network surveillance apparatus - proj...

APRIL 10,,2015

NETWORK SURVEILLANCE APPARATUS

WiFiSpi SAIT Polytechnic

Final Report

Network Surveillance Apparatus

Aaron Collier, Steven Tran-Giang, Scott Matheson

WIFISPI PROJECT CHARTER PAGE 1

Table of Contents

Executive Summary .................................................................................................................... 3

Introduction .................................................................................................................................. 4

Project Purpose ........................................................................................................................... 5

Problem / Opportunity ................................................................................................................. 5

Background .................................................................................................................................. 5

Project Goal ................................................................................................................................. 5

Objectives .................................................................................................................................... 5

Key Stakeholders ........................................................................................................................ 6

Project Scope .............................................................................................................................. 7

Scope ........................................................................................................................................... 7

Out of Scope ................................................................................................................................ 7

Project Plan ................................................................................................................................. 8

Major Milestones ......................................................................................................................... 8

Budget .......................................................................................................................................... 9

Proposed Budget ......................................................................................................................... 9

Actual Budget .............................................................................................................................. 9

Results and Achievements ....................................................................................................... 10

Lessons Learned ....................................................................................................................... 10

Recommendations .................................................................................................................... 13

Conclusion ................................................................................................................................. 14

Acknowledgements ................................................................................................................... 15

References ................................................................................................................................ 16

Appendix .................................................................................................................................... 18

Terminology ............................................................................................................................... 18

Source Code .............................................................................................................................. 19

Setup/Configuration Script ........................................................................................................ 19

Preface ......................................................................................................................................... 2

Materials Needed ........................................................................................................................ 3

System Installation ...................................................................................................................... 4

Tool Configuration ....................................................................................................................... 5

FORMAL REPORT – NETWORK SURVEILLANCE APPARATUS PAGE 2

DHCPD (/etc/dhcpd.conf)............................................................................................................ 5

wpa_supplicant (Wireless connection tool for cli)....................................................................... 5

airbase-ng (Wireless access point) ............................................................................................. 5

iptables (interface bridging and nat translation) ......................................................................... 6

Final Configuration Steps ............................................................................................................ 6

Other Commands ........................................................................................................................ 6

Example Script ............................................................................................................................ 7


Section

Executive Summary

1

The following report outlines our vision and goal of our final Capstone Project at SAIT Polytechnic. The network surveillance apparatus, is a low cost surveillance device to be used to monitor potential cyber criminals. This project will be completed by Team WiFiSpi, whose members consist of: Aaron Collier, Scott Matheson and Steven Tran-Giang as well as be under the supervision of Colin Chamberlain. We came up with the idea of wanting a cheap and easy way to survey a network without being detected. The intention of the network surveillance device is to have the ability to intercept packets and relay the information back to our server. Our server would then use Snort to filter out any suspicious packets that would match our rule sets. This is all done using a Hummingboard with two wireless NICs and an Alfa USB wireless adapter. The construction of this system will cost approximately $503 with labour being approximately $28,080. The grand total of implementing everything including labour is ~$28,583. The skills required to manufacture this project consisted of: scripting, a firm grasp of Linux, knowledge of NICs, snort, and finally the most important is to know how to troubleshoot. At the end of this project Team WiFiSpi will present the final deliverable, Network Surveillance Apparatus, to the SAIT instructors, the general public, and all IT professionals at the Information Technology Computer Systems Capstone Project Showcase.


Section

Introduction

2

The Network Surveillance Apparatus is an idea we created on a cheap easy way of monitoring a suspicious network while leaving a minimal footprint on their network. We started by looking for a mini pc that would be capable of performing a man in the middle and be able to capture the packets that are sent from the network to the router. We went with the Hummingboard because we found that it offered everything we needed spec wise. As wireless becomes more and more prevalent in not only industry but also anywhere in a city being able to monitor suspicious traffic becomes much harder to do. With this device we plan on making it easier to be able to monitor the traffic in not only in an inconspicuous way but also an affordable way.


Section

Project Purpose

3

Currently there are few devices that allow the tracking of network traffic/packets without leaving a footprint. The purpose of this project was to design and create a device that will covertly track the network traffic of a user or network. We planned on applying this in a law enforcement setting where an officer could set up said device and gather information on potential cyber criminals. This device was also planned to have the capability of sending logged packets back to a server where they will be filtered through snort on suspicious activity.

Problem / Opportunity

With this device we hope not only to appeal to law enforcement but also cater to companies who want an inexpensive way of tracking their own network. This can range from misuse of company equipment to unwanted guests in their network.

Background

The initial idea for the Network Surveillance Apparatus was formed by Scott Matheson. With Wi-Fi becoming more and more prevalent in today’s society he wanted to create a way to be able to monitor the traffic through wireless and not having to be directly plugged into the network. Originally the idea was closer to the black hat side and was pushed more to the white hat area by group member Aaron Collier.

Project Goal

The entire goal of Team WiFiSpi is to create a working prototype of the Network Surveillance Apparatus that will be able to be deployed in a law enforcement setting or a corporate environment.

Objectives

Objectives of the project that were completed:

Design and build a working prototype minicomputer that has the capability of conducting a successful man in the middle attack.

Design a working snort server that will filter our suspicious packets collected by the NSA.

Implement an FTP server between the NSA and server able to transfer all collected packets.


Implement SSH on the NSA for remote access.

Automate the majority of the NSA.

Key Stakeholders

These will be the four key stakeholders for our proposed project.

Stakeholders Comment

Project Manager Aaron Collier, Scott Matheson, Steven Tran-Giang

Client Colin Chamberlain

Performing Organization WiFiSpi

Sponsor Colin Chamberlain


Section

Project Scope

4

The key components of the Network Surveillance Apparatus will be designed to intercept packets, successfully execute a middle man attack and to log suspicious packets and send it to our server. We have decided that these will be the major components that will be done but we also have several ideas that we wish to implement if we have enough time at the end of the project.

Scope

The major components that we will include in this project are:

Intercept packets

Successful middle man

Log all packets into a capture file

Send the capture file to our snort server through FTP.

Filter out suspicious packets using Snort rule sets. Potential components we had wished to add if we had time

Decrypting of encrypted packets.

Cellular capabilities

Out of Scope

Some things we considered that could be a part of our project but we have chosen to exclude are:

Remote management

Concealment

Battery optimization

Intelligent Automation


Section

Project Plan

5

The project was divided into three sections each overseen by a group member.

Building and troubleshooting hardware components – Aaron Collier

Learning, utilizing, optimizing and assembling software packages for tool use – Scott Matheson

Creating a troubleshooting scripts and software – Steven Tran-Giang

Major Milestones

The following is a list of all major milestones that were accomplished throughout the course of this project:

Arch Linux successfully running on the Hummingboard

Had all tools successfully on the Hummingboard

Snort successfully filtering packets

Successful Man in the Middle attack with the Hummingboard.


Section

Budget

6

Proposed Budget

Hardware costs

Item Cost

HummingBoard-i2ex ~$110.00USD

HP ProLiant DL360P G8 $2104.83CDN

Computer(Hash Calculation System) ~$1000CDN

Wireless Network Interface Card ~$60CDN

Contingency Funds $500CDN

Operating Costs

Item Hours Rate Cost

Aaron 500 $90/hr $45000

Steven 500 $90/hr $45000

Scott 500 $90/hr $45000

Actual Budget

Hardware Costs

Item Cost

HummingBoard-i2ex ~$110.00USD

HP ProLiant DL360P G8 $2104.83CDN

Alfa Wireless USB Card $42.99

Wireless Network Interface Card ~$60CDN

Contingency Funds $500CDN

Operating Costs

Item Hours Rate Cost

Aaron 79 $90/hr $7110

Steven 58 $90/hr $5220

Scott 95 $90/hr $8550


Section

Results and Achievements

7

Upon completion of this project Team WiFiSpi has produced:

A functional Hummingboard capable of executing a successful man in the middle attack with the ability to intercept and log packets. It also has the capability of sending the packets to our FTP/Snort server for filtering.

FTP/Snort Server capable of receiving capture files from the NSA and filtering out packets based on a rule set to be further analyzed.

A better understanding of how easy it is to intercept packets through wireless.

An understanding on the entire process of taking on a project and the steps needed to complete one from beginning to end.

The completion of this project has helped each group member grow as an IT professional.

Lessons Learned

Wifi - ip link set wlp1s0 - iw dev wlp1s0 scan –Apscan (not for setup) - iw dev wlp1s0 set type ibss (Ad-hoc mode) - wpa_supplicant _B –D n180211, wext –I wlp1s0 –c <(wpa_passphrase “SSID” “WPA2

Key” - dchpcd wlp1s0 - wpa_passphrase “ssid” “pass” >> /etc/wpa_supplicant.conf - iw dev wlp1s0 link (checks connection)

Aircrack

- ifconfig wlp1s0 down - iwconfig wlp1s0 mode monitor - ifconfig wlp1s0 up - airmon-ng start wlp1s0 - airodump-ng mon0

Aircrack-ng

- -b “Mac Address” - -l ”outfile.txt”


- -s = speed test - -r “path/to/airolib/database

Tcpdump

- -F(foo.bar): use file for filter expressions - -i <interface> - -w: write to file - -vvv: three levels verbose

Filters Protocols: TCP, UDP, HTTP, HTTPS, SFTP, SSL, POP, IMAP, FTP, SMTP

Airbase-ng –a <AP MAC> - essid “ssid” - c <channel> mon0 -Z 4 –WPA2 CCMP (use with Wl) -F <foo.pcap> -packet output file Bridge AP

- Airmon-ng start wlan0 11 - Airbase-ng –e SSID –c 6 –W 1 –Z4 mon0& - Ifconfig at0 up - Ifconfig at0 192.168.2.1 netmask 255.255.255.0

- ifconfig at0 mtu 1400 - ifconfig wlan0 mtu 2000 - TCPdump –ni at0 –s0 –w capture.pcap

- -iwconfig frag 2346 - -iwconfig wlan0 channel 36

- -route add –net 192.168.2.0 netmask 255.255.255.0 gw 192.168.2.1

- -iptables –t mat –A POSTROUTINF –o eth0 –j MASQUERADE - -iptables -A FORWARD –I eth0 –I at0 –m state –state RELATEDESTABLISHED –j

ACCEPT - -iptables –A FORWARD –I at0 –o eth0 –j ACCEPT

- -echo 1 > /proc/sys/net/ipv4/ip_Forward

- -dhcpd at0

Monitor

- Airodump-ng –d <MAC> -a –c1 w1p1s0


Deauth

- Aireplay-ng -0 6 –a “APMAC” –c “Client MAC” mon 0 Install Snort

- yum install flex; - yum install bison; - yum install libpcap; - yum install libpcap-devel; - yum install zlib; - yum install zlib-devel; - yum install pcre; - yum install pcre-devel; - yum install libdnet; - yum install libdnet-devel; - yum install tcpdump; - yum install http://www.snort.org/downloads/snort/snort-2.9.7.2-1.centos7.x86_64.rpm

SFTP

- AllowedUsers - UsePAM - passwordAuthentication - permitrootlogin


-

Section

Recommendations

8

Technical Recommendations

Use a microcomputer that you know is compatible with the OS you want to use

Make sure the chipsets of all tools are compatible and fully supported

Know the security policies of the network you are on

Verify hardware driver support Team Recommendations

Start project ASAP, or you will fall behind very quickly.

Account for last minute changes and emergencies in your Gantt chart.

Document, document, document.

If you come up with your own project be prepared for a lot of self-guidance.

Know that anything that can go wrong will go wrong.


Section

Conclusion

9

Team WiFiSpi successfully created a prototype (NSA) which allowed for the interception of packets and the transfer of the capture files to a FTP/Snort Server for further analysis. We also created a proof of concept Snort server that with more time would filter out suspicious packets on rulesets we have created/chosen that would best suit our needs. Throughout the entirety of the project we encountered many obstacles, from Kali/PwnPi not working on the Hummingboard to SAIT’s network policies causing havoc with our interception of packets, we faced each problem thrown at us and achieved what we set out to do. The final product, the Network Surveillance Apparatus, is a fully functioning wireless surveillance device.


Section

Acknowledgements

10

Team WiFiSpi wishes to thank the individuals who provided invaluable knowledge and the assistance of our project: Colin Chamberlain – Project sponsor, provided us with server hardware, monitors, keyboards, mice. As well as keeping us on track with the project over the last thirteen weeks. Tim Williams – Help with TCP dumps and Snort Dylan Saunders – Tunneling two connections Jason Fisher – Miscellaneous hardware and access to soldering iron. Arch Linux Community Solid-Run Community Aircrack-ng Community William Parker – CentOS Snort Setup Guide

Linux Man Pages

APRIL 10, 2015


Section

References

11

[1]W. Parker, S3.amazonaws.com, 2015. [Online]. Available: https://s3.amazonaws.com/snort-org-

site/production/document_files/files/000/000/063/original/snort-centos6x-7x-

2970.pdf?AWSAccessKeyId=AKIAIXACIED2SPMSC7GA&Expires=1428438869&Signature=EWs

j4fK2P3IsVRBUyaJZss%2BRLMo%3D. [Accessed: 07- Apr- 2015].

[2]F. Wiles, 'HOWTO: Linux NAT in Four Steps using iptables', Revolution Systems, 2015. [Online].

Available: http://www.revsys.com/writings/quicktips/nat.html. [Accessed: 10- Apr- 2015].

[3] Aircrack-ng.org, 'Aircrack-ng - Main documentation', 2015. [Online]. Available: http://www.aircrack-

ng.org/documentation.html. [Accessed: 10- Apr- 2015].

[4] Linux.die.net, 'dhcpd(8): Dynamic Host config Protocol Server - Linux man page', 2015. [Online].

Available: http://linux.die.net/man/8/dhcpd. [Accessed: 10- Apr- 2015].

[5] Daemon-systems.org, 'dhcpcd.8', 2015. [Online]. Available: http://www.daemon-

systems.org/man/dhcpcd.8.html. [Accessed: 10- Apr- 2015].

[6] Tcpdump.org, 'Manpage of TCPDUMP', 2015. [Online]. Available:

http://www.tcpdump.org/tcpdump_man.html. [Accessed: 10- Apr- 2015].

[7] Linux.die.net, 'iwconfig(8) - Linux man page', 2015. [Online]. Available:

http://linux.die.net/man/8/iwconfig. [Accessed: 10- Apr- 2015].

[8] Linux.die.net, 'wpa_supplicant(8) - Linux man page', 2015. [Online]. Available:

http://linux.die.net/man/8/wpa_supplicant. [Accessed: 10- Apr- 2015].

[9] Linux.die.net, 'wpa_passphrase(8) - Linux man page', 2015. [Online]. Available:

http://linux.die.net/man/8/wpa_passphrase. [Accessed: 10- Apr- 2015].

[10] Ipset.netfilter.org, 'Man page of IPTABLES', 2015. [Online]. Available:

http://ipset.netfilter.org/iptables.man.html. [Accessed: 10- Apr- 2015].


. . . . . . . . .

[11] Wiki.solid-run.com, 'CuBox-i Wiki Pages', 2015. [Online]. Available: http://wiki.solid-

run.com/Main_Page. [Accessed: 10- Apr- 2015].

[12] Wiki.archlinux.org, 'ArchWiki', 2015. [Online]. Available: https://wiki.archlinux.org/. [Accessed: 10-

Apr- 2015].


. . . . . . . . .

Section

Appendix

12

The following is a list of terminology used within this document that might require further explanation: Packets: A formatted unit of data sent between packet to packet systems that contains information that allows computers to talk to each other. NIC: Network Interface controller, Hardware that connects the computer to a network. Snort: An open source, intrusion prevention system. Microcomputer: A computer that fits the size of a credit card. Footprint: The impact you have on a network. Cyber Criminal: An individual committing illegal activities through the use of a computer and internet. Black Hat: An individual who hacks into a system with nefarious intentions White Hat: An individual who hacks into a system with good intentions (research, vulnerability testing) Man in the Middle Attack: A MITM is essentially equivalent to an individual eavesdropping onto a conversation without either party knowing. FTP Server: File Transfer Protocol, transfers files between computers SSH: Secure shell used for remote access Capture File: Log of all traffic on a network captured by some software. Encrypt: The processes of encoding messages. Decrypt: The processes of decoding encrypted messages.

Section

Terminology

A


. . . . . . . . .

Setup/Configuration Script

#!/usr/bin/perl $wireless=X; $backpass=X; print "Quick start Configuration script\n\n"; while($wireless ne "Y" && $wireless ne "N") { print "Will you be using a wireless backend? (Y/N): "; chomp($wireless=<stdin>); $wireless=uc($wireless); if($wireless eq Y) { system("iwconfig"); print "Please indicate wireless interface you wish to use: "; chomp($backadapt=<stdin>); print "Please indicate the SSID(name) of the wireless connection you wish to use: "; chomp($backssid=<stdin>); while($backpass ne "Y" && $backpass ne "N") { print "Is there a passphrase on this connection? Y/N: "; chomp($backpass=<stdin>); $backpass=uc($backpass); if($backpass eq "Y") { print "Please enter the passphrase (Case sensitive): "; system("stty -echo"); chomp($passphrase=<stdin>); system("stty echo"); print "\n"; } elsif($backpass eq "N") { print "No wireless passphrase selected\n"; } else {

Section

Source Code

B


. . . . . . . . .

print "Error: Invalid input\n\n"; } } } elsif($wireless eq N) { system("ifconfig"); print "Please indicate physical interface you wish to use: "; chomp($backadapt=<stdin>); } else { print "Error: Invalid input\n\n"; } } system("iwconfig"); print "NOTE: If using a wireless backend you must use a secondary wireless interface for soft AP configuration\n"; print "Please indicate wireless interface you wish to use for soft access point: "; chomp($apadapt=<stdin>); print "Please indicate the name(SSID) you wish to broadcast: "; chomp($apssid=<stdin>); print "Please wait while system in configured..\n"; sleep(2); system("killall -9 dhcpd"); system("killall -9 airbase-ng"); system("killall -9 dhcpcd"); system("killall -9 wpa_supplicant"); system("killall -9 tcpdump"); system("airmon-ng stop mon3"); system("airmon-ng stop mon2"); system("airmon-ng stop mon1"); system("airmon-ng stop mon0"); system("iptables -F"); system("iptables -X"); system("iptables -t nat -F"); system("iptables -t nat -X"); system("iptables -P INPUT ACCEPT"); system("iptables -P FORWARD ACCEPT"); system("iptables -P OUTPUT ACCEPT"); sleep (3); if($wireless eq "Y") { system("ip link set $backadapt up"); sleep (2); system("wpa_passphrase $backssid $passphrase > /etc/wpa_supplicant.conf");


. . . . . . . . .

system("wpa_supplicant -B -D nl80211,wext -i $backadapt -c /etc/wpa_supplicant.conf"); sleep (10); system("dhcpcd $backadapt"); sleep (5); } system("airmon-ng start $apadapt"); sleep (5); system("airmon-ng start $apadapt"); sleep (5); system("airbase-ng -e $apssid -c 1 mon0 &"); sleep (5); system("ifconfig at0 up"); system("ifconfig at0 192.168.2.1 netmask 255.255.255.0"); system("ifconfig at0 mtu 1800"); system("route add -net 192.168.2.0 netmask 255.255.255.0 gw 192.168.2.1"); system("iptables -t nat -A POSTROUTING -o $backadapt -j MASQUERADE"); system("iptables -A FORWARD -i $backadapt -o at0 -m state --state RELATED,ESTABLISHED -j ACCEPT"); system("iptables -A FORWARD -i at0 -o $backadapt -j ACCEPT"); system("echo 1 > /proc/sys/net/ipv4/ip_forward"); system("echo > /var/lib/dhcp/dhcpd.leases"); system("dhcpd at0"); system("tcpdump -ni at0 -s 0 -w /root/capture/capture.pcap &"); sleep (2); system("echo Setup Complete.");


. . . . . . . . .

WiFiSpi SAIT Polytechnic

Administrator Manual

Network Surveillance Apparatus

Aaron Collier, Steven Tran-Giang, Scott Matheson

WIFISPI PROJECT CHARTER PAGE 1

Table of Contents

Preface ......................................................................................................................................... 2

Materials Needed ........................................................................................................................ 3

System Installation ...................................................................................................................... 4

Tool Configuration ....................................................................................................................... 5

DHCPD (/etc/dhcpd.conf)............................................................................................................ 5

wpa_supplicant (Wireless connection tool for cli)....................................................................... 5

airbase-ng (Wireless access point) ............................................................................................. 5

iptables (interface bridging and nat translation) ......................................................................... 6

Final Configuration Steps ............................................................................................................ 6

Other Commands ........................................................................................................................ 6

Example Script ............................................................................................................................ 7


Section

Preface

A

The following manual will guide you through the installation, configuration, and management of the Network Surveillance Apparatus developed by Team WiFiSpi. This guide assumes you have a foundational knowledge of Linux operating system, a scripting language (Perl is used throughout the course of this manual), and Linux network tools. This is a very early alpha prototype and is still missing some of the more advanced features and configurations.


Section

Materials Needed

1

Hardware:

ARM Microcomputer (Solid-run Hummingboard-I2eX used in this example)

2 Wireless network adapters (Atheros chipset recommended)

o http://www.aircrack-ng.org/doku.php?id=compatibility_drivers – Comprehensive list

of chipset compatibility with aircrack-ng suite

MicroSD storage (32-64Gb recommended)

Back end server capable of running as an FTP server, as well as Snort detection box

o Linux based operating system recommended for best results

Wireless router

Wireless host system

Software:

Linux based operating system

o Archlinux is recommended due to its lightweight design

Aircrack-ng suite

o Please note: Additional driver patches may be necessary to ensure wireless adapter

functionality

DHCPD - dhcp server daemon

DHCPCD – dhcp client daemon

Tcpdump

iwconfig

wpa_supplicant & wpa_passphrase

iptables

SDFormatter

Win32DiskImager

http://www.aircrack-ng.org/doku.php?id=compatibility_drivers


Section

System Installation

2

1. Download the Operating system image of your choice (Installation may vary depending on

hardware configuration)

2. Prepare the SD card by performing a full format

- SDFormatter is a simple Windows tool to achieve this

- df may be used on Linux systems

3. Image the Operating System onto the SD card

- Win32DiskImager is a simple windows disk imaging tool

- dd is a linux tool that can be used to image disks

4. Insert the SD card into the Microcomputer and run any updates/initial configurations as

defined by the developer.

5. Begin installation of all required tools and modules from official system or git repositories.

Note: some tools may come pre-packaged with your chosen distribution; verify if they are

pre-installed before attempting to install any tools.

- Aircrack-ng suite

- dhcpd

- dhcpcd

- tcpdump

- iwconfig

- wpa_supplicant

- wpa_passphrase

- iptables


Section

Tool Configuration

3

The following are example configurations used in testing to enable basic functionality of the device. These configurations may be changed in order to promote further and more advanced functions.

DHCPD (/etc/dhcpd.conf)

option domain-name-servers 208.67.222.222, 208.67.220.220; default-lease-time 600; max-lease-time 7600; ddns-update-style none; authoritative; log-facility local7; subnet 192.168.2.0 netmask 255.255.255.0 { range 192.168.2.2 192.168.2.254; option routers 192.168.2.1; option domain-name-servers 208. 67.222.222, 208.67.220.220; }

wpa_supplicant (Wireless connection tool for cli)

wpa_passphrase “WirelessSSID” “WPA2Passphrase” > /etc/wpa_supplicant.conf - Creates configuration file with your wireless credentials wpa_supplicant –B –D nl80211,wext -i “wlan0” –c /etc/wpa_supplicant.conf - Uses wireless credentials to establish connection dhcpcd wlan0 - Client-side dhcp client

airbase-ng (Wireless access point)

airmon-ng start “wlan1” - Starts monitor mode wireless interface airbase-ng -e “WirelessSSID” -c 1 mon0 & - Creates unencrypted soft access point interface on channel 1 as background job ifconfig at0 up - Makes the SoftAP interface active ifconfig at0 192.168.2.1 netmask 255.255.255.0 - Assigns an IP and network mask to the interface to match DHCPD configuration ifconfig at0 mtu 1800 - Increases the max transmission unit (in bytes) for the interface route add -net 192.168.2.0 netmask 255.255.255.0 gw 192.168.2.1 - Adds interface into linux route table


iptables (interface bridging and nat translation)

iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE iptables -A FORWARD -i wlan0 -o at0 -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -A FORWARD -i at0 -o wlan0 -j ACCEPT echo 1 > /proc/sys/net/ipv4/ip_forward - Creates a simple NAT bridge between network interfaces to carry traffic in and out

Final Configuration Steps

echo > /var/lib/dhcp/dhcpd.leases - Clears leases file (Note: The file path may vary with distribution) dhcpd at0 - Starts dhcp server on SoftAP allowing hosts to obtain IP leases tcpdump -ni at0 -s 0 -w /path/to/captures/capture.pcap & - Begins a dump of network traffic to a pcap file

Other Commands

iwconfig wlan0 channel x - Changes the channel of wlan0 (and all software interfaces using it) to x airodump-ng mon0 - Dumps a wireless network scan, very useful in gathering information on networks. aireplay-ng - Tool offering various methods of client de-authentication


Section

Example Script

4

#!/usr/bin/perl $wireless=X; $backpass=X; print "Quick start Configuration script\n\n"; while($wireless ne "Y" && $wireless ne "N") { print "Will you be using a wireless backend? (Y/N): "; chomp($wireless=<stdin>); $wireless=uc($wireless); if($wireless eq Y) { system("iwconfig"); print "Please indicate wireless interface you wish to use: "; chomp($backadapt=<stdin>); print "Please indicate the SSID(name) of the wireless connection you wish to use: "; chomp($backssid=<stdin>); while($backpass ne "Y" && $backpass ne "N") { print "Is there a passphrase on this connection? Y/N: "; chomp($backpass=<stdin>); $backpass=uc($backpass); if($backpass eq "Y") { print "Please enter the passphrase (Case sensitive): "; system("stty -echo"); chomp($passphrase=<stdin>); system("stty echo"); print "\n"; } elsif($backpass eq "N") { print "No wireless passphrase selected\n"; } else { print "Error: Invalid input\n\n"; } } }


elsif($wireless eq N) { system("ifconfig"); print "Please indicate physical interface you wish to use: "; chomp($backadapt=<stdin>); } else { print "Error: Invalid input\n\n"; } } system("iwconfig"); print "NOTE: If using a wireless backend you must use a secondary wireless interface for soft AP configuration\n"; print "Please indicate wireless interface you wish to use for soft access point: "; chomp($apadapt=<stdin>); print "Please indicate the name(SSID) you wish to broadcast: "; chomp($apssid=<stdin>); print "Please wait while system in configured..\n"; sleep(2); system("killall -9 dhcpd"); system("killall -9 airbase-ng"); system("killall -9 dhcpcd"); system("killall -9 wpa_supplicant"); system("killall -9 tcpdump"); system("airmon-ng stop mon3"); system("airmon-ng stop mon2"); system("airmon-ng stop mon1"); system("airmon-ng stop mon0"); system("iptables -F"); system("iptables -X"); system("iptables -t nat -F"); system("iptables -t nat -X"); system("iptables -P INPUT ACCEPT"); system("iptables -P FORWARD ACCEPT"); system("iptables -P OUTPUT ACCEPT"); sleep (3); if($wireless eq "Y") { system("ip link set $backadapt up"); sleep (2); system("wpa_passphrase $backssid $passphrase > /etc/wpa_supplicant.conf"); system("wpa_supplicant -B -D nl80211,wext -i $backadapt -c /etc/wpa_supplicant.conf"); sleep (10); system("dhcpcd $backadapt"); sleep (5); }


system("airmon-ng start $apadapt"); sleep (5); system("airmon-ng start $apadapt"); sleep (5); system("airbase-ng -e $apssid -c 1 mon0 &"); sleep (5); system("ifconfig at0 up"); system("ifconfig at0 192.168.2.1 netmask 255.255.255.0"); system("ifconfig at0 mtu 1800"); system("route add -net 192.168.2.0 netmask 255.255.255.0 gw 192.168.2.1"); system("iptables -t nat -A POSTROUTING -o $backadapt -j MASQUERADE"); system("iptables -A FORWARD -i $backadapt -o at0 -m state --state RELATED,ESTABLISHED -j ACCEPT"); system("iptables -A FORWARD -i at0 -o $backadapt -j ACCEPT"); system("echo 1 > /proc/sys/net/ipv4/ip_forward"); system("echo > /var/lib/dhcp/dhcpd.leases"); system("dhcpd at0"); system("tcpdump -ni at0 -s 0 -w /root/capture/capture.pcap &"); sleep (2); system("echo Setup Complete.”);

network surveillance apparatus - proj...

Documents