Pan Ziyue asked:
I have a Linux Mint VM that I spun up as a transparent proxy for iOS devices. My intention is to tunnel all traffic from the iOS device through the VM and intercept it with Burp Suite, as an application I’m analyzing does not respect system proxy settings (the app is written in Xamarin).
Previous guides in making a transparent proxy required a PPTP VPN, which is no longer supported by iOS 10 and above. I tried making an OpenVPN server on the VM and the iptables rules are as follows (loosely based on the guide above):
iptables -t nat -A PREROUTING -i tun0 -p tcp --dport 80 -j REDIRECT --to-port 8080 iptables -t nat -A PREROUTING -i tun0 -p tcp --dport 443 -j REDIRECT --to-port 8080 iptables -t nat -A POSTROUTING -s 10.8.0.0/8 -o enp0s3 -j MASQUERADE
Some context for the rules above:
enp0s3 is my VM’s bridged adapter,
tun0 is the default OpenVPN interface.
The problem is that the VPN only works when the
PREROUTING rules do not exist. If I add in the
PREROUTING rules to iptables, the client can’t connect to any webpage on the Internet (but is curiously able to connect to local web servers within the network).
Another solution I tried which did not work is:
iptables -t nat -A PREROUTING --source 10.0.0.0/8 -p tcp -m tcp --dport 80 -j DNAT --to 127.0.0.1:8080
Is there a way to forward/redirect traffic from OpenVPN (or indeed any other modern VPN such as L2TP over IPSec, Cisco IPSec) to Burp Suite for traffic analysis, or am I out of luck?
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.