作为透明代理的MITMf？

Question

是否可以使用MITMf作为透明代理进行嗅探？如果我连接到这个代理，我会希望看到我的真实IP，而不是服务器IP。如果可能的话，我该怎么做？我找到了这个文件"ClientRequest.py“，但我不知道python。也许有人能帮我设置代理，而不是编辑标题？

class ClientRequest(Request):

    ''' This class represents incoming client requests and is essentially where
    the magic begins.  Here we remove the client headers we dont like, and then
    respond with either favicon spoofing, session denial, or proxy through HTTP
    or SSL to the server.
    '''

    def __init__(self, channel, queued, reactor=reactor):
        Request.__init__(self, channel, queued)
        self.reactor       = reactor
        self.urlMonitor    = URLMonitor.getInstance()
        self.cookieCleaner = CookieCleaner.getInstance()
        self.dnsCache      = DnsCache.getInstance()
        #self.uniqueId      = random.randint(0, 10000)

    def cleanHeaders(self):
        headers = self.getAllHeaders().copy()

        if 'accept-encoding' in headers:
             del headers['accept-encoding']
             log.debug("[ClientRequest] Zapped encoding")

        if 'if-modified-since' in headers:
            del headers['if-modified-since']

        if 'cache-control' in headers:
            del headers['cache-control']

        if 'host' in headers:
            try:
                for entry in self.urlMonitor.cookies[self.urlMonitor.hijack_client]:
                    if headers['host'] == entry['host']:
                        log.info("Hijacking session for host: {}".format(headers['host']))
                        headers['cookie'] = entry['cookie']
            except KeyError:
                log.error("No captured sessions (yet) from {}".format(self.urlMonitor.hijack_client))

        return headers

    def getPathFromUri(self):
        if (self.uri.find("http://") == 0):
            index = self.uri.find('/', 7)
            return self.uri[index:]

        return self.uri   

    def handleHostResolvedSuccess(self, address):
        log.debug("[ClientRequest] Resolved host successfully: {} -> {}".format(self.getHeader('host'), address))
        host              = self.getHeader("host")
        headers           = self.cleanHeaders()
        client            = self.getClientIP()
        path              = self.getPathFromUri()
        url               = 'http://' + host + path
        self.uri = url # set URI to absolute

        if self.content:
            self.content.seek(0,0)

        postData = self.content.read()

        hostparts = host.split(':')
        self.dnsCache.cacheResolution(hostparts[0], address)

        if (not self.cookieCleaner.isClean(self.method, client, host, headers)):
            log.debug("[ClientRequest] Sending expired cookies")
            self.sendExpiredCookies(host, path, self.cookieCleaner.getExpireHeaders(self.method, client, host, headers, path))

        elif self.urlMonitor.isSecureLink(client, url):
            log.debug("[ClientRequest] Sending request via SSL ({})".format((client,url)))
            self.proxyViaSSL(address, self.method, path, postData, headers, self.urlMonitor.getSecurePort(client, url))

        else:
            log.debug("[ClientRequest] Sending request via HTTP")
            #self.proxyViaHTTP(address, self.method, path, postData, headers)
            port = 80
            if len(hostparts) > 1:
                port = int(hostparts[1])

            self.proxyViaHTTP(address, self.method, path, postData, headers, port)

    def handleHostResolvedError(self, error):
        log.debug("[ClientRequest] Host resolution error: {}".format(error))
        try:
            self.finish()
        except:
            pass

    def resolveHost(self, host):
        address = self.dnsCache.getCachedAddress(host)

        if address != None:
            log.debug("[ClientRequest] Host cached: {} {}".format(host, address))
            return defer.succeed(address)
        else:
            return reactor.resolve(host)

    def process(self):
        log.debug("[ClientRequest] Resolving host: {}".format(self.getHeader('host')))
        host = self.getHeader('host').split(":")[0]              

        deferred = self.resolveHost(host)
        deferred.addCallback(self.handleHostResolvedSuccess)
        deferred.addErrback(self.handleHostResolvedError)

    def proxyViaHTTP(self, host, method, path, postData, headers, port):
        connectionFactory          = ServerConnectionFactory(method, path, postData, headers, self)
        connectionFactory.protocol = ServerConnection
        #self.reactor.connectTCP(host, 80, connectionFactory)
        self.reactor.connectTCP(host, port, connectionFactory)

    def proxyViaSSL(self, host, method, path, postData, headers, port):
        clientContextFactory       = ssl.ClientContextFactory()
        connectionFactory          = ServerConnectionFactory(method, path, postData, headers, self)
        connectionFactory.protocol = SSLServerConnection
        self.reactor.connectSSL(host, port, connectionFactory, clientContextFactory)

    def sendExpiredCookies(self, host, path, expireHeaders):
        self.setResponseCode(302, "Moved")
        self.setHeader("Connection", "close")
        self.setHeader("Location", "http://" + host + path)

        for header in expireHeaders:
            self.setHeader("Set-Cookie", header)

        self.finish()        

Answer 1

根据这问题的答案，答案是两个原则的问题：

1. 代理配置。您可以将代理设置为不编辑标题，特别是X-Forwarded-For和X-Client-IP等字段。
2. 客户端修改。许多透明代理将允许SSL通信通过而无需代理，因为代理SSL连接需要欺骗certificates.，因此SSL地址是“真实的”IP，而非SSL地址是代理的地址。

Answer 2

它不能，一个透明的代理或多或少是一种语言滥用，它对最终用户是透明的，因为它不需要在最终用户部分上进行配置(工作站只是处理正常的请求)。

要使代理工作，它必须拦截流，它将结束工作站流并代表客户端发出请求。源地址将是远程服务器的代理地址。(一些防火墙将对不正确的明文流量进行带外分析，但通常是“脆弱的”，而且仅限于明文)

对于SSL请求的分析，防火墙将终止流程，它将呈现一个与站点匹配的证书，主要是签署一个具有相同主题和可选名称的新证书，但由自己签发。

因此，工作站将ssl与防火墙通信，防火墙将ssl与远程站点通信。通常(透明性)防火墙授权将是自签名/企业CA，因此任何失控的工作站(来宾)都会知道有一个MITM。

但是，没有什么能阻止他们使用“一般”可信证书(这只是一个钱的问题，以获得正确的证书)。

您的python代码充当“经典”代理，工作站连接到它，程序向远程站点发出请求，将答案传递回原始工作站。

TL;Dr:中间的人，作为名称状态，在通信的中间，因此远程服务器所看到的IP将是代理公共IP (可以是防火墙在路由链后面进行NAT的公共IP )。