I am currently trying to perform MiTM attack on a target IoT device (192.168.0.10) which does not provide any means to manually setup network related parameters.
The attacker is a VM hosted on my PC, using bridge mode to get its IP address (192.168.0.3).
I setup burpsuite on the VM and have it listen to 0.0.0.0:8080
, with invisible proxying
enabled.
Then, I set iptables -t nat -I PREROUTING -p tcp -s 192.168.0.10 -j DNAT --to-destination 192.168.0.3:8080
on the Wi-Fi router (192.168.0.1). This should send all tcp traffic from victim to my attacker VM.
Here's the problem I met:
The victim
RST
its tcp connection right after attacker respondedSYN, ACK
during tcp handshake. Not even getting to the stage of certificate validation.From a pcap captured on attacker VM, it seems while
victim
is trying to contact a WAN IP address (say, 8.8.8.8), it got tcp handshake response fromattacker VM
(192.168.0.3). So the routers seems to not be masquerading reponse IP address and this may be what's making victim toRST
the connection.
I'm not sure if I'm seeing this behavior because I'm capturing packets on a bridge network, and the victim actually sees response from 8.8.8.8, or it actually sees response from attacker.
The way I'm performing this MiTM test is probably less then ideal. I have very little experience in networking, so please let me know what is the proper way to set things up!