Hello, I been trying to set up mitmproxy to monitor qube connections. I’ve followed this guide but im stuck on the iptable part
# <ins>Sys-mitm</ins>
A man-in-the-middle Qube for your traffic analysis needs.
Sys-mitm uses "mitmproxy" on a standalone qube to act as a middleman between your sys-firewall (or sys-vpn) qube and your untrusted qube. Setting this up is incredibly simple too:
-----
- Create a qube:
- Sys-mitm, standalone, provides network, based on fedora, no disposable template
<br>
- Install [mitmproxy](https://github.com/mitmproxy/mitmproxy):
- Download the latest archive & extract it, **or** build it from source.
<br>
show original
sudo iptables -t nat -A PR-QBS -i vif+ -p tcp --dport 80 -j REDIRECT --to-port 8080
sudo iptables -t nat -A PR-QBS -i vif+ -p tcp --dport 443 -j REDIRECT --to-port 8080
sudo iptables -t filter -I INPUT -i vif+ -p tcp -m tcp --dport 8080 -j ACCEPT
I have mitmproxy installed but i cant use iptables and i don’t know how to do it properly with nft rules. So how could i go about setting this up?
2 Likes
I’m very new with nftables too and maybe someone who actually understands something can help but in a meanwhile it might go something like this:
sudo nft add chain qubes nat { type nat hook prerouting priority dstnat; }
1 Like
unman
February 13, 2025, 12:57pm
3
#!/usr/sbin/nft -f
add table mitm
add chain mitm mitm { type nat hook prerouting priority -190 ; }
add rule mitm mitm tcp dport { http, https } counter redirect to :8080
add rule qubes custom-input tcp dport 8080 counter accept
Save this as mitm.nft, make it executable.
1 Like
How would i run it in terminal? also do i add both http ports in the brackets {80,443}?
1 Like
Alright its working now thanks. How can i make the script automatic every time i start the netvm(sys-mitm)
1 Like