I have a couple of IOT devices (thermostats) which talk to the mothership with https . They send a packet of data containing a querystring w/ parameters containing such items as current temperature, which I can view on my smartphone via their app.
I'd like to be able to 'mirror' those packets to my own web server so I can inspect the contents of the querystring with a php script and use the data for other purposes. (the thermostats do not care if the certificate matches or not.)
I found some oblique references to iptables -t mangle -j TEE ... which I played around a little with, but to no avail, e.g.
iptables -t mangle -A PREROUTING -i eth0 -s ip.addy.of.thermostat -j TEE --gateway ip.of.internal.https.server
but see no https activity.
I was able to redirect the traffic to the internal web site with DNAT, e.g.:
iptables -t nat -A PREROUTING -p tcp -s ip.addy.of.thermostat --dport 443 -j DNAT --to-destination ip.of.internal.https.server
Which does "work"... in that I can see the querystring and manipulate it in php.... but then the thermostat is not communicating with the mothership and the mothership start complaining it has "lost communication" with thermostat.
Is what I want to accomplish possible?
Issues related to configuring your network
1 post • Page 1 of 1