This repository contains set of scripts to configure Raspberry PI as network proxy to intercept traffic for inspection. It can spawn mitmproxy to perform man in the middle attack, or you can use just tcpdump to inspect packets without traffic interference.
Raspberry PI 3 or 4 is required with Manjaro ARM OS.
https://manjaro.org/downloads/arm/raspberry-pi-4/arm8-raspberry-pi-4-minimal/
Then clone this repository onto the device.
First we need to setup needed packages and configure the device network.
sudo ./setup.sh wlan|eth|clr
There are three options available:
wlan- configure Raspberry to expose access point for the target device to connect, outside world connection is done via physical ethernet porteth- configure Raspberry to connect to the internet via wlan interface, target device shall be connected via phical ethernet portclr- clear the configuration, brings the device to usual operation prior to the setup (software installed during setup is not removed)
There is a script to configure capture and mitmproxy to intercept the traffic:
sudo proxy-and-dump.sh wlan|eth TCPDUMP_FILTER
We can specify TCPDUMP_FILTER to only capture interesting traffic, eg.
sudo proxy-and-dump.sh wlan "host x.x.x.x"
to limit capture to packets only related with specific ip address. Filter must be enclosed in quotes.
If we don't want to use mitmproxy we can capture with only tcpdump.
When configured as wlan:
sudo tcpdump -i wlan0 -w dump.pcap
When configured as eth:
sudo tcpdump -i eth0 -w dump.pcap