NVISOsecurity
Intercept messages directed to the distant broker
Greetings, everyone! Firstly, I would like to thank you for the excellent work in developing this tool. However, I would like to understand if I am doing something wrong or simply don't understand how it works. I'm trying to do some tests (the objective is for a client to send a message to a broker and this message to be intercepted and changed). To do this, I am setting a distant broker different from my MITM broker. However, I understand that the client needs to direct the Publish message to the MITM broker and not to the destination broker (which I assume is the Distant Broker, right?). Isn't there a way to intercept messages that are directed to the distant broker?
Well, as I didn't have any answers here, I must assume that the tool does not in fact have this functionality of intercepting packets that are not directed to it. Therefore, I will close this issue.
Hey @BrunoJesus84 , apologies for the late reply! Had this in my backlog for a while :) Indeed your understanding is correct, IOXY doesn't take care of the "active" part of packet interception. The client needs to be configured to send packets to IOXY, and then IOXY will forward them to the destination / distant broker.
To accomplish the redirection of packets from the client to IOXY you have different options:
- Either you reconfigure the client itself
- Or you connect it to a router you control and manipulate the packets there
- Or you can use a technique like ARP spoofing (see for ex. https://github.com/bettercap/bettercap )
Hope this is clear, let us know if you have any other questions :)
Hey @windBlaze , thanks a lot for the detailed reply!! I would like to take this opportunity to ask something else: in my scenario I have a Gateway communicating with a Broker. I would like to intercept the messages exchanged between them. However, from the Gateway a Subscribe message is sent and the Broker returns a Publish to it, right? Can I intercept this response Publish?