Jump to content
Darren Kitchen

Introducing the Plunder Bug

Recommended Posts

Hi all -

We're excited to introduce a new bit of kit to the Hak5 arsenal – the Plunder Bug! It's a smart LAN Tap with a new take on Packet Sniffing!

image.png

This is a bit of kit I've been wanting for myself for quite a long time, as I've never been satisfied with the traditional RJ45 Ethernet-based LAN Taps, and if we were going to make one we'd make it special with the ability to act as not just a tap but a mini-switch and a USB Ethernet adapter all in one. 

It's sweet and simple with the convenience of USB-C and a very small form-factor while sporting some features you won't find in your typical LAN Taps – like the integrated USB Ethernet adapter (yay, no more mess of cables and dongles!), the ability to make passive captures or active scans (acting sort of like an unmanaged switch), and a companion Android root app that makes it possible to capture packets right from your phone!

You can find the device for sale now at https://shop.hak5.org/products/bug 
The documentation can be found at https://docs.hak5.org/hc/en-us/categories/360001482953-Plunder-Bug
And the connection scripts are available in the Hak5 Download Center at https://downloads.hak5.org/ and on our Github at https://github.com/hak5/plunderbug-scripts

As for the tech, we've packed in a 10/100 Base-T Fast Ethernet switch with the mirrored traffic heading to the integrated USB Ethernet adapter (ASIX AX88772C chipset) and the whole thing is powered over USB-C with a very low draw around 200-300 mA. INB4 it's compatible with gigabit links in that it'll drop 'em to 100 Mbit.

I'll post a video here shortly – stay tuned! Huge props to the ever growing Hak5 dev team and their awesome work putting together these scripts and the killer Android app (more on that soon) and as always thanks again to you guys for being the awesome Hak5 community that you are, for your feedback and contributions and making this place somewhere all hackers belog 🙂

  • Like 1
  • Upvote 1

Share this post


Link to post
Share on other sites

Sweeeeet! I can't wait to add this one to my collection! I know in the introduction video you just posted you mentioned a plugin system. Will there be additional documentation on how to customize these and create payloads/plugins? Also - is there any onboard storage? Can I tap and grab my captures later? Any chance this will work with C2 as well?? :)

Share this post


Link to post
Share on other sites

This is a great product. I'm buying one (pending answers to these questions) and I am already encouraging others...

Questions:

Looking at the tools scripts, there does not appear to currently be capacity to use more than one on a system at a time. The script looks for the first instance of '00:13:37' and manages rules for that interface. Is this something you plan to enhance in the future?

Making a guess about the design, we have a 100Mbps switch ASIC with one port connected to each RJ45 and one to the AX887722C, configured to mirror traffic to the port for the AX887722C. So the question is, what are the capabilities of that ASIC aside from span, and can we get at the management plane via the AX887722C?

How does this behave with dot1q tagged networks? Is any tag automatically applied to traffic coming in from the AX887722C, is tagged traffic send by the USB connected host sent (flooded?) unmodified, and is this configurable?

Does the tap learn MACs and forward like a switch, or flood all traffic sent by the USB host? Assuming it learns, what is the MAC table capacity? 

Share this post


Link to post
Share on other sites

Don't really see the difference between this and the PS (apart from USB Type C upgrade from Micro) but it sounds cool.

Cringing a bit at the old hardware though..The USB Type C is a good upgrade, +1 for that but I'll have to give a -1 as well because of the lack of gigabit and no PoE (although I completely understand that PoE increases the overall size and footprint of the device).

Good job on releasing a new device though. Glad to see some more hardware coming out to work with.

Share this post


Link to post
Share on other sites
On 3/4/2019 at 7:39 PM, Dave-ee Jones said:

Don't really see the difference between this and the PS (apart from USB Type C upgrade from Micro) but it sounds cool.

I have the PacketSquirrel and i love getting Hak5 Products and tools and supporting them. This does look very cool, and I like that is has a USB-C, but I feel it does the same thing as my packet squirrel. Am I wrong or this or?

Share this post


Link to post
Share on other sites

Mine arrives tomorrow morning super excited but a question I had was will it have C2 abilities will my C2 server be able to see when it's connected

 

 

Share this post


Link to post
Share on other sites
17 hours ago, m40295 said:

Mine arrives tomorrow morning super excited but a question I had was will it have C2 abilities will my C2 server be able to see when it's connected

 

 

I don't think this device contains a MIPS SOC like the packet squirrel, so there is nowhere for the C2 software to run. This is just a network tap and a USB ethernet adapter. 

Share this post


Link to post
Share on other sites

I've really enjoyed using the LAN Turtle! I used it with various techniques (i.e. Wifi to ethernet adapters) and found it great use in all areas of my work. I'm not going to throw away my LAN Turtle (may I'll find a need down the road), but this plunder bug is going to get a lot of usage. I just received my Plunder Bug and loving it! Thanks guys for making my job easier.

Share this post


Link to post
Share on other sites

Received mine yesterday but I’m a little disappointed:

- It looks like it’s plug ‘n play for Windows but for Mac I had to install the drivers from the ASIX website.

- The original cable is too long, when using it with the Plunder Bug Android app it keeps connecting/disconnecting. If I use a shorter cable like Darren in his movie it does work. 

- The Plunder Bug Android app doesn’t see any packets which is strange because when I open a terminal on my phone I can see the Plunder Bug is connected and it even shows packets (RX/TX) so why doesn’t the app see them? 

Share this post


Link to post
Share on other sites

Hi

it’s good for an air-gap system and network that doesn’t have any primary security solution like port security!!!

because it doesn’t let to capture the packets like packet squirrel 

That’s like a toy , it is good to have a fun time in an un-secure networks

Share this post


Link to post
Share on other sites

I'm sure this is a nube question, but just bought an Android phone to be able to use it with the Plunder Bug. When I launch the app, it pops up a message "Let's get started" You'll need to allow root permission to start capturing packets..." however when I click "OK" the popup comes right back so I'm not able to move forward.   Is there somewhere in android I need to make this change before I start the app?   I guess I was expecting that the pop up would do it for me once I agreed, but i'm new to the android world.   Much thanks.

Share this post


Link to post
Share on other sites
On 3/11/2019 at 2:28 PM, SSD said:

I'm sure this is a nube question, but just bought an Android phone to be able to use it with the Plunder Bug. When I launch the app, it pops up a message "Let's get started" You'll need to allow root permission to start capturing packets..." however when I click "OK" the popup comes right back so I'm not able to move forward.   Is there somewhere in android I need to make this change before I start the app?   I guess I was expecting that the pop up would do it for me once I agreed, but i'm new to the android world.   Much thanks.

You need root your Android device. Not all devices can be rooted. What's the make/model of the phone?

Share this post


Link to post
Share on other sites

I have a rooted Android and did get the software installed but when I run it and it does have root access I get 0 packets. 

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...