https://github.com/andrewhilts/snifflab

Scripts to create your own MITM'ing, packet sniffing WiFi access point
https://github.com/andrewhilts/snifflab

Last synced: 2 months ago
JSON representation

Scripts to create your own MITM'ing, packet sniffing WiFi access point

• Host: GitHub
• URL: https://github.com/andrewhilts/snifflab
• Owner: andrewhilts
• Created: 2015-08-14T14:49:38.000Z (almost 9 years ago)
• Default Branch: master
• Last Pushed: 2015-08-21T15:32:34.000Z (almost 9 years ago)
• Last Synced: 2024-01-28T04:02:04.574Z (5 months ago)
• Language: Python
• Size: 143 KB
• Stars: 144
• Watchers: 18
• Forks: 39
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Lists

• awesome-network-stuff - **128**星
• awesome-stars - andrewhilts/snifflab - Scripts to create your own MITM'ing, packet sniffing WiFi access point (Python)
• awesome-network-stuff - **128**星

README

        
# Setting up a SNIFFLAB

## Detailed Guide

Please consult the detailed guide on setting up your own Snifflab network here: https://openeffect.ca/snifflab-an-environment-for-testing-mobile-devices/

## sniffer.py command line arguments

	-i (specify the network interface)

	-s (specify the file size limit)

	-t (specify the time interval, in seconds, between new PCAP files)

	-f (specify a filename suffix to append to each PCAP.

	-u (specify a ssh username for a remote backup)

	-h (specify a ssh host for remote backup)

	-p (specify the path on the remote host for backup)

## Firewall rules on DD-WRT router to send traffic to MITM proxy box

Make sure the network interface (vlan1 here) is correct.

	PROXYIP=your.proxy.ip

	iptables -t mangle -A PREROUTING -j ACCEPT -p tcp -m multiport --dports 80,443 -s $PROXYIP

	iptables -t mangle -A PREROUTING -j MARK --set-mark 3 -p tcp -m multiport --dports 80,443

	ip rule add fwmark 3 table 2

	ip route add default via $PROXYIP dev vlan1 table 2

## PCAP machine scripts

/etc/network/interfaces

	auto lo

	iface lo inet loopback

	iface eth0 inet manual

	iface eth1 inet manual

	allow-hotplug wlan0

	iface wlan0 inet dhcp

	wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf

	iface default inet dhcp

	auto bond0

	iface bond0 inet dhcp

	bond-mode 3

	bond-miimon 100

	slaves eth0 eth1

/etc/wpa_supplicant/wpa_supplicant.conf

	ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev

	update_config=1

	network={

	        ssid=""

	        psk=hashofyourpassword

	        proto=RSN

	        key_mgmt=WPA-PSK

	        pairwise=TKIP

	        auth_alg=OPEN

	}

### Getting the network running correctly on boot

/etc/init.d/network.sh

	#!/bin/sh

	### BEGIN INIT INFO

	# Provides:		network.sh

	# Short-Description:	Ensure WiFi as well as Ethernet interfaces are up

	# Description:

	# Default-Start:	2 3 4 5

	# Default-Stop:		0 1 6

	# Required-Start:	$remote_fs $syslog

	# Required-Stop:	$remote_fs $syslog

	### END INIT INFO

	sudo ifplugd eth0 --kill

	sudo ifup wlan0

	sudo ifup eth0

	sudo ifup eth1

	sudo ifconfig eth1 promisc

	sudo ifconfig eth0 promisc

	exit 0

### Start capturing packets on startup -- create a sniffer service

/etc/init/sniffer.conf

	#sniffer.conf

	start on runlevel [2345]

	stop on runlevel [016]

	script

		cd /home/pi/snifflab

		exec python sniffer.py -i bond0 -s 100 -t 1200

	end script

## MITM proxy service

mitm.conf

	start on filesystem

	script

		sudo iptables -A PREROUTING -t nat -i em1 -p tcp -m multiport --dports 80,443 -j REDIRECT --to-port 4567

		SSLKEYLOGFILE=/var/log/mitmkeys.log

		export SSLKEYLOGFILE

		echo "MITM Keys being logged here: $SSLKEYLOGFILE"

		exec mitmdump -T --host --conf=/etc/mitmproxy/common.conf

	end script

## Script to backup pcaps to local machine

	#!/bin/bash

	remote_server=yourservername

	pcap_dir=/pcaps

	keylogfile=/var/log/mitmkeys.log

	local_dir=~/Documents/snifflab

	rsync -a "$remote_server":$pcap_dir $local_dir

	scp "$remote_server":$keylogfile $local_dir