo IP Forwarding and iptables rules when they’re not needed anymore.

sudo iptables -t nat -F
sudo sysctl -w net.ipv4.ip_forward=0

IP Forwarding on OSX/FreeBSD

Identify both the local IP of the legitimate gateway and its matching network interface.

sudo netstat -rn  | grep default
# default   10.0.0.1  UGSc    61    28    en0

The interface in this case is called en0 and the interface’s gateway is 10.0.0.1.

export HYPERFOX_GW=10.0.0.1
export HYPERFOX_IFACE=en0

Identify the IP address of the target, let’s suppose it is 10.0.0.143.

export HYPERFOX_TARGET=10.0.0.143

Enable IP Forwarding on the host for it to act (temporarily) as a common router.

sudo sysctl -w net.inet.ip.forwarding=1

Create a hyperfox.pf file with the following contents:

rdr pass on en0 inet proto tcp from any to any port 80 -> 127.0.0.1 port 1080
rdr pass on en0 inet proto tcp from any to any port 443 -> 127.0.0.1 port 10443

The first line tells the packet filter to redirect packets marked with the port destination 80 (plan HTTP traffic) to Hyperfox on local port 1080.

The second line tells the packet filter to redirect packets marked with the port destination 443 (HTTPs traffic) to Hyperfox on local port 10443.

If you’re planning to capture HTTPs traffic use the file as is (both lines), but if you’re planning to capture HTTP traffic only, then delete the second line.

Once you’re satisfied with the hyperfox.pf configuration, pass it to pfctl.

sudo pfctl -vef hyperfox.pf
# ...
# pf enabled

Make sure to undo IP Forwarding and pf rules when they’re not needed anymore.

sudo pfctl -F all
sudo pfctl -d

Note for FreeBSD users

Be sure to load the pf module:

sudo kldload pf

Otherwise you’ll produce an error like this:

sudo pfctl -vef hyperfox.pf
# pfctl: /dev/pf: No such file or directory

IP Forwarding on Windows

Identify the local IP of the legitimate gateway.

ipconfig
#       Default Gateway. . . . . . . . . . . : 10.0.0.1

Open regedit and find the following key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters

Set the IPEnableRouter to 1 and quit regedit.

We aren’t going to set up any firewall rules as we did on UNIX hosts, since administrator privileges to bind on ports 80 and 443 are not required on Windows anyway (!?), so we may as well just tell Hyperfox to bind to another port for HTTP traffic.

hyperfox -p 80

And for HTTPs:

hyperfox -p 80 -s 443 -c ssl/rootCA.crt -k ssl/rootCA.key

Make sure to undo IP Forwarding when it’s not needed anymore by changing back the IPEnableRouter to 0.