RaspberryPi as AccessPoint with 2 Wifi usb running MITMProxy and ParosProxy - raspberry-pi

I was trying to study the HTTP(s) requests/response that the apps from my phone are sending so this is what I went ahead and created.
I turned my Raspberry Pi as an access point with 2 wifi usb dongles. One for my phone to connect to the "TEST" network and the second connected to the internet. Everything works fine and my phone is able to access internet via my RPi.
Now I setup MITMproxy (in transparent mode) so that I can sniff the traffic to-from from my phone apps. I installed the mitmproxy certificate on the phone and the traffic shows up fine on the mitmproxy console.
Final step - To make the web traffic data analysis part easier I found on the net that Paros Proxy might be able to help (show the traffic from mitmproxy) in a more readable way. - THIS IS NOT HAPPENING
I am assuming there is some setup required for ParosProxy so that it can be linked to mimtProxy / network interfaces which I am not able to achieve. Can any one please help with this?
ParosProxy dashboard doesnt show any traffic. As far as the settings (Tool->Options) the default settings are there i.e. for local proxy (host = localhost and port = 8080). I couldnt find much documentation about ParosProxy on the web.
My network interfaces on the RPi is as follows :
wlan0 (connected to internet) - DHCP
wlan1 (Access Point to which the phone apps connect to) - static IP (gateway 192.168.10.1)
Just in case there is some other tool that could help me achieve the same (a GUI/better dashboard to analyse mitmproxy traffic in real time) I am pretty open for it.

Yes there is a better option: OWASP ZAP https://www.owasp.org/index.php/ZAP :)
It was forked from Paros ~ 5 years ago, is very actively maintained and pretty well documented.
See https://github.com/zaproxy/zaproxy for links to the online user guide, FAQ user and developer groups.
FYI we have info on how to get ZAP runnin on a Pi: https://github.com/zaproxy/zaproxy/wiki/zappi but that doesnt include setting up wiki access - it would be great if we could update that page with the necessary steps :)
Simon (ZAP project lead)

Related

2 router in cascade with 2 DHCP and remote access

The installation is in a holidays house (so no permanent internet access)
I have a 4g-Routerm (ROUTER-1 = huawei B525-b23) that enable the internet access. I switch it on one day a week.
I have another router (ROUTER-2 = GL-MT300N-V2).
ROUTER-2 is always plugged on electricity.
On ROUTER-2 is connected through ethernet port a Raspberry-Pi3 (with Home Assistant on it).
On ROUTER-2 is connected through WIFI a Camera IP
ROUTER-1 and ROUTER-2 are connected together through ethernet.
When ROUTER-1 is not plug to electricity, none have acces to internet, but it's not an issue.
The camera save picture on the Rapbery Pi3, the Home Assistat is recording some sensor data.
When I switch on the electricity on the ROUTER-1, everyone have access to internet.
What I want is to have remote Access to my router-2 and my Rasberry and my Camera when ROUTER-1 is online
How should I do ?
Hi I can think of two solutions for this setup but both involve buying a second hand cheap router.
I think the use of a single router would make this setup a lot easier. Any router would work that supports:a USB 4g Modem to be attached to it, and has support for setting up a openvpn server and you need to be OK with leaving the Internet on all the time just make sure you dont have any services running that use up bandwidth and you should be ok. You can can connect both raspberry pi and IP camera to that router. Setup Openvpn server open the UDP port required and download the certificates, You should be able to vpn into your network and manage it through SSH or something remotely.
The second option is tailored to you but still requires swapping the 4G Modem with another one that supports these things: Wake on LAN, openvpn server, supports ssh into it over LAN and either has 4G support through a sim card slot or a usb port with modem support.
You can then have it setup so this new Router-1 is switched off with wake on lan configured on it and the raspberry pi to send the magic packet. You can use something like this to get an idea of how WoL https://www.lifewire.com/wake-on-lan-4149800. You can use cron on your raspberry pi to send WoL signal to Router 1 once a week which would eventually give you internet access once the router is up. You have to setup a vpn server on it and forward the required port and download the certificates. When your scheduled WoL cron runs make sure you are able to connect through vpn then access network resources you wish, at the end when you are done you can ssh into the router-1 and turn it off.
I hope this helps. I had a look at the router models you are using and it doesnt leave you with many options. You can get cheap second hand routers online that support everything that is required.

Passive WiFi detection system using WiFi router

As part of my project requirement I want to make a system which will detect all the WiFi devices in my router range either its connected or not, I did some research on it then I found something like wireshark ,kismate etc I just tried the wireshark by making my Mac machine's WiFi as an adhoc network and its all fine I am able to list all the WiFi devices in wireshark, now I want to make a real-time system based on a real WiFi router I don't know how I will configure my router using my PC and how I will monitor the router from my PC , one more thing if I am using this wireshark how I will use this data for my requirement. If any one worked with similar scenarios please help me..thanks in advance
To do that you will need more than the usual API that you have on commercial WiFi routers (by that I mean a full SSH access). I would:
flash my router with OpenWRT (you can search for your router on this page for detailed instructions)
Install the aircrack-ng suite on the flashed router with
opkg update
opkg install aircrack-ng
Put my WiFi card in monitor mode and run the airodump service:
airmon-ng start wlan0 #Put your NIC in monitor mode
airodump-ng mon0 #Sniff surrounding packets
You don't necessarily have to install aircrack-ng, you can just put your card in monitor mode using command line (look at the documentation for your WiFi driver) and then run tcpdump (command line equivalent to wireshark) but aircrack works very well and has a nice format.
Also, I should warn you that you can brick your router by flashing it. I never had such a problem when flashing router mentioned on the OpenWRT wiki and there are (most of the times) ways to restore a bricked router depending on the brand but I am not responsible if you break it ;)

Viewing Xbox one network traffic

I am trying to view the HTTP traffic going from my Xbox One using charles proxy. However, as Xbox One doesn't allow you to use a proxy this is finding out to be difficult.
I have tried using my laptop's internet connection through ethernet cable from the Xbox One to my laptop, but I cannot see the traffic on Charles.
Does anyone know of a way I can see this traffic?
If you have the dev home app for xbox installed on your xbox it is possible to setup a Charles proxy to monitor the HTTP traffic.
Follow these steps to install the dev home:
https://www.windowscentral.com/how-activate-dev-mode-your-xbox-one-console
Once the dev home app is installed you can enable the device portal on your xbox:
https://learn.microsoft.com/en-us/windows/uwp/debug-test-perf/device-portal-xbox
This is where things get a little hacky, but your going to end up using Charles instead of Fiddler to monitor your devices traffic. You will need to install Fiddler to get a FiddlerRoot.cer (http://docs.telerik.com/fiddler/Configure-Fiddler/Tasks/FirefoxHTTPS), which you upload to your xbox through the network page in the xbox device portal. Then you simply enter your laptops IP address in the "Host IP address" field, and the Fiddler port is the port number defined in your Charles Proxy Settings.
Then you press the Enable button, which will prompt you to restart your xbox. Select the Restart button, and once your xbox restart you will begin to see HTTP traffic in Charles.
Get a homebrew router with linux installed. Then you any linux TCP sniffer tool filtered by IP address to view the traffic. Similarly, you should be able to do the same in the setup you have now.
Does this work for your current setup via bootcamp?
If its connected through wireless, you could also just use a wireless sniffer. However I imagine you would want to look at the contents so this may pose a hurdle with encryption.

Captive Portal - Chillispot | OpenWrt vs DD-wrt

I've been trying to configure a captive portal using DD-wrt and Open-wrt, with my own radius server and I've also tried to configure them using a CSP page (http://worldspot.net).
DD-wrt
My first try was with a TP-LINK WR841N (v7.) and DD-wrt using the web interface. In dd-wrt web interface there is an option in Services -> HotsPot -> ChilliSpot. Here I tried both configurations, using my own server data, and also tried with WorldSpot data, and my issue was the same in both cases:
When I enable Chillispot on the router, I don't get IP assigned, meaning I can't connect to the wifi/lan. It seems the problem is obviusly with the router and It's something like the Chillispot configuration is not working, or the changes are not"applied"
Open-wrt
After some hours trying to make work dd-wrt I think that maybe with open-wrt it was easier to configure, and here I found another problem. After updating my TP-LINK to Open-wrt I realized that I cannot access to the router via WEB, so I have to connect via telnet and ssh to install some packages and make some configurations.
I tried to install "luci" the package for the web gui and I found with some errors:
- First It didn't find the package, and I have to change the /etc/opkg.conf file
- Once I downloaded the package and try to access web I get error uci_load: not found
- Once I fixed the uci package issue, I enable the uhttpd and start it, but when I try to connect via web I get another error "CGI didn't receive any response"
Questions
Someone with more experience than me could point me wich of these softwares is better to have a spot system/captive portal ?
It's possible that in dd-wrt case the configuration of chillispot wasn't applied to the router configuration ?
For open-wrt anyone has same errors with the web interface ?
I've been reading and it seems that it's possible to configurate ChilliSpot via SSH , but the tutorials I found were not very helpfull, anyone can point me to a good tutorial for this ?
I also have a D-Link dir-615 H2 but it seems to be less compatible with open-wrt and dd-wrt than the TP-LINK.
I would be thankfull for any information that can put me in a good direction, thanks!
Some months ago I found a very easy answer for this question about making a captive portal.
The best of this solution is that the router flashing part is very automatized and the Captive Portal configuration is made through a WEB UI very easy to understand and manage
You may also connect through ssh to the router if some software customization is needed, like VLANS
To use this solution your modem should be in this list(At the time the answer is wrote):
Linksys: WRT54G | WRT54GL | WRT54GS
MiniRouter: MR3201A
FonSpot / Fonera (Atheros)
Ubiquiti: Bullet-M | Nano-M | Rocket-M | Airrouter | UniFi | Bullet/Nano/etc/{2/5}
I used this method in several Ubiquiti AirRouters and now it just take me 5 minutes to configure a router for a HotSpot system using FreeRadius.
I tried with FreeRadius installed in a RaspBerry in LAN and also into an VPS through WAN
The steps to flash any of the above routers are:
Download coova-ap.jnlp from here
Open the file with Java Web Start
For Linux systems: sudo javaws coova-ap.jnlp
You have to click Flash CoovaAP and you will see a window like this where you should select your router model:
After the file is downloaded you will see the next window:
Here you should select your network device, usually eth0 (wired) is the best choice, anyways I strongly recommend to click Save firmware to File button to store a backup of the original firmware.
If youre using an Ubiquiti router, before clicking the Start Flashing
you need to:
. If you re using a Ubiquiti device you should put it in TFTP mode by unplugging the POE ethernet cable, and reconnecting it while holding the reset button for 8 seconds. If this doesnt work, you may have to press it for 16 seconds. The LED lights now should flash alternately indicating TFTP mode.
Once you hit Start Flashing and the flash is done, the router will restart and we will be able to access the router using the same Coova software.
Now the Configure CoovaAP button should be clickable and we will see a very fancy interface to configure the router Captive Portal, we will be able to use different HotSpot configurations.
If the button is not clickable make sure the CoovaAP IP is 192.168.1.1
One of the guides that help me most to configure the router using CoovaAP software was HotSpotSystem: Installation CoovaAP guide
On that tutorial you will have more information about some steps and the mainly configuration of the Captive Portal interface. I didn't add the HotSpot part because the question was about which was the best router configuration.
There are some ways to build a captive portal server:
1.
Regarding router compatibility I can only recommend DD-WRT build 22118 or later (coovachilli based dd-wrt).
Following versions are supported: mini_hotspot (broadcom_K26 non-nv60k , non-nv64k!), nokaid, standard, big or mega. Other versions (like mini or micro) don’t contain the hotspot module so they cannot be used for hotspot purposes.
Once you have a such build, you can start a simple Captive Portal with Chillispot.
All what you need is a FreeRadius server & Web Server.
2.
Using OptWARE
Here I used a router Asus RT N16, I've patched it with dd-wrt.v24-18024_NEWD-2_K2.6_mega.bin
The entire tutorial is here.

How do you monitor network traffic on the iPhone? [closed]

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 6 years ago.
The community reviewed whether to reopen this question 9 months ago and left it closed:
Original close reason(s) were not resolved
Improve this question
We are looking for a Wireshark-like tool to use on the iPhone to test a 3rd party application before partnering with the 3rd party. Any suggestions?
A man-in-the-middle proxy, like suggested by other answers, is a good solution if you only want to see HTTP/HTTPS traffic.
The best solution for packet sniffing (though it only works for actual iOS devices, not the simulator) I've found is to use rvictl. This blog post has a nice writeup. Basically you do:
rvictl -s <iphone-uid-from-xcode-organizer>
Then you sniff the interface it creates with with Wireshark (or your favorite tool), and when you're done shut down the interface with:
rvictl -x <iphone-uid-from-xcode-organizer>
This is nice because if you want to packet sniff the simulator, you're having to wade through traffic to your local Mac as well, but rvictl creates a virtual interface that just shows you the traffic from the iOS device you've plugged into your USB port.
Note: this only works on a Mac.
You didnt specify the platform you use, so I assume it's a Mac ;-)
What I do is use a proxy. I use SquidMan, a standalone implementation of Squid
I start SquidMan on the Mac, then on the iPhone I enter the Proxy params in the General/Wifi Settings.
Then I can watch the HTTP trafic in the Console App, looking at the squid-access.log
If I need more infos, I switch to tcpdump, but I suppose WireShark should work too.
I use Charles Web Debugging Proxy it costs but they have a trial version.
It is very simple to set up if your iPhone/iPad share the same Wifi network as your Mac.
Install Charles on your Mac
Get the IP address for your Mac - use the Mac "Network utility"
On your iPhone/iPad open the Wifi settings and under the "HTTP
Proxy" change to manual and enter the IP from step (2) and then Port
to 8888 (Charles default Port)
Open Charles and under the Proxy Settings dialogmake sure the
“Enable Mac OS X Proxy” and “Use HTTP Proxy” are ticked
You should now see the traffic appearing within Charles
If you want to look at HTTPS traffic you need to do the additional 2 steps download the
Charles Certificate Bundle and then email the .crt file to your
iPhone/iPad and install.
In the Proxy Settings Dialog SSL tab, add the specific https top
level domains you want to sniff with port 443.
If your Mac and iOS device are not on the same Wifi network you can set up your Mac as a Wifi router using the "Internet Sharing" option under Sharing in the System Preferences. You then connect your device to that "Wifi" network and follow the steps above.
Run it through a proxy and monitor the traffic using Wireshark.
For Mac OS X
Install Charles Proxy
In Charles go to Proxy > Proxy Settings. It should display the HTTP proxy port (it's 8888 by default).
For Windows
Install Fiddler2
Tools -> Fiddler Options -> Connections and check "Allow remote computers to connect"
General Setup
Go to Settings > Wifi > The i symbol > At the bottom Proxy > Set to manual and then for the server put the computer you are working on IP address, for port put 8888 as that is the default for each of these applications
ARP Spoofing
General notes for the final section, if you want to sniff all the network traffic would be to use ARP spoofing to forward all the traffic from your iOS to a laptop/desktop. There are multiple tools to ARP spoof and research would need to be done on all the specifics. This allows you to see every ounce of traffic as your router will route all data meant for the iOS device to the laptop/desktop and then you will be forwarding this data to the iOS device (automatically).
Please note I only recommend this as a last resort.
On a jailbroken iPhone/iPod capturing traffic is done nicely by both "tcpdump" and "pirni"- available in the cydia repository. Analysis of these data are done by tranfering the capture over to another machine and using something like wireshark. However, given the active development that seems to be going on with these tools it's possible that soon the iPhone will handle it all.
The best solution I have found that Works:
Connect your device thru USB
And type these commands:
rvictl -s UDID - (id of device 20 chars, you can locate 4t in iTunes or organiser in Xcode)
sudo launchctl list com.apple.rpmuxd
sudo tcpdump -n -t -i rvi0 -q tcp
OR just sudo tcpdump -i rvi0 -n
If rvictl is not working install Xcode
For more info:
Remote Virtual Interface
http://useyourloaf.com/blog/2012/02/07/remote-packet-capture-for-ios-devices.html
Without knowing exactly what your requirements are, here's what I did to see packts go by from the iPhone: Connect a mac on ethernet, share its network over airport and connect the iPhone to that wireless network. Run Wireshark or Packet Peeper on the mac.
Here is another way http://www.tuaw.com/2011/02/21/how-to-inspect-ioss-http-traffic-without-spending-a-dime/
I didn't see Roger Nolan's reply, the above link is same workflow with a different tool.
Depending on what you want to do runnning it via a Proxy is not ideal. A transparent proxy might work ok as long as the packets do not get tampered with.
I am about to reverse the GPS data that gets transferred from the iPhone to the iPad on iOS 4.3.x to get to the the vanilla data the best way to get a clean Network Dump is to use "tcpdump" and/or "pirni" as already suggested.
In this particular case where we want the Tethered data it needs to be as transparent as possible. Obviously you need your phone to be JailBroken for this to work.
Try Debookee on Mac OS X which will intercept transparently the traffic of your iPhone without need of a proxy, thanks to MITM, as stated before.
You'll then see in real time the different protocols used by your device.
Disclaimer: I'm part of the development team of Debookee, which is a paid application. The trial version will show you all functionnalities for a limited time.
A general solution would be to use a linux box (could be in a virtual machine) configured as a transparent proxy to intercept the traffic, and then analyse it using wireshark or tcpdump or whatever you like. Perhaps MacOS can do this also, I haven't tried.
Or if you can run the app in the simulator, you can probably monitor the traffic on your own machine.
Com'on, no mention of Fiddler? Where's the love :)
Fiddler is a very popular HTTP debugger aimed at developers and not network admins (i.e. Wireshark).
Setting it up for iOS is fairly simple process. It can decrypt HTTPS traffic too!
Our mobile team is finally reliefed after QA department started using Fiddler to troubleshoot issues. Before fiddler, people fiddled around to know who to blame, mobile team or APIs team, but not anymore.