Adding MicroSD card

[RazerBlade]

So after seeing the packet squirrel, it seems that it will rely on having external USB as storage, would it be possible to mod it to add a micro sd card slot instead. Or maybe HAK5 are switching to USB as micro sd cards are not the most stable on the wifi pineapples.

[sundhaug92]

Think the simplest way would be to just use a tiny microSD-card reader, some of them stick out about as much as a receiver for a mouse

[Darren Kitchen]

The only payload out of the box that requires a USB disk is tcpdump for packet captures. We made it this way so it would have a really simple user experience. Since I know you already have some rather large USB drives laying around. The USB cost per gigabyte is a bit better than MicroSD - and doesn't require a reader. It's also *way* less expensive than putting on an SSD like the Bunny. So with that payload you just plug in a USB drive, fill it up with pcaps using the Squirrel, then plug it right into your computer to analyze with wireshark.

The other two payloads, dnsspoof and openvpn, don't require a USB drive at all.

That said it's really handy that you can load up more modules from USB. Just put a payload file on a USB drive and if it's plugged into the Squirrel before it boots, it'll run that payload instead of the ones on internal memory.

On the LAN Turtle SD we obviously went with Micro SD because of the size restrictions of the case.

[sundhaug92]

8 hours ago, Darren Kitchen said:

The only payload out of the box that requires a USB disk is tcpdump for packet captures. We made it this way so it would have a really simple user experience. Since I know you already have some rather large USB drives laying around. The USB cost per gigabyte is a bit better than MicroSD - and doesn't require a reader. It's also *way* less expensive than putting on an SSD like the Bunny. So with that payload you just plug in a USB drive, fill it up with pcaps using the Squirrel, then plug it right into your computer to analyze with wireshark.

The other two payloads, dnsspoof and openvpn, don't require a USB drive at all.

That said it's really handy that you can load up more modules from USB. Just put a payload file on a USB drive and if it's plugged into the Squirrel before it boots, it'll run that payload instead of the ones on internal memory.

On the LAN Turtle SD we obviously went with Micro SD because of the size restrictions of the case.

Curious, how does the external USB-storage support the switch, is it just to copy the repo?

[Teabot 5000]

11 hours ago, Darren Kitchen said:

The only payload out of the box that requires a USB disk is tcpdump for packet captures. We made it this way so it would have a really simple user experience. Since I know you already have some rather large USB drives laying around. The USB cost per gigabyte is a bit better than MicroSD - and doesn't require a reader. It's also *way* less expensive than putting on an SSD like the Bunny. So with that payload you just plug in a USB drive, fill it up with pcaps using the Squirrel, then plug it right into your computer to analyze with wireshark.

The other two payloads, dnsspoof and openvpn, don't require a USB drive at all.

That said it's really handy that you can load up more modules from USB. Just put a payload file on a USB drive and if it's plugged into the Squirrel before it boots, it'll run that payload instead of the ones on internal memory.

On the LAN Turtle SD we obviously went with Micro SD because of the size restrictions of the case.

Could the option to added to the tcpdump launch script to save the packet capture to another host rather than having to save on the USB?

For example you can pipe the output of tcpdump to an SSH session and append the capture to a file on the SSH server like so:

tcpdump -w - | ssh -t user@192.168.1.1 "cat >> coolcap.pcap"

That'll append new packets to the capture saved on the other host. You can read the capture live on the other side like this:

tail -n +1 -f coolcap.pcap | tcpdump -r -

Of course you don't need to read the capture live, it's just kinda cool to be able to do it. Adding this would help make packet captures a bit more versatile. It would be a pain to have to stop captures and scp the cap over to another host when the USB drive is full. This way you could just save directly on another host.

 

[Darren Kitchen]

7 hours ago, Teabot 5000 said:

Could the option to added to the tcpdump launch script to save the packet capture to another host rather than having to save on the USB?

For example you can pipe the output of tcpdump to an SSH session and append the capture to a file on the SSH server like so:

tcpdump -w - | ssh -t user@192.168.1.1 "cat >> coolcap.pcap"

That'll append new packets to the capture saved on the other host. You can read the capture live on the other side like this:

tail -n +1 -f coolcap.pcap | tcpdump -r -

Of course you don't need to read the capture live, it's just kinda cool to be able to do it. Adding this would help make packet captures a bit more versatile. It would be a pain to have to stop captures and scp the cap over to another host when the USB drive is full. This way you could just save directly on another host.

 

 

Totally possible - just ensure that tcpdump is filtered so that it does not create an echo effect sending the ssh packets over the ssh tunnel ;-)

Would make a great payload

[Teabot 5000]

2 hours ago, Darren Kitchen said:

 

Totally possible - just ensure that tcpdump is filtered so that it does not create an echo effect sending the ssh packets over the ssh tunnel ;-)

Would make a great payload

I got caught with that on a test run. It's really something to see a few pings grow to a 200MB+ pcap file after a few seconds!

I think saving a pcap to a remote host would be useful for the Turtle too. I'll put together a module for the Turtle first and I'll port the functionality over to a Packet Squirrel payload some time in the future, unless someone beats me to it :)