boboTjones · June 5, 2020 14:36
diff --git a/socat.txt b/socat.txt
 /*
 Testing a Cocoa application that establishes an SSL connection with
 port 443 on a server, but does not use HTTP headers. Therefore, it was not
 possible to use Burp to capture the transactions between the client and the
 server. What follows below is the means to get a proxy up and running 
 without all the fiddling about and poking yourself in the eye with a 
 spork. Notes are formatted like comments.
 */

 ## First, download and build socat:

 mkdir src
 cd src
 curl -O http://www.dest-unreach.org/socat/download/socat-1.7.2.2.tar.gz
 tar zxvf socat-1.7.2.2.tar.gz
 cd socat-1.7.2.2
 ./configure && make

 ## Then create the necessary certificates that socat will need (this comes from the wiki):

 mkdir ../ssl
 cd ../ssl
 openssl genrsa -des3 -out ca.key 4096
 openssl req -new -x509 -days 365 -key ca.key -out ca.crt
 openssl genrsa -des3 -out server.key 4096
 openssl req -new -key server.key -out server.csr
 openssl x509 -req -days 365 -in server.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out server.crt
 openssl x509 -in server.crt -out input.der -outform DER
 openssl x509 -in input.der -inform DER -out output.pem -outform PEM
 cat server.key >> output.pem


 ## Now, import them into your keychain:

 open /Applications/Utilities/Keychain\ Access.app/

 ## From the Keychain UI: File -> Import Items
 ## Import all the things (probably only need ca.crt and/or server.crt, but why not)
 ## Now open three terminals.

 ## in terminal 1:

 export TARGET=10.10.10.10
 ## ^^^change this, or just use the IP below. thought this'd be easier to read.

 /path/to/src/socat-1.7.2.2/socat TCP-LISTEN:9451,fork OPENSSL:$TARGET:443,verify=0

 ## in terminal 2:

 su - superuser
 sudo su
 vi /etc/hosts

 ## shift-g to go to the bottom of the file
 ## shift-o to toggle edit below the last line, add:
 ## 127.0.0.1 fqdn.victim.com
 ## ESC to toggle edit
 ## :wq to gtfo of vi

 /path/to/src/socat-1.7.2.2/socat OPENSSL-LISTEN:443,verify=0,reuseaddr,cert=/path/to/output.pem,fork TCP:127.0.0.1:9451

 ## in terminal 3

 su - superuser
 sudo su
 tcpdump -vvi lo0 -n -X -s9999 port 9451

 ## or

 tcpdump -vvi lo0 -n -A -s9999 port 9451
	/*
	Testing a Cocoa application that establishes an SSL connection with
	port 443 on a server, but does not use HTTP headers. Therefore, it was not
	possible to use Burp to capture the transactions between the client and the
	server. What follows below is the means to get a proxy up and running
	without all the fiddling about and poking yourself in the eye with a
	spork. Notes are formatted like comments.
	*/

	## First, download and build socat:

	mkdir src
	cd src
	curl -O http://www.dest-unreach.org/socat/download/socat-1.7.2.2.tar.gz
	tar zxvf socat-1.7.2.2.tar.gz
	cd socat-1.7.2.2
	./configure && make

	## Then create the necessary certificates that socat will need (this comes from the wiki):

	mkdir ../ssl
	cd ../ssl
	openssl genrsa -des3 -out ca.key 4096
	openssl req -new -x509 -days 365 -key ca.key -out ca.crt
	openssl genrsa -des3 -out server.key 4096
	openssl req -new -key server.key -out server.csr
	openssl x509 -req -days 365 -in server.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out server.crt
	openssl x509 -in server.crt -out input.der -outform DER
	openssl x509 -in input.der -inform DER -out output.pem -outform PEM
	cat server.key >> output.pem


	## Now, import them into your keychain:

	open /Applications/Utilities/Keychain\ Access.app/

	## From the Keychain UI: File -> Import Items
	## Import all the things (probably only need ca.crt and/or server.crt, but why not)
	## Now open three terminals.

	## in terminal 1:

	export TARGET=10.10.10.10
	## ^^^change this, or just use the IP below. thought this'd be easier to read.

	/path/to/src/socat-1.7.2.2/socat TCP-LISTEN:9451,fork OPENSSL:$TARGET:443,verify=0

	## in terminal 2:

	su - superuser
	sudo su
	vi /etc/hosts

	## shift-g to go to the bottom of the file
	## shift-o to toggle edit below the last line, add:
	## 127.0.0.1 fqdn.victim.com
	## ESC to toggle edit
	## :wq to gtfo of vi

	/path/to/src/socat-1.7.2.2/socat OPENSSL-LISTEN:443,verify=0,reuseaddr,cert=/path/to/output.pem,fork TCP:127.0.0.1:9451

	## in terminal 3

	su - superuser
	sudo su
	tcpdump -vvi lo0 -n -X -s9999 port 9451

	## or

	tcpdump -vvi lo0 -n -A -s9999 port 9451