So this entire post is inspired by Joshua Wright @ willhackforsushi.com. If you dont know the story; basically his neighbours were stealing his wifi so he thought it wuld be a good idea to mess with them.
He created a VM that broadcasts an open SSID and performs MitM ‘attacks’ against the clients. The pdf of the slides is well worth a read as that is where this idea for the pi came from.
What’s important to note that his idea is based around a VM, all i’m doing here is porting his idea to the Raspberry Pi platform for a smaller, cheaper and low power solution….. so full props to Joshua Wright!
First off with any time you use a new raspbian image you should update it:
1 | sudo apt-get update ; sudo apt-get -y upgrade |
Install the required packages:
1 | sudo apt-get install isc-dhcp-server apache2 squid3 hostapd php5 imagemagick ghostscript jp2a libwww-perl libwww-robotrules-perl |
Update network details to match the following:
1 2 3 4 5 | cat /etc/network/interfaces auto lo iface lo inet loopback auto eth0 iface eth0 inet dhcp |
Configure DHCP server for wifi interface:
1 2 3 4 5 6 7 8 9 10 11 | sudo cat /etc/dhcp/dhcpd.conf authoritative; default-lease-time 600; max-lease-time 7200; option subnet-mask 255.255.255.0; option broadcast-address 10.0.0.255; option routers 10.0.0.1; option domain-name-servers 8.8.8.8, 8.8.4.4; subnet 10.0.0.0 netmask 255.255.255.0 { range 10.0.0.10 10.0.0.254; } |
Configure squid with the following properties:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 | sudo cat /etc/squid3/squid.conf acl manager proto cache_object acl localhost src 127.0.0.1/32 ::1 acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1 acl localnet src 10.0.0.0/24 acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT http_access allow manager localhost http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow localhost http_access allow localnet http_access deny all http_port 3128 transparent coredump_dir /var/spool/squid3 refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern (Release|Packages(.gz)*)$ 0 20% 2880 refresh_pattern . 0 20% 4320 url_rewrite_children 10 url_rewrite_program /etc/squid3/url_rewrite_program |
Copy the contents of service to /opt/squid/sbin and change the perms(see end of post for the downloads):
1 | sudo chmod +x /opt/squid/sbin/*.pl |
Copy the contents of www to /var/www and change the perms of tmp(see end of post for the downloads):
1 | sudo chmod -R 777 /var/www/tmp |
Copy the following hostap details to /etc/hostapd/hostapd.conf:
1 2 3 4 | interface=wlan0 driver=nl80211 ssid=HotelWiFi channel=1 |
And finally copy the script written by Joshua Wright to /root/neightbours.sh:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 | #!/bin/bash SDIR=/opt/squid/sbin function list_services { printf "%20s %s\n" "Service Name" "Service Function" printf "%20s %s\n" "------------" "----------------" for service in `ls $SDIR | grep -v not-working`; do desc=`grep DEF: $SDIR/$service | sed 's/.*DEF: //'` printf "%20s: %s\n" $service "$desc" done printf "\n" } if [ -z $1 ] || [ -z $2 ] || [ -z $3 ]; then list_services echo "Usage: $0 wifi_interface internet_interface service_name" echo exit fi if [ ! -f $SDIR/$3 ] ; then printf "\n!!! Invalid service name: %s\n\n" $3 list_services exit fi echo "[+] Setting IP address on $1" ifconfig $1 10.0.0.1/24 echo "[+] Starting DHCP server" /etc/init.d/isc-dhcp-server stop >/dev/null sleep 2 /etc/init.d/isc-dhcp-server start >/dev/null echo "[+] Removing old temporary files" rm -rf /var/www/tmp/* 2>/dev/null echo "[+] Configuring Squid Proxy for $3" rm /etc/squid3/url_rewrite_program ln -s $SDIR/$3 /etc/squid3/url_rewrite_program service squid3 restart echo "[+] Setting firewall rules" iptables --flush iptables --table nat --flush iptables --delete-chain iptables --table nat --append POSTROUTING --out-interface $2 -j MASQUERADE iptables --append FORWARD --in-interface $1 -j ACCEPT iptables --table nat -A PREROUTING -i $1 -p tcp --destination-port 80 -j REDIRECT --to-port 3128 echo "[+] Setting up routing" sysctl -w net.ipv4.ip_forward=1 >/dev/null echo "[+] Starting wireless AP, press CTRL+C to end" hostapd /etc/hostapd/hostapd.conf |
And dont forget to make it executable!:
1 | chmod +x /root/neighbours.sh |
Maybe add a rule to prevent access to your uplink IP subnet:
1 | iptables -A FORWARD -i $WIFI -o $LAN -d {192.168.0.0/16,172.16.0.0/12,10.0.0.0/8} -j DROP |
Should you wish to download the image(for 8GB SD) you can do so from here:
https://github.com/phillips321/raspberrypi-joke-hotspot
Or just get the scripts and code via svn from here:
https://github.com/phillips321/raspberrypi-joke-hotspot
1 | svn co https://github.com/phillips321/raspberrypi-joke-hotspot raspberrypi-joke-hotspot |
Leave a Reply
You must be logged in to post a comment.