I want to pentest a mobile application. To do so, I want to intercept all WiFi traffic and forward it to Burp, which runs in a VM.
I enabled "Internet Sharing" on my Macbook so my phone now connects to the laptop using WiFi. Then I want to forward all traffic to the Burp proxy, which is at 172.16.122.128:8080.
Redirecting to localhost works:
rdr pass on bridge100 inet proto tcp from any to any port {80,443} -> 127.0.0.1 port 8080
I put this rule in a file and load it with pfctl -f pf.rules. After that, I listed on port 8080 using nc -l -p 8080 and when I browse somewhere on my phone it indeed connects to localhost instead.
However, when I try to forward to 172.16.122.128, it doesn't work:
rdr pass on bridge100 inet proto tcp from any to any port {80,443} -> 172.16.122.128 port 8080
The packets do end up in the VM (tested with Wireshark) but no connection is made. This could be because they originate from 192.168.2.3. Do I need NAT somewhere? How can I configure this correctly?
I drew a picture of my network layout. (The VM actually runs on my laptop, but I drew it separate here.)
