lördag 21 maj 2016

Build your anonymous union router and protocol reverseing tool and exploitation framework on top of an rasberry pi.

I have never own an raspberry pi before but today I got inspired by building an anonymous wifi hotspot router. Also I want to reverse engineer and tamper with some network protocols. Instead of refractory  my hole home network to be able to sniff and analyse some applications I want to tamper with I thought why not build an hotspot of a raspberry pi. That way I can connect to a separate wifi whenever I want to surf anonymously without worrying that I have done a misconfiguration so my dns traffic is leaking over to my ISP dns servers or I get traced done with a cookie. I don't want this to do some non-legal stuff the drive is more to create something useful.

Also this tool would be insane valuable if you want to tamper with the network stack of some applications and understand what it's doing. You can easy install some tools on the raspberry to investigate what the applications do on the wire. It could be to examine the bank application on your mobile. The bank application should have an undocumented API right? Since the mobile applications need to get data from your bank. Also ps4 could be interesting to tamper with. What happens if you create slow delay to a multiplayer game and then when server re sync it needs to figure out if the information the game has when application is in sync again is valid? If the application cares about usability it probably would trust some of the data as valid of the dropped frames since do not would be bad usability for the player just for some dropped frames. Don't know but these stuff could be interesting to investigate.

What you need

  • Raspberry Pi with Rasbian installed
  • Wifi adapter

I  bought this asus adapter.

To install this driver you need to compile the drivers or use the precompiled.
Check what kernel version your pi is running and download that driver. Bellow commands for instructions.


       # uname -a
       Linux onionpie 4.4.9-v7+ #884 SMP Fri May 6 17:28:59 BST 2016 armv7l GNU/Linux

       # wget https://dl.dropboxusercontent.com/u/80256631/8812au-4.4.9-v7-884.tar.gz
       # tar -xvf ./8812au-4.4.9-v7-884.tar.gz
       # ./install.sh

Install tor software

       # apt-get install tor
       # apt-get install hostapd

Configure network setup.

# vim /etc/network/interfaces

# interfaces(5) file used by ifup(8) and ifdown(8)

# Please note that this file is written to be used with dhcpcd
# For static IP, consult /etc/dhcpcd.conf and 'man dhcpcd.conf'

# Include files from /etc/network/interfaces.d:
source-directory /etc/network/interfaces.d

auto lo
iface lo inet loopback

iface eth0 inet manual

auto wlan0
allow-hotplug wlan0
iface wlan0 inet dhcp
    wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf

auto wlan1
allow-hotplug wlan1
iface wlan1 inet static

up iptables-restore < /etc/iptables.ipv4.nat.tor

Setup iptables rules send packets out from Tor.

# iptables -F
# iptables -t nat -F
# iptables -t nat -A PREROUTING -i wlan1 -p udp --dport 53 -j REDIRECT --to-ports 53
# iptables -t nat -A PREROUTING -i wlan1 -p tcp --syn -j REDIRECT --to-ports 9040
# iptables-save > /etc/iptables.ipv4.nat.tor

Restart AP and tor.

       systemctl restart hostapd
       systemctl restart tor
       systemctl enable hostapd
       systemctl enable tor

Just connect to your new AP and you will surf anonymously.