Use openwrt and Fiddler to decrypt HTTPs message for device which cannot configure HTTP proxy

wang70880 · December 19, 2020, 7:07am

Rencently I want to use Fiddler to capture the HTTPs traffic from my IoT device to the device cloud. I have an openWRT router and my network topology is like the following.

The problem comes: The IoT Device cannot be accessed, and we cannot set up http proxy on the device. Can we do something on openWRT such that we can set proxy in the router level, instead of the device level?
MY FAILED TRY : I have searched for two days, and I found the transparent proxy configuration on openwrt-tinyproxy. I tried like the following.

frollic · December 19, 2020, 7:38am

If you have two ethernet ports available, I'd put the PC between the device and the router.

Also depending on what you want to capture, wireshark might be a better option

You could also install cloudshark to analyze the data online.

The free/evaluation account works for 30 days.

eduperez · December 19, 2020, 10:11am

HTTPS traffic cannot be captured, or it would not be HTTPS, unless you install your certificates on the device.

peternikolow · December 19, 2020, 10:25pm

You can't with this configuration.

You need least 2nd router and PC with 2 LANs. Then your setup will be like:
Internet <---> Router 1 (main router) <---> PC <---> Router 2 <---> IoT

This will allow you to see every single bit that passed between IoT and Internet.

wang70880 · December 20, 2020, 3:03am

I guess then we need to configure a DNS server on PC so that the hub can access to network normally, right?

wang70880 · December 20, 2020, 3:04am

Yes that is what I want to do. I want to replace the certificates in hub. But the first thing I want to make sure is that Fiddler on my PC can capture the encrypted traffic, and this is my question: How to?

wang70880 · December 20, 2020, 3:04am

Why do I need two routers?

peternikolow · December 20, 2020, 9:11am

Actually it can be only one router but dependent from your PC features.

For example on mine Mac i can run with only one because Mac can become router with Ethernet to Wifi. And there i use "Charles" that is doing similar as Fiddler.

On Windows you can use Internet Connection Sharing and your PC to become router too.

Because it's extremely important to catch and log everything that IoT do on the internet.

frollic · December 20, 2020, 9:24am

No,

Since your device have to be able to access internet anyway, the DNS calls will go the same route as the internet traffic.

Another option is to find an old network hub, they send all received data to all devices connected to it.

So whatever data your IoT device is sending, will also be sent to the port of the device runnit fiddler.

Is your IoT device wireless or wired?

Lucky1 · December 20, 2020, 12:18pm

you don't need to find an old hub as most openwrt routers have options in the switch config
to Enable mirroring of incoming & outgoing packets directed to another port

frollic · December 20, 2020, 1:14pm

Cool, I wasn't aware of that, sweet solution

wang70880 · December 21, 2020, 1:14am

Could you please show me some tutorial links or videos? I also have a question.

What do you mean by mirroring? It seems like this config copies the network traffic and send to Fiddler, instead of intercepting. Am I wrong?

wang70880 · December 21, 2020, 1:16am

Thanks for your kind advice! According to your suggestion, I think I can

Wire my PC and my IoT device using ethernet first.
Connect my PC to my router through WiFi.

Since on PC, Fiddler proxy has been running on localhost:8888, what I only need to do is to redirect the network traffic from the ethernet to port 8888.

Am I correct?

peternikolow · December 21, 2020, 2:31am

Almost:

wang70880 · December 21, 2020, 3:02am

Actually I have tried this. This method is to

configure a port forwarding to first send device traffic to the Fiddler.
Set NAT rules to further forward Fiddler traffic to the router.

But somehow when I finished configuring them on openWRT, I cannot see any traffic on Fiddler, which I kept monitoring. It seems like that all packets are directly flowed to the router, instead of the PC running Fiddler.

Lucky1 · December 21, 2020, 5:10am

the mirroring of incoming & outgoing is instead of using an old hub
I use it to capture the conversation between 2 devices for debugging
I use wire shark to capture and filter the conversation
I think you are more wanting man in the middle rather then just spying

peternikolow · December 21, 2020, 9:53am

Then maybe packets isn't HTTP/HTTPS.

For example they may using UDP or TCP on different ports like 8080 or 88.

wang70880 · December 21, 2020, 10:12am

Hi Peter, I am stilling reviewing your previous proposal. You propose a network topology as the following:

IoT Device <---ethernet---> PC(Windows) <---WiFi---> Router

I have the following questions.

Shoud I configure a DHCP server on my Windows? Otherwise the IoT device cannot get ip address.
How to forward the ethernet traffic to the router? You said Internet Connection Sharing. Is this the method?

wang70880 · December 21, 2020, 10:24am

Peter I just tried Network Connection Sharing and it works. Windows automaticlly allocated an ip to the IoT device, and my IoT device can access to network normally.
But it seems that I need to figure out how to redirect the ethernet traffic to my Fiddler's port, which is 8888. Otherwise Fiddler cannot intercept and capture the traffic from IoT device.

peternikolow · December 21, 2020, 10:38am

@wang70880 - now after you run this then get a "Wireshark" and inspect what's going on on your interface that's connected to IoT device.

Fiddler is great tool! But it's a tiny fraction of what's Wireshark can do!