lcat
My personal /var/log
  • Home
  • Contact
  • HackMe!

How to proxy a non proxy-aware apps in Android using iptables

When trying to sniff TLS traffic for a Flutter app using [this script](https://github.com/NVISOsecurity/disable-flutter-tls-verification/blob/main/disable-flutter-tls.js) and setting proxy with `settings put global http_proxy addr:port`, it failed. I received nothing on my Burp Suite. According to the README in the NVISOsecurity script, Flutter is not proxy aware, which is why it does not respect the `http_proxy` settings.

Other approach that I found is to add hosts of interest to `/etc/hosts` to redirect them to an invisible proxy. But I am curious about another approach, which should be simple and seems more robust, that is by using `iptables`.

These are the commands that worked for me:

```
iptables -t nat -A OUTPUT -p tcp --dport 443 -m owner --uid-owner 10005 -j DNAT --to-destination 100.127.17.77:10025
iptables -t nat -A POSTROUTING -j MASQUERADE
```

I am only interested in proxying HTTPS TCP traffic, hence the `--dport 443`. I also want to match only the traffic coming from my target app which has a `uid` of 10005 (you can figure out the `uid` of an app using `stat /data/data/com.example.app`). The destination NAT address is the address of my Burp Suite proxy (with invisible mode enabled). At first, I did not run the second command which performs masquerading, but it did not work, probably because I used a Tailscale IP (100.x.x.x) that is on `tun0` and therefore I think it requires masquerading. If the target proxy that I use is in my local network, it will work without masquerading. This comment from a SO post saved me:

> as long is it is NAT you'll need masquerading – keltar Commented May 15, 2012 at 6:58

As someone also mentioned in the SO post, this approach is not doing the real transparent proxying. To do it, I think the target should be `TPROXY` instead of `DNAT`, and therefore the original target IP address can be preserved.

The SO post: <https://stackoverflow.com/questions/10595575/iptables-configuration-for-transparent-proxy>

Good reading for TPROXY: <https://powerdns.org/tproxydoc/tproxy.md.html>
Created: 2025-05-26 04:34:55, Updated: 2025-05-26 04:34:55, ID: dd6b60d5-41c2-4e9a-ad70-ec386025b1e8