p0c has asked for the wisdom of the Perl Monks concerning the following question:

Heya wise monks!

I breaking my head over this problem for a few days now, and I can't seem to find an answer. What I'm trying to accomplish is the following: 
--------     ----------     -----------
|      |     |  PC II  |    |         |
| PC I | --> | (PROXY) | -> | GATEWAY |
|      |     |         |    |         |
--------     ----------     -----------

[download]
The simple code running on PC II: 
#!/usr/bin/perl -w

use HTTP::Proxy;
use HTTP::Proxy::BodyFilter::tags;
use HTTP::Proxy::BodyFilter::simple;

system("echo 1 > /proc/sys/net/ipv4/ip_forward");

my $proxy = HTTP::Proxy->new( port => 8080, host => 'localhost' );

$proxy->push_filter(
    mime     => 'text/html',
    response => HTTP::Proxy::BodyFilter::tags->new(),
    response => HTTP::Proxy::BodyFilter::simple->new(

sub { ${ $_[1] } =~ s!src=.+(.jpg|.gif|.bmp|.png)!src=\"http://files.m
+yopera.com/Idonotlikebroccoli/albums/3758/thumbs/noob.jpg_thumb.jpg\"
+!ig;
print "Filter ran!\n"; }
    )
);

$proxy->start;

[download]
And with this iptables rules to forward all the HTTP traffic to the proxy: 
iptables -F
iptables -t nat -I PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports
+ 8080

[download]
What this does is replace the on HTML pages tag with an alternate picture. When I change the default gateway of PC I to the IP of PC II everything works just fine (by propagating an other default gateway by the DHCP server), but what I want to accomplish is that I can just "man in the middle" PC I so that all the traffic reroutes trough PC II, without changing anything to the DHCP server.

But when I do this, I only get the message "this connection had been reinitialized" on my browser, and it doesn't load any further.

Does anyone have an idea where to look? I'm getting really desperate.. ;)

Also a second question: My script is spawning a separate process for every page and keep that one open. After 10 pages or so, the resources are depleted on PC II, and the script crashes. How can I overcome this?

Thanks in advance for your wisdom!

Greetz, p0c!

Replies are listed 'Best First'.
Re: Transparent proxy / Intercepting proxy
by jettero (Monsignor) on May 27, 2009 at 10:41 UTC
    iptables -t nat -I PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 8080

    Not really perl related, but this is probably just changing the dest port to 8080 on the remote host. You'd need to use --to localhost:8080 -- and if you want it to be truly transparent, you'd want to MASQUERADE the packets on the way back. For this kind of thing, use tcpdump/wireshark on all related hosts to see what's happening (it even works in windows!). This answer isn't complete, but this isn't perl info anyway.

    As for HTTP::Proxy, I used it for some things back in 2004 and it's not exactly transparent. It crashes from time to time and in a way that's difficult to reproduce and bug report. I don't recall the particulars of that, but you may just see what I mean. On the other hand, that was 5 years ago, maybe others found it and fixed it.

    -Paul

[reply]
Re: Transparent proxy / Intercepting proxy
by arc_of_descent (Hermit) on May 27, 2009 at 10:10 UTC

    A simple solution would be to assign PC II the IP Address of the gateway, so it becomes the new gateway. And then give your original gateway a new IP. This way your users don't have to change the IP address of their gateway.

[reply]
      Yes well that is almost the same as changing that in the DHCP OFFER's, and it will work. But I come in different networks every day for my work, and I can't change that. I just want to accomplish it with a MITM attack (of course with the approval of the company who hired me ;)).
[reply]

        Take a look at setting up a Linux bridge. I've done this before and its not too tough. You can basically configure a m/c with two interfaces to act as a transparent bridge. You don't need to assign any IP addresses to the bridge's interfaces (saving you IPs), and the bridge can do HTTP proxying too i.e. although it does not have IPs it can do filtering on the IP level.

[reply]

Back to Seekers of Perl Wisdom