Redirecting OpenVPN traffic to Burp Suite

Pan Ziyue asked:

I have a Linux Mint VM that I spun up as a transparent proxy for iOS devices. My intention is to tunnel all traffic from the iOS device through the VM and intercept it with Burp Suite, as an application I’m analyzing does not respect system proxy settings (the app is written in Xamarin).

Previous guides in making a transparent proxy required a PPTP VPN, which is no longer supported by iOS 10 and above. I tried making an OpenVPN server on the VM and the iptables rules are as follows (loosely based on the guide above):

iptables -t nat -A PREROUTING -i tun0 -p tcp --dport 80 -j REDIRECT --to-port 8080
iptables -t nat -A PREROUTING -i tun0 -p tcp --dport 443 -j REDIRECT --to-port 8080
iptables -t nat -A POSTROUTING -s 10.8.0.0/8 -o enp0s3 -j MASQUERADE

Some context for the rules above: enp0s3 is my VM’s bridged adapter, tun0 is the default OpenVPN interface.

The problem is that the VPN only works when the PREROUTING rules do not exist. If I add in the PREROUTING rules to iptables, the client can’t connect to any webpage on the Internet (but is curiously able to connect to local web servers within the network).

Another solution I tried which did not work is:

iptables -t nat -A PREROUTING --source 10.0.0.0/8 -p tcp -m tcp --dport 80 -j DNAT --to 127.0.0.1:8080

Is there a way to forward/redirect traffic from OpenVPN (or indeed any other modern VPN such as L2TP over IPSec, Cisco IPSec) to Burp Suite for traffic analysis, or am I out of luck?

My answer:


You need to enable the option ‘Support invisible proxying’ in Burp’s options.

Burp options request handling


View the full question and any other answers on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.