Some Minor Moddifications

[JohnE]

Hello, I would like to inform of some minor modification to the Interceptor package. Btw I'm using a Fon+ (2201)

I added "option hidden 1" to the /etc/config/network, so that the ssid doesn't broadcast the ssid.

AND i had to add the following line to /etc/init.d/interceptor

after ifconfig br-lan 0.0.0.0

brctl delif br-lan ath0

because if i didn't add this command, I had problems with connecting to the wlan interface of the Fon+. (which makes the fon impossible to reach without reflashing the device.)

i also disabled encrypion of the vpn tunnel, (the wireless is encrypted already.) this removes some overhead. so that your able to capture more data.

(just add "cipher none" to the client.conf and server.conf openvpn configuration files)

i had some problems issuing "reboot" to the device (also if you replug the power.) where the device does not successfully boot, i do not have a JTAG cable/adapter so i can't really debug whats happening.

The "fix" is to let the device be without power for a couple of minutes before reapplying power.

this is not an issue in the real world. but if somebody know a better fix please let me know (I'm using openwrt 8.09.2-r18961)

i also encountered this problem after issuing reset in the redboot shell. same solution.

also, is there a reason why I shouldn't don't run the VPN -server- on the Fon+??

with a simple bash script you can make the Fon recognize when the VPN tunnel is connected and then autostart the daemonlogger. and close daeomonlogger when the client disconnect??

this way you wouldn't need to specify the ssh root password. :)

[digininja]

They all sounds like reasonable changes, I didn't realise I was adding ath0 to the bridge, it shouldn't be there.

I don't remember there being a specific reason I put the VPN client on the Fon rather than the server, other than I had a VPN server already running so made it connect to that when initially debugging stuff.

I've seen odd issues with power and booting but never consistent and never enough to worry about debugging them, I usually do what you do and just turn it off, let it settle then turn it back on and things work OK.

I wish I knew enough about JTAG to be able to use one on the Fon, I know the concept but would need to sit down with someone and go through exactly how it all works to get a proper idea on it.

[JohnE]

Also, almost forgot, :)

I created a script that connects TWO vpn tunnels to the "client".

then bridge eth0.0 to tap0 and eth0.1 to tap1 on the interceptor.

and then bridge tap0 and tap1 on the client, which makes you the man-in-the-middle. ;)

i have some small issues with performance. but if anyone is interested, i can create a guide. and some scripts to make it more unattended. (right now it's a little messy. :P)

I would like to try this on a N wireless router,

but i can't find any small wireless N routers with two NIC's that support OpenWRT. please, can anyone point me in the right direction?? :)

[digininja]

The only device I can think of off hand is the Fon 2N but not sure if that supports OpenWrt, most other Fons have done so worth looking at.

Like the mitm idea, I was thinking more of using it to just knock out one party and become it through the Fon. If you get the Fon between switch and a printer or single PC then you can assume their identity and use the network when not sniffing it

[JohnE]

The only device I can think of off hand is the Fon 2N but not sure if that supports OpenWrt, most other Fons have done so worth looking at.

Like the mitm idea, I was thinking more of using it to just knock out one party and become it through the Fon. If you get the Fon between switch and a printer or single PC then you can assume their identity and use the network when not sniffing it

Yes, the general idea is to allow switching to "active" sniff the client, so that you can do iptables redirects,dns spoof or other great advantages when being the man in the middle.

I'm also on the lookout for a Fon2 (2202), beacuse of the USB port, and maybe compile usbip to openwrt (unless its already available.)

other mods is to power the Fon+ with USB power, but currenly i only managed to feed enough power to the device on USB3 ports.

guess my next mod is to try getting POE to work. the device seems to accept voltage from 5-12volts. the fon+ has an internal voltage regulator that is set to regulate the input voltage down to 3.3volts. :)

I also tried a battery pack. but it doesn't hold for more than one hour or two.

[digininja]

Good luck with it.

If you have the cash, look at Ubiquiti products, they do nice things that run PoE and happily run OpenWrt, they may have a device that does what you want.

[JohnE]

Good luck with it.

If you have the cash, look at Ubiquiti products, they do nice things that run PoE and happily run OpenWrt, they may have a device that does what you want.

Thanks!

I'll see if i can find a pricetag somewhere. the RouterStation looks awesome!

[digininja]

If you like those then you'll like these as well. I'm running one with PfSense as a firewall and the other as a media server and about to be my 802.11n AP as well.

http://www.pcengines.ch/

Probably a lot cheaper than the Ubiquiti stuff as well.

[JohnE]

If you like those then you'll like these as well. I'm running one with PfSense as a firewall and the other as a media server and about to be my 802.11n AP as well.

http://www.pcengines.ch/

Probably a lot cheaper than the Ubiquiti stuff as well.

Cool thanks.

Btw, the "active" sniffing i mentioned, i just tried it out with sslstrip. It wouldn't drop packages, it will only slow down the connection. of course this is not very stealthy. (sslstriping also requires you to have a local ip on the "client" bridge interface) but it works great, and btw, disabling VPN compression saved some latency.

I guess i need to make a package of this. I have to work tomorrow, so i can't really use all night. but i have vacation in a couple of weeks, would you like me(allow me) to create a package and some documentation?? I'll be happy to do so. :) after all sharing is caring ;) when i'm at it i will also make an installation script form a clean OpenWRT solution. so that it will automatically install all dependency and create certificates for the complete Interceptor package. I think it's ok to switch to a static PSK (aka ta.key) for the VPN configuration. (it limits the VPN to only allow one user at once.) but it dos not requires the user to generate RSA certificates.

[digininja]

All sounds good, happy to have you update it and do any work on it that you think needs doing. Go for it.

[JohnE]

btw, i see that you use the following.:

if [[ "$pid" != "" ]]

then

kill $pid

fi

I think that the more redundant version is:

if [ ! -z "$pid" ]; then

kill $pid

fi

or simply just do a:

killall openvpn daemonlogger

it basically does the same thing ;)

I guess I'm an asshole trying to teach you how to do shell scripts :P hehe sorry

[digininja]

This was my first large scale bash script based project so most of it is nicked from elsewhere. I'll pass blame on to whoever I stole the code off.

[JohnE]

This was my first large scale bash script based project so most of it is nicked from elsewhere. I'll pass blame on to whoever I stole the code off.

hehe nice! also I can see that it's written a couple of years ago, i might rewrite some of it. ill give you more details as i go.

I have some other dirty projects that I'm working on, mitm attacks/proof of concept. I might post them in this forum if i feel that the project is mature/(easy for other people to use).

anyway, thank you for the Interceptor project. This is also a great tool for debugging network traffic. :)

[digininja]

Go for it. I'd rather the project stayed alive than just died off.

[bobtheman]

are these projects on a public repo some where for open development and code inspection? I would love to have a look, fairly certain ive read that jasager and interceptor are open source

[digininja]

You can download them both fro my site, check my sig for the URLs