Tuesday, December 7, 2010

Fiddler on Linux

A colleague of mine (web developer) recently undertook effort to move from Windows to Ubuntu. One last obstacle was lack of adequate analogs of program "Fiddler". Wireshark is too general to work with and does not allow http-specific operations (for example - change values in a request and replay it). It's cumbersome interface was also hard to work with.

Enter burp proxy suite. I know, I know, it is proprietary, closed source, cpu and memory hogging java application. But hey, if the alternative for the colleague to stay in Windows, anything counts.

As good as the program is, it remains to be proxy application. This posed a problem because the developer had to intercept http requests from a stand-alone application.

While intercepting network-originating requests is not trivial, on Linux there is simple way to redirect local traffic to the burp proxy. The trick is to run the program in "invisible proxy" mode using "root" account and redirect all traffic coming from certain user to port 80 through the proxy. This solves the catch22 problem of "intercepting all outgoing requests".

Here are the commands that accomplish that:
sudo iptables -t nat -I OUTPUT -p tcp --dport 80 -m owner \
--uid-owner evgeny -j REDIRECT --to-port 8080

sudo java -jar burpsuite_v1.3.03.jar
sudo iptables -t nat -D OUTPUT -p tcp --dport 80 -m owner \
--uid-owner evgeny -j REDIRECT --to-port 8080

An nice advantage of the burp proxy over fiddler is that developer can choose to modify the request on-the-fly. Now I have something to brag about to all fiddler-wielding windows losers :) .


Mohit Thakral said...

and how to reset it back to normal mode where it is not being routed to 8080

Arie Skliarouk said...

The second iptables command in the post deletes the redirection rule. If you put all three commands in the same script and exit burp gratefully, the deletion will happen automatically.

You can also use this wrapper script to set up redirection, run burp and clean up afterwards: run_burp.sh