Mirroring outbound https traffic w/ iptables

Issues related to configuring your network
Post Reply
vtwin@cox.net
Posts: 23
Joined: 2017/02/16 16:41:29

Mirroring outbound https traffic w/ iptables

Post by vtwin@cox.net » 2018/07/22 21:16:59

I have a couple of IOT devices (thermostats) which talk to the mothership with https . They send a packet of data containing a querystring w/ parameters containing such items as current temperature, which I can view on my smartphone via their app.

I'd like to be able to 'mirror' those packets to my own web server so I can inspect the contents of the querystring with a php script and use the data for other purposes. (the thermostats do not care if the certificate matches or not.)

I found some oblique references to iptables -t mangle -j TEE ... which I played around a little with, but to no avail, e.g.

iptables -t mangle -A PREROUTING -i eth0 -s ip.addy.of.thermostat -j TEE --gateway ip.of.internal.https.server

but see no https activity.

I was able to redirect the traffic to the internal web site with DNAT, e.g.:

iptables -t nat -A PREROUTING -p tcp -s ip.addy.of.thermostat --dport 443 -j DNAT --to-destination ip.of.internal.https.server

Which does "work"... in that I can see the querystring and manipulate it in php.... but then the thermostat is not communicating with the mothership and the mothership start complaining it has "lost communication" with thermostat.

Is what I want to accomplish possible?

Post Reply