I got tired of rebuilding a wifi AP + dnsmasq + mitmproxy stack for every IoT engagement, so I packaged it into a docker compose
Every time I picked up a smart device to look at, I'd lose an afternoon to the same setup on a Linux box. Edit hostapd.conf, edit dnsmasq.conf, work out the iptables rules for NAT, fight NetworkManager for control of the radio. By the time the AP was up I was tired of the device.
So I packaged it. Mezz is a docker compose stack you bring up with two curl commands and a .env file. It turns a Linux host with two NICs into an isolated wifi sandbox that sits between your test devices and the rest of your network.
What's in the stack:
- isolated wifi AP via hostapd, WPA2-PSK
- DHCP + DNS via dnsmasq, with per-query logging so you can see exactly what each device is talking to
- NAT out through a wired uplink
- a virtual interface that mirrors the sandbox traffic, so you can point Wireshark / tcpdump at it
- local
.landomain - optional mitmproxy profile for transparent HTTP/HTTPS interception
It is defensive only and scoped for devices you own. It is not an evil-twin framework and does not try to be wifipumpkin3 or hostapd-mana. The point is to remove the setup tax on the "I want to see what this $20 gadget actually does on wifi" workflow.
Repo, README, and issues: https://github.com/ABGEO/mezz
Happy to answer questions. If you have a feature request or hit something broken, open an issue.