JHT Livestream: mitmproxy & OpenWRT to read HTTPS traffic!
Skills:
Network Security90%
Key Takeaways
Using mitmproxy and OpenWRT to read HTTPS traffic for cybersecurity analysis
Full Transcript
Hello everybody. Quick check. Quick heartbeat. Quick moment to pass. To double check and make sure we're live. >> [laughter] >> Hey, for everybody that's following along, you know, we've been having a whole lot of fun over here. Um I keep bouncing back and forth between our live stream solution and I have been going in and out of between Riverside and Restream and all the different ways to hey, get the cool multicast capability out and about and I normally like to kick off our just hacking training live streams a little bit more JHT focused with our sizzle reel. Sweet little hype video to be able to get everybody ready, but I didn't have that this time and it's just kind of me. It's just me with a cold intro. But I got to tell you everybody, uh I'm running around a little bit frantic. There's been a lot going on. I don't know about you, but it's a busy week. I'm chasing some blue hammer red sun undefend shenanigans. We're tracking uh-oh still some more chit-chat conversations chirping around the Axios NPM supply chain. Hey, we're still trying to juggle, do whatever we can for some other reports. Codex kind of looking like malware here and there. Some sweet incidents that are over there for hunters for me on the day job, but I know that's not the focus of today's live stream and show. Today really shining the spotlight on JHT, just hacking training. I always appreciate these live streams because they give me an excuse to kind of talk shop, tell you all the awesome sweet stuff that we're up to, celebrate everything that we're doing because this whole endeavor, this whole mission, this whole just hacking training idea was to really scale and grow and make this a bigger initiative to really get education and training and awareness and like hands-on practical application-based learning for a whole lot of cybersecurity in red team and blue team and dark web and active directory and all the different parts and pieces but make it bigger. Make it bigger than me. Cuz I do the silly YouTube channel thing every now and again. But that's only at okay, the pace of just me. But we're able to tag team with some incredible other industry titans, our all-stars, the cohort and cadre of great people that make some great training courses, exercises and activities and upskill challenges totally for free that we'll be able to dive into. So anyway, I'm sorry. I'm spinning. I'm rambling a little bit. You know, I had to figure out the intro cuz we have a lot to do today. We did want to get hands-on keyboard. I do want to walk us through an exercise, but you know, if you've tuned into these live streams before, we do these just about every other week. We do the first week of the month where we release new courses, new ticket items to be able to oh, learn a little bit more in that structured curriculum carried way. And the third week of the month when we do live streams just like this one, we get to talk about even more of the free, accessible, immediately available to anyone that wants to you dive in, some of those exercises and challenges and our hack-along activities. So let's keep talking about this thing though because I alluded to the very beginning when I got to first go live and hang out with you all here. I did say I'm a little bit stressed. >> [laughter] >> Let me pull up my screen share super quick. I'm hoping that you're able to actually see this thing and let me try to DJ live to make sure this looks good. Fingers crossed I can bring that up and I'm hoping I can keep myself tucked away in the little bottom corner here. I'm over here at just hacking.com. This is HQ. This is home base. You know, this is where the party starts, but I'm juggling too much stuff. I'm a little bit stressed. I don't know if you are too just as well. We had taxes come up pretty quick this time around and there's just too much going on. So look, one thing, a couple different things. I really wanted to give a shout-out to a great teammate and co-worker here, friend and fellow with us, Akil, who made a phenomenal blog post that is a little bit more, I don't know, mental health oriented. You know, really just kind of leaning into the fact that hey, sometimes the impostor syndrome strikes. Sometimes the burnout strikes. The stress of everything that we're up to can get in the way from what we're trying to do for our mission. So Akil put out a phenomenal blog post that is really just kind of a breath of fresh air where you're kind of changing your mindset, thinking through some of those restoration techniques. I think a very, very cool perspective and I am not going to get this name right. So forgive me, but Pratapash Pratap Aksha Bhavana? I love it. And genuinely again, just a good kind of reminder of what we should be doing, what we're oriented towards. So if you'd like that breath of fresh air, something to save you from a little bit of the stress, I hope you go take a look at that and really want to give big, big love and shout-out to Akil. Thank you so much for helping us on that front. And I was alluding to taxes. >> [laughter] >> Cuz I've been chasing that conundrum. I don't know if you have to, but maybe forgive me a little bit of self-serving. I don't know. We thought we could have some fun for April 15th. We know that's tax day. Look, if you are kind of eyeing a couple things on the shelf over at just hacking.com, we got a sweet cutesy little tax day 15 discount code for you to snag anything you that you would like 15% off and exclude some of the already discounted items like a couple of the bundles or some more things that we'll have out and about. But for the rest of the month, we'll be hyping up and really I hope you're excited about it too. 15% off for a lot of the material there with the code tax day 15. Really hope you were tuning in to that. Big shout-out. Big fun. And I tee that up because one of the things that we help showcase and release the very start of the month, you know, the first week of April when we were releasing some new courses and curriculum, Anton. Oh, I love Anton to death, man. He's just so good. He's so cool. He's so He's so smart and he's a genius and he has built and he's put this entire cinematic universe together really with Constructing Defense and his great capability to have a real hands-on learning lab for blue team, for red team to build out a whole lab environment in Cyber Range for Windows, for Linux, for Kubernetes, for Azure, for AWS. It's just so, so cool and so good. But he's took that even further by sprinkling in a little bit of AI and even has this sweet new offshoot offering for AI cyber defense where you could use even the platform, even the range, everything that Constructing Defense offers, but then start to build out your own tooling with Claude, with MCP servers, with skills and hooks and all the sweet stuff you can do with AI. So we've had a lot of fun screaming and shouting about this one because my goodness, Anton's a genius and it's just such a cool, good current course, especially in the age of AI and the era for the world that we're in right now. I do hope you give that some love. But anyway, I think I've I don't know, did I burn like 10 minutes or so? Oh, not even. This is great. >> [laughter] >> I guess I didn't even go through the spiel. Yes, this is being recorded. Yes, you can catch our live streams. Yes, it's on demand on the YouTube, on LinkedIn, on Twitter and all the things. Yada yada yada. But you all know you can track those down at all of the kind of navigations here on just hacking.com. But the focus today, the plan was to shine the spotlight and give some love onto the totally free upskill challenges. Now for folks that aren't aware, upskill challenges are meant to be a bit more simple, bite-size, digestible content education for you that is only about 10 to 30 minutes of student time, a little bit more something to read, something to get the concept for, understand, expose yourself to new technologies. And these don't usually have a full virtual machine or lab environment or like a range that you can spin up. We've got some exceptions to that with what we call the extended upskill challenges, but these on their own are just great because they are introducing you to so many cool, exciting new things. We're talking about maybe some maritime hacking. I know we've got some NEMA 2000 stuff in the works. We're talking about home labs. We're talking a little bit about IoT work where you can use QEMU, emulate some different devices, Nessus, Metasploit, PowerShell. So, so much good stuff in the upskill challenge direction. So I hope you do take a look. But there are a couple that I wanted to really zoom in on cuz the one that we're soaked and excited to release is from Eric, Eric Kron, and he's put out a whole new upskill challenge on 3D printing. Which is awesome because that's something that I really wanted to get a little bit smarter and sharper on and happy to learn from Eric and kind of have a little bit more of a walk-through guided hand-holding introduction to how we could get into some sweet 3D printing and maybe that turns into a passion project just for you. Maybe you're in the same boat. I think it's cool. I'm pretty happy about it. But I'm teeing this up again because the upskill challenges and as I mentioned the upskill challenge extended or UCX in our sweet acronym has been what we've been able to bring to a lot of the different events that we've been going to this year so that we have a hands-on in-person like laptops at the table you get to sit down and you get to play along. This has been a real treat to hey help support and be with the IoT Village. We know we have been trying to ride along with them fly under their wing for all the awesome stuff that they're up to but I was a mentioning hey we got to bring this to RSA we got to bring this to B-Sides San Francisco and we're just so so grateful to be able to have a little bit more of a presence there. But when we get on to the laptop when we get on keyboard there are a couple of those cyber range activities that we've been able to bring to the forefront. Matt Earnswender we've had him on the YouTube channel before we've had him as part of a just hacking training live stream. He has been a absolute blessing and that he's helped prepare a lot of those hands-on labs for our work in last year's activities. And Eric Crone forgive me I just saw that put together another voice in the back of my head post-production. I wanted to make sure I got Eric's name right. So so grateful for his support. Matt has been great and he has also shared some new upskill challenge extended for us. Additionally Andrew Bellini oh I'm so so happy we've got Andrew joining the party. He had put together some work with QEMU and I think we'll get him for a live stream soon. Not to kiss and tell not to spill or leak anything that we're cooking up but I think we have some really good new ideas as to how we could blend some more of the on the embedded devices activity for more red team exploit development kind of malware aspects but I'm glad he's laying the foundation and building this out with how we could work with those devices to start with. So I teed all that up to say the real show for today. You probably saw it in the thumbnail you probably saw it in the graphic or image if that's how you jumped in. I wanted to walk through and do some of the just hacking material for this man in the middle proxy or encryption focused upskill challenge. Again this is totally free with the upskill challenge extended that includes a virtual machine and a lab environment for us to play with. You got to keep in mind look that's cloud compute hosting so it costs a penny. You know that is a something that we got to help foot the bill for so if you are really loving what we're up to and you did want to support the initiative and everything that we're doing here these are name your price if you wanted to crank that up to a suggested price of five but you can turn it all the way down to zero if you'd like it. But I thought it'd be fun to go play and do some of this just hacking work with this upskill challenge because that's how I try to get rid of some stress. >> [laughter] >> As that's what we're driving towards today the theme of this month and this week but let's get to it. You can go track these down on the learn.justhacking.com website snag any of the other bundles snag anything that sounds interesting and exciting to you 3D printing of course but I do want to get some of the upskill challenges up and running for our encryption. What encryption? Using man in the middle proxy to get in between HTTPS and TLS traffic. Look I'm just scrolling. Look at all these stuff we all the things that we have now. It's so cool to see this grow and I'm so grateful for all your support. Let's get to it. Encryption upskill challenge I'm going to bring us into the environment and let's live learn tiptoe tap dance together. You guys ready? You all good? Is audio okay? Is video sounding okay? Am I talking too fast? Am I spinning out? Keep me honest here. This is when we get to the fun stuff. So a reminder this is what we would bring to some of the live in-person events. We wanted to make sure that these were available on demand so that you have them at home online and you're able to interact and play with them just as well yourself. But let's do it. Let's try to go through it together. So in this upskill challenge or extended upskill challenge we'll learn to use man in the middle proxy to intercept and inspect encrypted HTTPS traffic being sent from maybe just a couple IoT devices Internet of Things. So we'll actually build this with OpenWrt and have that as a router sitting in between so we are actually able to have the traffic like you might be used to seeing in Wireshark for some CTF challenge. You probably seen it you get communication back and forth from the client and the server you follow the TCP stream but you can't just as easily see it when it's HTTPS when it's encrypted right? So we really lean towards HTTP just plain text back and forth in that CTF space but this could give us some really cool superpowers and I wanted to walk you through how we could do it. But because this takes a virtual machine we will want to go ahead and launch that. I want to make sure I press start and we'll give this thing plenty of time to be able to get up and running and then we will have a Kali Linux VM for us to be able to interact with. But first let's get a little bit of theory out of the way. This is some of the background knowledge to really understand a little bit more. What we do obviously on the internet is use HTTP as the main form of communication. And let me zoom in a little bit so hopefully you can see this a bit better. Internet of Things devices just as easily use HTTP but that is plain text when it's just raw HTTP no S added at the end. So came along HTTPS but the way that that happens is with some certificates with some proof that you are who you say you are at least a little hey my name is proving and validating the authority of the server that you're communicating with. That means there's some TLS handshake and they end up going through these with these specific X.509 or X.509 certificates. I might have to flashbang us every now and again if we jump into light mode because maybe a couple of these don't quite have the lines that we want to see quite as easily. So I'll count it in I'll give us a warning before we switch from dark mode to light mode. Everybody ready? Everybody with me? A three two one oh I know that hurts. Now you can see the arrows right? The 509 certificate is going to be coming up with a public key or a private key and how they build out a certificate authority. Let's go back to dark mode so us vampires can survive. The certificate authority signs the certificate with the private key and then distributes the signed certificate along with the public key. That certificate is typically bundled inside of operating systems or web browsers. So if we put together our own OpenWrt environment and we just have it sort of sitting in between us with the certificate that we declare we create then we could actually look in between some of the traffic and data there. Client systems or software will then be contributed excuse me configured to trust the certificate as a valid authority for network communications. That is at a high level cruising through just the process here. We know the TLS handshake tends to happen but if we sat in the middle of it hence literally a man in the middle proxy we could go ahead and do that. They actually have a whole lot of other tools inside of their suite man in the middle web man in the middle dump and this is actually extremely valuable because if you're investigating some activity with embedded devices or Internet of Things hardware and then software that it rides right? You can kind of understand exactly what's happening and even if you're doing some like malware analysis or if you're doing some investigations or triage or any of that work what's to stop you from just trying to see hey what is actually being sent over to a command and control server. I know it's encrypted on the wire by default but what if we sat in the middle of it? I wonder if we could. So the way that we do this is with a little bit of QEMU little bit of virtualization but ultimately emulation because we can emulate OpenWrt like an open router right? We'll put that inside of our Kali Linux VM and there are a lot of ways to do this. Um there is a big command here where we could just kind of press the easy button say I believe and then just slap in hey all the settings and configurations here but we do break down what each of these flags and switches and parameters and arguments really mean. I know that command on its own might look a little bit overwhelming but they talk about how we're emulating it with the certain kind of CPU little bit to determine some of the memory usage how much RAM or CPU we're allocating and then truly a bin file that you could provide as like the kernel. OpenWrt uses Linux and that version of Linux is compiled for that sort of architecture. You set up some virtual devices you add in some other driver capability arrangements and then you build this all together so that the QEMU guest could actually work on the internet or as part of the network. I'm going to press the I believe button. I got to be honest cuz I know we're in a hour live stream and I've already cooked about 20 minutes. But, if you want to learn a little bit more about QEMU and some of that emulation and cool virtualization efforts you can do, big shout out Andrew Bellini. Again, he has a dedicated upskill challenge and activity for you to be able to play with it, learn from it, and actually spin up an emulator with QEMU. All important there. But, let's go do the thing. I think I have Kali Linux up and running now. Let me try to connect to it, see if it opens up in the browser. I will let this uh have my clipboard back and forth, but the way that we connect to these virtual machines in the web browser is riding off of Apache Guacamole. So, maybe some nerds and geeks are super familiar with that technology. And I want to be straight up. I know the browser-based access, browser-based labs isn't for everybody. And I say that because I am watching it and I am giving it time to catch up because sometimes it can be just a little sluggish in the display here. So, I'm going to bounce back and forth between this virtual machine and the instructions in the lab itself and we'll use that quick and easy copy and paste to be able to work with it. But, I was mentioning so much about the browser-based labs because one of the things that I really, really emphasized, begged to make sure that we got into the platform was VPN access. So, if you wanted to, you can just download the VPN certificate much like other Cyber Range labs you're probably used to out on the internet and then SSH and then RDP and then connect to it with a little bit more way without the browser getting in your way. So, let me see if I can get to the next lesson here and really do our man-in-the-middle proxy. Another bad image in dark mode, we're missing our arrows here, but you know what we're trying to achieve here. We have a Kali Linux desktop environment with a virtual network set up that can emulate this router. Emulation is done by QEMU and we actually all have this buttoned up, smoothed over, and streamlined for you. So, we'll be able to have some machine traffic already be forwarded to man-in-the-middle proxy and then be able to intercept that for us. Now, you can run man-in-the-middle proxy in sort of different proxy modes and these allow for capturing the network traffic in however way that you might configure it. What we're going to do is use the transparent proxy mode, but we've kind of helped speed run, streamline, make sure that's up and running for you just so we have the learning environment. But, if have all of these linked, so if you wanted to go a little bit further and dive into the weeds even deeper, you wanted to try and spin this up, build all of the things start to finish, hopefully you've got some guidance and references there. So, we've spun up Kali Linux and we wanted to make sure we had that ready for us. I'm going to have to disk jockey back and forth between our interface here, but that should look good for us now that I have a terminal up and running. I think that was our very first step. If you look back at the instructions here, we want to make sure this is guided, we want to make sure we're hand-holding so that you're able to look through each and every click this, type this, do what you need to do. So, easy peasy. We just start man-in-the-middle proxy. It's already installed and it's already ready for us. What happens is it's going to throw you at maybe an interface that you're not used to in your terminal. So, we will probably just let it start up to create its own cache and credential like at least configuration directory inside of our home directory in our home folder on Linux. But, then we can close out of it and then try to stage the rest of the environment. We just want to let it initialize for the first time running to create its dot man-in-the-middle proxy folder. Yeah? All right. Can I full screen this a bit better? I'm getting my terminal and not the uh window. >> [laughter] >> That's okay. We'll keep it going. So, let me run MITM proxy. And thank you everybody for bearing with me. I know as we do these things live, it's always a frenzy. But, we're so, so grateful for the Just Hacking training account throwing around some links in the chat helping hype up the Tax Day coupon code. So, here we are in the interface, right? Man-in-the-middle proxy opens, but I got to be honest, we don't really even need to care what's happening inside of this terminal right now. It gave us the instructions. Hey, we just wanted to let this thing start, let it run, but then I'll hit Q on my keyboard. You can see here down below in the very left, do you want to quit, yes or no? I'll enter the letter Y to quit out. Now, inside of the directory, if I run LS, you're not going to see those hidden folders like a dot prefix for some of the specific sort of local cache data or configuration locations. So, I'll need to use LS {dash} LA to list all in a long format and now I think, scrolling up just a smidge, you might be able to see it there. Here's our man-in-the-middle proxy directory that has been created. So, we're looking good and we're ready to move on. Now that we have that set, we can get OpenW RT up and running. For the emulated OpenW RT router to trust the man-in-the-middle proxy server, the root certificate of the man-in-the-middle proxy server needs to be configured as a trusted certificate for OpenW RT. So, what we could do is have our man-in-the-middle proxy certificates then baked in to the OpenW RT image or instance we're giving to QEMU. And we're just talking it all together so these things work in harmony, right? Now, we saw the configuration and like folder and cache directory for man-in-the-middle proxy and we could actually go take a look in there for those certificates. Let me go do that. I'll hop back over to our terminal. Let me change directory into that man-in-the-middle proxy folder. And if I LS within here, take a look at all these certificate files. {dot}cer, {dot}pem, the usual file extensions for managing certificates. We need the {dot}pem. That is the root certificate in that PEM format. So, now we could stage it into OpenW RT. And we actually already have that set up on your desktop, at least the image base inside of the Kali Linux virtual machine for you. So, that's smoothed over and prepared. We can take a look, you might have seen it over here on the left-hand side. We have our OpenW RT image. Cool. And now let's go create a directory just on our desktop to sort of get the file system mounted so we can then put our man-in-the-middle proxy certificate inside of that image. Does that make sense? I'm going to copy this one. And then I'll jump back over there, CD into our desktop, make a new directory, and uh-oh, I might have already gotten that staged while I was prepping these things. So, let me clear my mess and we can start from a clean slate. Cooking show magic as you know we test these things ahead of time to make sure they work. >> [laughter] >> And then you trip over all your artifacts when you do it live. But, inside of our desktop, we now have the image file, the kernel bin, and the root file system directory staged. So, what we could do is actually take the image file itself and then mount it into that root file system directory that we just created. We'll use sudo to get root privileges to be able to do this. And I'm going to copy paste. Forgive me. I know you can hand jam for your learning, but for my quick turn and burn live stream, I just want to hey help make sure we can kind of see all this in action and I'll try and talk through everything that's exactly happening, right? I pressed enter and now you can see our root file system directory is kind of here all ready for us. If I jump into that directory, you should be able to see basically a Linux file system cuz that's exactly what this is, right? We're just staging Linux to be available for us, but we can manipulate and tweak those files to put our man-in-the-middle certificate inside of it. What we want to do is copy just those certificate files into the specific magic path so that it knows where and how to load them inside of OpenW RT. What we do is we change the file extension though from {dot}pem to {dot}crt because it intakes it in a different representation. I like the fact that we call this out. That is required in this scenario. So, while you copy, just regular Linux command to bring it into that location, take note of your file extensions here. That can let you keep cruising. Let's go put it in. We have absolute paths here because of our tilde indicating our home directory, man-in-the-middle proxy certificate file. And let me actually move out of the root FS directory because I can see the relative path there needed to be evaluated to be from our current location. Looking good? Everybody with me? Donezo. Press enter. That's all it takes. That's all we needed to do. If you want to go take a look inside of the directory now, you'll have the certificates present and all set for a man-in-the-middle CA certificate. And just for safekeeping, we can do some good old changing the permissions to make sure that's readable and set correctly. Uh I know folks are super familiar with the chmod command. I'm always running chmod plus X to make like a local script executable, but I promise I always forget like what's the octal what arrangement of 7546 whatever specific numbers or what users groups or everyone could add or subtract certain permissions. And I really like this one's going to stick with me. You know, a little mental memory there of ugo minus X. I don't know why. I don't know why that's just speaking to me. Uh maybe you'll remember that one a lot better than I do. ugo {dash} X could help remove a lot of those executable bits for a certificate just like that. So, let's go make sure we can uh cram that one in as well. So, the privileges permissions everything on that file is what man-in-the-middle proxy and OpenWRT really expects. chmod ugo ugo minus X Now we have to trust the certificate. We put it in place. We put it inside of the OpenWRT router, but we still kind of have to wire it up so that it uses it. I see a question coming through. Hey, are the certs unique? Why not ship the file system with the trusted cert? Ooh. So, I believe OpenWRT is going to have its certificate. I don't know. Forgive me if there actually is one immediately present and placed there, but because we are going to be using our like sidecar man-in-the-middle proxy solution, what we do is we take what our instance of man-in-the-middle proxy generated for us, super dynamic, super unique, super for how we're operating with it, and then we're putting that into OpenWRT in the router. So, it would it on its own wouldn't have shipped with what we wanted off the shelf. We are trying to put these two pieces together so they work in harmony. I hope I got that right. I I I hope that made sense. I see a couple realizations in the Yeah, oh, okay. Fingers crossed. We got to ask Matt in all reality. We got to get Matt Ernster to join the party here and help us learn from the real expert. I'm just happy to follow along with their incredible work. All kudos and credit to them. So, the way that we do this trusting the certificate step is really getting a symbolic link pointing to now the man-in-the-middle proxy cert. And it needs to have a very special name. It needs to apparently set with the first four bytes of the certificate subject name SHA1 hash with just an added {dot} zero special suffix added at the end. So, you can use the simple command with that X509 the sort of argument to delineate, hey, I want to manage and work with this kind of certificate. The OpenSSL command on Linux lets you manage that really easy. And you can just get the subject hash and kind of crank it out. We should be able to see the same sort of numbers and letters like a hexadecimal prefix or string that they give us in this image here. Let me do that. Pasting this in. Yep. 8BB0 E8D I know that's kind of one you just press the I believe button for, but you got to know that is how we wire this in, how we put the puzzle pieces together so that our router OpenWRT will now be able to trust the man-in-the-middle proxy certificate. We just got the value though right now. All we did from that command was just oh, printing out the start of what we needed to know. We actually need to put that symbolic link to point at our certificate in the appropriate directory. So, what we do is we jump into that directory, make sure we've calculated that hash, maybe even store that as a variable so that's quick and convenient for us on the command line, and then we use the ln {dash} s command to make a symbolic link. Slap it in. It's staged and that points to it exactly. If you wanted to go through that process again, you're welcome to hand jam, manual type out what you'd like there to get a little bit more muscle memory and learning. But those are the steps and that's what's important for us to wire that up. This is a quick easy copy paste blob. So, let me go bring this right here. And that should get that staged. Granted, I do already have that problem because I ran through this previously to test it. So, we could go ahead and remove that 8BB's current simlink right now. And I don't know if that's going to actually end up clobbering it itself. Uh we did sudo create that. So, the fact that that exists should be okay. But I do want to roll through the steps just to double-check and make sure I've got it all correct. Cleaned it up, put it there. Now it's working a little bit better. It is present. We can see it in the current directory. Let me use that ls {dash} la so we can see exactly that simlink is pointing to our certificate. So, I'm crossing my fingers. I'm not tripping us up. But I think we're in business. So, now we've manipulated enough of the OpenWRT router file system that the way we were able to do that, the way we were able to tweak and tune and put those in place was because we mounted it. But now we're in a position where we want to now run this virtual machine or emulate and start up the router, we're going to have to unmount it. I know a couple questions came live while we were at RSA and BSides San Francisco when we'd bring these exercises in person and people are asking like, why did we do that? Why did we mount it just to unmount it? Well, now you got to get it up and running after you've made those changes. So, easy peasy. Back on our desktop, we just umount to unmount that file system. Let's grab that one just as well for us. Get us back to our desktop. Take it out of play. And now our environment will be safe to be able to get OpenWRT up and running. Cool. And we're good with that section. OpenWRT is ready. Now we get to tie this to man-in-the-middle proxy. And we just got to get OpenWRT and our router up and running. So, what we've done is tried to make that big long lengthy dump of a QEMU syntax to get this thing up and running rather than you having to have to type that every single time is uh it might be best to capture that in a little bit of a script. And you might have seen the artifact on my machine already cuz again, I did kind of play test this to make sure it all worked okay. Make sure we had a good demo, some fireworks for you. But let's get a simple bash script like a {dot} sh file extension in Linux staged with this QEMU syntax so that way we have an easy invocation just to spin up and create our uh OpenWRT QEMU router here. So, I'm going to actually have cat command line to actually display output or even read in standard input, and I'm going to redirect that to this run.sh file that we create. And then I can paste in because it will be waiting for my input over and over and over again until I hit control D to stop it from processing. And then it'll just funnel it into that file for us. You could do the very same if you were like I don't know, opening up nano, opening up vim, opening up whatever text editor you really wanted to. But this keeps it easy so we'll just have less back and forth in kind of our I know maybe sometimes a little tough to work with browser-based lab. I want to go VPN, my friends. We got to SSH into this thing. But having the desktop environment is super duper valuable. So, I slapped in the syntax and I'm going to hit control D to break out of the cat command. And now inside of our desktop, we should have our run.sh file. If I cat that run.sh file, you can see it's the exact same script we just kind of copy and paste it in to capture and encapsulate that big long QEMU string just so we don't have to run it as much as we did. Just so we don't have to hand jam that every single time. We do want to make sure that is executable. So, I was alluding to that chmod +x. And that way, ooh, now you can run it. You can dot slash to run that script. And that should boot up our OpenWRT router. Let's try it. Let's see it in action. I'm crossing my fingers. I'm really hoping I got this all right for us. But, let me clear the screen. dot slash run.sh. Remember, I had previously ran the chmod +x to make that executable. But, we should now see, if we give it a little bit of time, it'll say, "Booting up the router. Starting QEMU. Doing our emulation." Oh, it's coming. It's on its way. It's happening. Now again, it might just throw a bunch of stuff at you that if you aren't familiar with, you haven't heard of before, or you don't know what that is, totally okay. Totally fine. We're letting this thing run. We just know that that's what's happening because that's what we wanted to. But, if you wanted to read through a little bit more here, again, use this upskill challenge as your guide, as your playbook, as your learning reference here. It's what it's all about. We learning. We can just wait until we have the please press enter to activate this console, and then we'll press enter, and we should be able and ready to work with OpenWRT right then and there, once we've got this all connected. But, you can see it's connecting to its network. It's got the interfaces set up. I think we're kind of cooking right now. But, let me remind everyone what it is that we're actually doing here. Cuz I know, oh sure, hey, we copy and pasted a little silly couple commands. But, we're giving us some real superpowers right now to literally read encrypted traffic. Stuff that you would be completely blind and oblivious to if you try to look through it in like Wireshark. We're getting in the middle of HTTPS traffic. Oh no, here it is. It did say, uh press enter when you're ready here. So, I think I actually saw it come through. Let me scroll through just to be able to get that highlighted so that you know, hey, we are ready. I know I might be scrolling too far up. Too much output in our big text here. Was it there? There it is. Please press enter to activate this console. All right. Let's do it. I'm going to scroll to the very bottom of the terminal, and I'm just going to press enter. And this is the coolest thing. We're slapped into a Linux shell. We're root on our emulated router. We're inside of OpenWRT just as easily, just like that. So, now that it's up and running, we can get man-in-the-middle working. We can use man-in-the-middle web to have a web user interface of our man-in-the-middle proxy. And again, you use the proxy mode for the transparent mode, and we want to be able to show host so that I have a quick and easy link to be able to click on and open up and actually see this in our web browser. But, I got to be honest, this should be everything that we needed to do, guys. We're just about there. Let me get back to that VM. Bouncing back and forth. And I do not want to run this inside of the OpenWRT instance. Right? Does that make sense for everybody? Because like that's a router. It doesn't have man-in-the-middle proxy by default, right? That's its own dedicated setup instance. I actually want to create a new terminal, a new tab. So that I'm back in my Kali Linux prompt, and then I can run man-in-the-middle proxy, man-in-the-middle web, all these things. So, we'll paste that in. It recognizes and knows what that command is. I can just get this up and running. And now we'll have that link, something running locally, HTTP 127001 on port 8081. And we have a token. So, I'm going to click this thing, and we'll open inside of our Kali Linux virtual machine our web browser, our Firefox web browser. And we'll see if anything might have already kind of came through earlier or not. I'm hoping not so we can kind of see this active and live for you. But, now we have man-in-the-middle proxy running. And I'll zoom in a smidge. If you want to explore the interface, you totally could. You could take a look at some of the options here. You could see everything else that it can do. But, honestly, now we just need to generate traffic. Now we need to have something to look at. So, this is cool. This is working. And now, from our OpenWRT router, we can make internet requests like going to Google, going to Facebook, downloading packages, installing software, communicating maybe in a scenario with like a command and control server, met malware analysis, all the things we could do here. And we'll see the traffic. So, I'm going to copy this. Simple wget to Google. And I'm going to pivot back into Can I alt tab okay? Trying to get back to my terminal here. I want to go to this other tab on our OpenWRT router because we're using that as our in-the-middle proxy. wget something down. And you might be able to see it just barely in the background. Fingers crossed we saw some traffic pop up. And you see, okay, it tried to write it, but that already exists cuz we tested this previously. But, where you see the action is back in your web browser. Back in Firefox. Look at this. It sees the connection to Google. And just like you're used to in like Wireshark or the browser tools, developer toolkit in any sort of request and website that you're accessing like pressing F12 on your keyboard, you can see the request, the response, and all the info here. This first one was a redirect, right? HTTP code 301. They just said, "Oh, you forgot your dub dub dub world wide web.google.com subdomain." So, it just punts us over there. But, you can see the HTML here. You can see the actual response. And if I go to that next entry for the actual 200 HTTP okay, let me scroll down. And I hope I hope this is like the light bulb moment for you all. But, it's the real raw HTML, JavaScript, CSS network traffic the same way that you would have seen it in Wireshark if it were plain text. Because now, we're getting in between HTTPS and TLS so that traffic is not encrypted, and we can review it and actually see it the same way it's being pulled back to our host. That's kind of cool. >> [laughter] >> Like, that's pretty awesome, right? I think it's sweet. And let me go get back to our kind of learning here. The man-in-the-middle web interface will show a log entry with the captured HTTPS request and the decrypted response just like we saw. And I love this. Like I I think I was trying to drive the point home kind of for exactly this reason. I know maybe folks don't know don't have the perception or aren't fully understanding what we just did. But, you don't normally get to do that. >> [laughter] >> You don't normally get to look at encrypted HTTPS traffic. I know it seems anticlimactic cuz we copy and pasted a crap ton of commands. But, what we just did is a pretty big deal. Using any other normal means to look at data that's been encrypted, you're not going to be able to read it or make sense of it. You're not going to see that HTML, that CSS, that JavaScript, that protocol, the real TCP communications back and forth. So, if you wanted more to explore and look at, they give us a good example. I know the Google one was simple, tried and easy. But, maybe we just started to I don't know, download some packages. Maybe we started to install something. Let me go back to our instance here. I think I can get back to my terminal. Back in WRT. Let's try to run apk update just to pull down a lot of package managers packages that are managed by the package manager in this environment. And you can see downloads.openwrt.org/release. And you can see the traffic starting to flow in over here on Firefox and our man-in-the-middle proxy information. Again, each and every one of these you could go explore. You could look down into. Some of them might be raw binary, but now you can see the raw binary. It's not encrypted. It's not gobbledygook that is no valuable to you. This could actually be valuable to you. So, I thought this was so cool. I thought this was just a really sweet, uh good showcase, uh and simpler than we realized, right? Granted, we streamlined a little bit of the setup for you. But, we wanted to make that cool learning lesson, that true real upskill challenge for you to get a little bit smarter. Get a little bit sharper. Get a little bit more in that good just hacking direction. So, we're done. >> [laughter] >> That's it. That's the show, ladies and gentlemen. This was one of the few little labs, hands-on activities, upskill challenges that we brought to RSA, B-Sides San Francisco years past and this year and we will probably continue to for a lot of our events. We'll have new upskill challenges just like this to be able to get hands-on, to be able to live learn in the moment and I'm really grateful. Hey, we could spin up these virtual machines, we could let you explore and play with all this, but it's a real treat to be able to showcase a lot of this and again, working back and forth hand-in-hand with our sweet friends over at IoT Village and I hope you get to have some fun with it, too. If you like this thing, go take a look at the AI course for cyber defense operations with the constructing defense material, with everything else that might be up and available for you at just hacking.com and little tax day coupon, tax day 15, 15% off. >> [laughter] >> Having fun with it. I hope you go take a look at the 3D printing new upskill challenge. I hope you go take a look at all the great things, but I think that's it, my friends. Thank you for letting me have some fun with this. I'll stop screen sharing and I guess we start to tune this thing out. We're getting close to the top of the hour, but maybe we take it easy for Friday because I think I got a whole lot of other stuff to juggle. We're still talking about Blue Hammer Red Sun to defend, we're still talking about axes, we're still doing all the other things. Too many of us are too busy, but we are at the weekend. So, thank you, thank you, thank you, everyone. I really hope you had some fun. Super appreciate you joining me for another just hacking training live stream and forget the noise. Get to just hacking. Alrighty, thanks everybody. I don't have the sizzle reel, so it's going to be another awkward wave goodbye. We got to account for all the like 15 second stream delays on whatever platform might be real time, might be delayed. I'm just saying see you later. I just keep saying goodbye. I'll see you later, everybody.
Original Description
April 17th at 1pm ET, livestream demo of the free challenge "Encryption! What Encryption?"
Watch on YouTube ↗
(saves to browser)
Sign in to unlock AI tutor explanation · ⚡30
More on: Network Security
View skill →Related Reads
📰
📰
📰
📰
Why I built Contextia: stopping secrets before they reach AI chats
Dev.to AI
The Complete Web Application Penetration Testing Guide (2026)— Part 2
Medium · Cybersecurity
The Networking Problem Nobody Talks About (Until It’s Too Late)
Medium · Cybersecurity
Built an AI-Powered WAF for PHP/Laravel Apps in Africa — Here’s What It Catches
Medium · Programming
🎓
Tutor Explanation
DeepCamp AI