brmitm - MITM helper for bridges

brmitm.sh

#!/bin/bash

OPTIND=1

bridge="br_mitm"
iface_in=""
iface_out=""
port=""
port_to="8080"
do_clean=0
active=0

if [ -f ~/.brmitm_state ]; then
	source ~/.brmitm_state
fi

function save() {
	if [ -f ~/.brmitm_state ]; then
		rm ~/.brmitm_state
	fi

	for var in bridge iface_in iface_out port active; do
		declare -p "$var" | cut -d ' ' -f 3 >> ~/.brmitm_state
	done
}

function show_help() {
	echo "Usage: brmitm [OPTIONS] [-i UPLINK_IF -o DUT_IF | -s PORT -t PORT_TO | -c]"
}

function clean() {
	if [ $active == 0 ]; then
		echo "not active"
		exit 1
	fi

	active=0
	save

	ifconfig "$bridge" down
	brctl delif "$bridge" "$iface_in"
	brctl delif "$bridge" "$iface_out"
	brctl delbr "$bridge"

	ebtables -t broute -F BROUTING
}

function init() {
	if [ "$iface_in" == "" ]; then
		echo "Uplink interface not specified"
		show_help
		exit 1
	fi

	if [ "$iface_out" == "" ]; then
		echo "DUT interface not specified"
		show_help
		exit 1
	fi

	brctl addbr "$bridge"
	brctl addif "$bridge" "$iface_in"
	brctl addif "$bridge" "$iface_out"
	ifconfig "$bridge" up
	ifconfig "$iface_in" up
	ifconfig "$iface_out" up

	ifconfig "$iface_in" 0.0.0.0
	ifconfig "$iface_out" 0.0.0.0

	active=1
	save
}

function add_port() {
	ebtables -t broute -A BROUTING -p ipv4 --ip-proto tcp --ip-destination-port "$port" -j redirect --redirect-target ACCEPT
	iptables -t nat -A PREROUTING -i "$bridge" -p tcp -m tcp --dport "$port" -j REDIRECT --to-port "$port_to"
	echo "Port $port redirected to $port_to."
}

while getopts "h?cb:i:s:t:o:" opt; do
	case "$opt" in
	h|\?)
		show_help
		exit 0
		;;
	c)
		do_clean=1
		;;
	b)
		bridge="$OPTARG"
		;;
	i)
		iface_in="$OPTARG"
		;;
	s)
		port="$OPTARG"
		;;
	t)
		port_to="$OPTARG"
		;;
	o)
		iface_out="$OPTARG"
		;;
	esac
done

save

shift $((OPTIND-1))
[ "${1:-}" = "--" ] && shift

if [ $do_clean == 1 ]; then
	clean
	exit 0
fi

if [ "$port" != "" ]; then
	add_port
else
	init
fi