mitm setup using hostapd and mitmproxy (--transparent) in kali

setup-mitm-transparent.sh

#!/bin/bash

# Based on: https://bumper.readthedocs.io/en/latest/Sniffing/

mkdir -p conf logs

cat > conf/dnsmasq.conf <<EOF
interface=wlan0
dhcp-range=192.168.1.2,192.168.1.30,255.255.255.0,12h
dhcp-option=3,192.168.1.1
dhcp-option=6,192.168.1.1
server=8.8.8.8
log-queries
log-dhcp
listen-address=127.0.0.1
# Set DNS settings per Bumper documentation as needed below
#address=/msg-na.ecouser.net/192.168.1.1
#address=/mq-ww.ecouser.net/192.168.1.1
EOF

cat > conf/hostapd.conf <<EOF
interface=wlan0
driver=nl80211
ssid=bumper_mitm
hw_mode=g
channel=11
macaddr_acl=0
ignore_broadcast_ssid=0
auth_algs=1
wpa=2
wpa_passphrase=IAmNotSafe
wpa_key_mgmt=WPA-PSK
wpa_pairwise=CCMP
wpa_group_rekey=86400
ieee80211n=1
wme_enabled=1
EOF

sudo apt-get update
sudo apt-get install gnome-terminal hostapd

sysctl -w net.ipv4.ip_forward=1
sysctl -w net.ipv4.conf.all.send_redirects=0

iptables -t nat -A PREROUTING -i wlan0 -p tcp --dport 80 -j REDIRECT --to-port 8080
iptables -t nat -A PREROUTING -i wlan0 -p tcp --dport 443 -j REDIRECT --to-port 8080
iptables -t nat -A PREROUTING -i wlan0 -p tcp --dport 8883 -j REDIRECT --to-port 8080

sudo nmcli radio wifi off
sudo rfkill unblock wlan
ifconfig wlan0 up 192.168.1.1 netmask 255.255.255.0
route add -net 192.168.1.0 netmask 255.255.255.0 gw 192.168.1.1

#Open in new tabs
gnome-terminal -x sh -c "SSLKEYLOGFILE="logs/sslmitmkeylog.txt" mitmweb -m transparent -w "logs/mitmout_new.txt" --tcp-hosts 192.168.1.\d+ --ssl-insecure --raw; bash"
gnome-terminal -x sh -c "dnsmasq -C conf/dnsmasq.conf -d; bash"
gnome-terminal -x sh -c "hostapd conf/hostapd.conf; bash"