Changed trojan
David Woodhouse
dwmw2 at infradead.org
Wed Dec 7 10:12:06 EST 2011
On Tue, 2011-12-06 at 23:30 +0100, Adam Piątyszek wrote:
> > Use mitmproxy: http://mitmproxy.org/
> >
> > Edit /etc/hosts on your VPN client host, so that it has the address of
> > the machine on which you run mitmproxy, for the VPN server's hostname.
> >
> > Then when you connect it'll actually connect to mitmproxy, and mitmproxy
> > will see the Host: header in the request and pass the traffic on to the
> > real VPN server.
>
> Can I do this using one host (my laptop)?
>
> I am trying to run mitmproxy on 443 port, but when I set 127.0.0.1 in
> /etc/hosts to the name of the VPN server, it just can't connect. I also
> see nothing in mitmproxy window.
Hm, if you've edited /etc/hosts to set 127.0.0.1 as the address of your
VPN server (to trick AnyConnect), then that is *also* going to trick
mitimproxy, and it won't be able to talk to the real server.
If you want to do this on the same box, you have to fix that. Perhaps by
running mitmproxy (or AnyConnect) in a chroot so it gets to see a
*different* /etc/hosts file. Or in a different network namespace, which
is probably harder.
--
dwmw2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5818 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20111207/4575fa75/attachment.bin>
More information about the openconnect-devel
mailing list