How to forward TCP traffic to LAN server instead of actual destination server

Started by ipartola, May 14, 2022, 05:52:02 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
May 14, 2022, 05:52:02 PM Last Edit: May 14, 2022, 08:16:26 PM by ipartola
I am trying to figure out what a particular mobile app on my phone is doing when it's talking to its mothership server via HTTPS. I created a simple HTTP/HTTPS proxy server that I am running on my laptop and I want to use my OPNSense router/firewall to redirect all traffic such that when my phone tries to connect to the given server, it instead goes to my laptop. Specifically:

Phone: 172.20.20.249
Laptop: 172.20.20.160
Server: example.com

I want to set a rule that whenever my phone tries to connect to example.com:443 instead it connects to 172.20.20.160:443. Would I do this with a firewall rule under Rules? A one-to-one NAT? Something else? Thanks in advance!

P.S.: I should mention that it seems the app is connecting by IP address and not using DNS at all which would have been easier to redirect.
May 15, 2022, 09:16:15 AM #1
You're probably better off with Squid and/or packet capture on the firewall to analyse a phone home connection.

Bart...
May 15, 2022, 11:43:16 AM #2
Unfortunately that wouldn't work. It's HTTPS, not HTTP so packet capture only tells me what IPs my phone is communicating with, not the contents. This particular app, I suspect, doesn't verify the TLS certificate as the server presents a default self-signed one. By inserting my own proxy between the app and their server I can hopefully capture what data is actually being exchanged and potentially create my own version of the app that would work better.

For some more context, the app controls a proprietary piece of consumer hardware and is the only way to interface with that hardware. It's decent hardware but the app leaves something to be desired: for example trying to edit what is essentially a spreadsheet on a phone sucks.
May 15, 2022, 01:11:52 PM #3
Quote from: ipartola on May 15, 2022, 11:43:16 AM
By inserting my own proxy between the app and their server I can hopefully capture what data is actually being exchanged and potentially create my own version of the app that would work better.
Squid is part of OPNsense - Services, Web Proxy, Administration, Enable proxy. Forward Proxy, Enable SSL inspection. You can also insert it as a transparent proxy but mind the HTTP breakage that inflicts.

Bart...
Print
Go Up Pages1
User actions