Mobile Tarpit

[Oni]

Yeah, paying for tethering kinda sucks.... and it probably wouldnt work with BackTrack anyway!

I've stuck a quick video up on Vimeo about my mobile Jasager Tarpit. Simple stuff but there are few gotchas.

Just a little video I put together about the Jasager man in the middle attack but using an iPhone to tether the connection. I had a few snags with this so maybe it's worth mentioning them in case anyone else has a similar idea.

Using a jailbroken iphone and a socks proxy is easy enough. There are a few command line programs you can use on the phone along with the packages based around the libiphone package. Now this is fine for perhaps your local browser on your box setup using proxychains. But what if you are routing data with iptables with your Jasager?

I wrote a few scripts to get the iptables traffic routed over the right ports. Generally something along the lines of:

iptables -t nat -A socksforward -p tcp -j REDIRECT --to-port $TRANSOCKS_PORT

Using transocks allows us to foward any connection over socks BUT it seems not to do a very good job of forwarding DNS. The great thing is, you can still use DNS with the iPhone Socks Proxy using proxyresolv with a wrapper script. A line such as:

iptables -t nat -A socksforward -p udp --destination-port 53 -j REDIRECT --to-port $DNS_PORT

..should send to your proxyresolv wrapper. This then takes care of both HTTP and DNS. Your tarpit is ready for fun!

[Oni]

I was wondering if anyone else had tried this as tethering in this way is very slow. Ive noticed that Facebook hacking works ok but google mail wont work over a socks proxy such as proxychains... oddly.