This is a how-to guide for setting up a Raspberry Pi as a WiFi Access Point, which acts as a transparent TLS proxy and saves the decrypted traffic in PCAP files.
Image: Raspberry Pi 4 Model B running PolarProxy
Step 1: Install PolarProxy for Linux ARM
We will start with installing PolarProxy, which will be used for the TLS decryption and re-encryption. The steps are almost identical to those in the official PolarProxy installation guide, except here we will download the "linux-arm" build of PolarProxy instead of the x64 version.
Note: The installation will fail on 64-bit ARM Linux OS's since we have not yet released a
Verify that the PolarProxy service is running as expected with these commands:
Step 2: Set up your Pi as a WiFi AP
The Raspberry Pi Foundation have a great guide for "Setting up a Raspberry Pi as a Wireless Access Point". Follow the instructions in their guide for the NAT mode setup (first section), but replace the iptables config with this:Then save the iptables rules with: Finally, edit
Step 3: Configure the Clients
The final step is to connect the clients (phones, tablets or computers) to the Raspberry Pi WiFi Access Point and install the root CA from PolarProxy.
Follow the instructions for "Trusting the PolarProxy root CA" in the official PolarProxy setup guide to install the public certificate from the TLS proxy in your clients.
The certificate can be downloaded from the Raspberry Pi by browsing to
PCAP PCAP PCAP
Your Raspberry Pi WiFi AP will now intercept all HTTPS traffic going to tcp/443 and save the decrypted traffic in PCAP files, one per hour.
The PCAP files with decrypted TLS traffic can be found in the
Image: Decrypted HTTP/2 traffic to Facebook opened in Wireshark
Posted by Erik Hjelmvik on Thursday, 26 September 2019 11:37:00 (UTC/GMT)