안드로이드 Proxy 설정 방법 (wifi, iptables)

모바일앱 취약점 점검을 위한 Proxy 설정 방법

Wifi 를 이용한 설정

---

wifi 설정 > SSID 선택 > 네트워크 설정 관리 > 고급 옵션 표시 체크 > 프록시 수동 > 프록시 호스트, 포트 설정

iptables 를 이용한 설정

---

iptables 를 수정하려면 root 권한이 필요하다.

2|shell@zerofltektt:/ $ iptables -t nat -L
iptables v1.4.20: can't initialize iptables table `nat': Permission denied (you must be root)
Perhaps iptables or your kernel needs to be upgraded.

root 권한으로 변경

id
uid=0(root) gid=0(root) groups=0(root) context=u:r:toolbox:s0

현재 설정 내역 확인 : iptables -t nat -L

iptables -t nat -L

Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination         
oem_nat_pre  all  --  anywhere             anywhere            
natctrl_nat_PREROUTING  all  --  anywhere             anywhere            



Chain INPUT (policy ACCEPT)
target     prot opt source               destination         



Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         



Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination         
natctrl_nat_POSTROUTING  all  --  anywhere             anywhere            
st_nat_POSTROUTING  all  --  anywhere             anywhere            



Chain natctrl_nat_POSTROUTING (1 references)
target     prot opt source               destination         

Chain natctrl_nat_PREROUTING (1 references)
target     prot opt source               destination         

Chain oem_nat_pre (1 references)
target     prot opt source               destination         

Chain st_nat_POSTROUTING (1 references)
target     prot opt source               destination

Proxy 설정 : iptables -t nat -A OUTPUT -p tcp -j DNAT --to-destination 192.168.0.27:8080

iptables -t nat -A OUTPUT -p tcp -j DNAT  --to-destination 192.168.0.27:8080
iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination         
oem_nat_pre  all  --  anywhere             anywhere            
natctrl_nat_PREROUTING  all  --  anywhere             anywhere            

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
DNAT       tcp  --  anywhere             anywhere             to:192.168.0.27:8080

사용된 옵션 설명

--table	-t table	table to manipulate (default: `filter')
--protocol	-p proto	protocol: by number or name, eg. `tcp'
--append      -A chain	Append to chain
--jump	-j target	target for rule (may load target extension)
--destination -d address[/mask][...]

iptables 룰 삭제

iptables -t nat -D OUTPUT 1

* iptables 설정했는데 burp에 프록시가 되지 않을때 아래 설정 체크 필요

invisible proxy support allows non-proxy-aware clients to connect directly to the listener