An HTTP and HTTPS sniffing tool created using a Raspberry Pi
MIT License
Now after the Pi has completed the boot process, a login will appear where you can use the default settings for login into the Pi: Username - pi, Password - raspberry
When you have succeessfully logged in, you will see the command line prompt pi@raspberrypi~$
Now once you are logged into you Pi, run
sudo apt-get update
and
sudo apt-get upgrade
to update your Pi to the newest available updates
If you have an ethernet cable plugged in into your Pi, you can start the web browser and see if the internet is working or not
Now type ifconfig in the terminal and note the IP address of your Pi in the eth0 interface(this would be the IP address of the Pi)
You now want to create a wifi-hotspot using the wifi-card on the Pi. This can be achieved using a service called hostapd but you don't just want the hotspot, you also want the internet access through the wireless access point. You also install the dnsmasq service for this purpose which is an easy to configure DNS and DHCP server
Use the following command and hit y when prompted to do so
sudo apt-get install dnsmasq hostapd
The next step you need to do is to provide your wlan0 interface with a static IP. We already have our raspberry pi connected to the ethernet cable from whihc we will be sharing our internet
We will be using dhcpcd(most feature-rich open source DHCP client) to configure our interface configuration so open it up using
sudo nano /etc/dhcpcd.conf
We need to tell it that our wlan0 has a static IP. So add these lines to it at the bottom of the file:
interface wlan0
static ip_address=172.24.1.1/24
We also need to prevent wpa_supplicant from running and interfering with setting up wlan0 in access point mode. To do this open up the interface configuration file with
sudo nano /etc/network/interfaces
and comment out the line containing wpa-conf in the wlan0 section, so that it looks like this
allow-hotplug wlan0
iface wlan0 inet manual
# wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf
Now restart dhcpcd with
sudo service dhcpcd restart
and it should assign wlan0 with a static IP address
Now we need to configure hostapd. Change the configuration file for hostapd using
sudo nano /etc/hostapd/hostapd.conf
with the contents given in the hostapd.conf file
To check whether all we've been doing is working or not, just run this command
sudo /usr/sbin/hostapd /etc/hostapd/hostapd.conf
If everything goes well, you should be able to see the network Pi3-AP from your mobile phone or laptop device. You can try connecting to it in whoch case you would see some output from the Pi but you won't be allotted an IP address until we configure dnsmasq. So press Ctrl + c to stop it
Right now, hostapd is not configured to work on a fresh boot. So we also need to tell hostapd where to look for the config file when it starts up on boot. Open up the default configuration file with
sudo nano /etc/default/hostapd
and find the line #DAEMON_CONF="" and replace it with DAEMON_CONF="/etc/hostapd/hostapd.conf" and this would do the job
The dnsmasq config file that comes preinstalled contains a lot of functionalities that we don't require at all so we delete it and create a new one using and paste the contents of dnsmasq.conf into it:
sudo mv /etc/dnsmasq.conf /etc/dnsmasq.conf.orig
sudo nano /etc/dnsmasq.conf
Now we need to enable packet forwarding. For this we need to open sysctl.conf using:
sudo nano /etc/sysctl.conf
and uncommenting the line net.ipv4.ip_forward=1 and it will be enabled on the next boot
But to enable it for this session we quickly do:
sudo sh -c "echo 1 > /proc/sys/net/ipv4/ip_forward"
Now we also need to share our Pi's internet to the devices connected to it throught the Wifi by configuring a NAT between the eth0 and wlan0 interface. We do this using the following commands:
sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
sudo iptables -A FORWARD -i eth0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT
sudo iptables -A FORWARD -i wlan0 -o eth0 -j ACCEPT
But to enable the above settings everytime we boot, we need to do:
sudo sh -c "iptables-save > /etc/iptables.ipv4.nat"
and this will copy the settings to iptables.ipv4.nat file
now we need dhcpcd to run this and we do this by opening:
sudo nano /lib/dhcpcd/dhcpcd-hooks/70-ipv4-nat
and adding this to the file and saving it:
iptables-restore < /etc/iptables.ipv4.nat
now we are just one step behind sharing our internet through the Pi, just do:
sudo service hostapd start
sudo service dnsmasq start
and reboot the Pi for rechecking everything worked correctly using:
sudo reboot
Now you would be able to connect to the internet through the Pi's network!
Now we would tweak some settings and configurations and use mitmproxy to set up a man in the middle attack using our Raspberry Pi on it's hotspot
First you would need to install mitmproxy and any dependencies related to it:
sudo pip install mitmproxy
Now we need to set up a transparent proxy using the iptables which can be done using the commands in the mitm.sh file
Now run the mitm.sh file using:
sudo ./mitm.sh
Now connect your phone to the Pi's hotspot and open your browser and browse some sites and you will see the data being generated in the console will all the http requests and responses
You can use the mitmproxy documentation for more information on how to use, look and store the data collected by mitmproxy
So we are set up as a man in the middle for the users connected to our Pi's network. But note here that we are only able to get information about the HTTP requests and not the HTTPS requests which are encrypted and need further hacking to break into which we do below
To get mitmproxy working for secure sites, you need to make a fake SSL certificate for the site you want to sniff and this would work even when the certificate is invalid because of the reasons given in Priyank's blog which you can go through
So now follow the steps given below to create your fake certificate:
openssl genrsa -out myown.cert.key 8192
openssl req -new -x509 -key myown.cert.key -out fakesite.cert
Specify all values like Company, BU, Country etc, as they appear in real certificate
cat myown.cert.key fakesite.cert > fakesite.pem
Now you can run mitmproxy using this command:
mitmproxy -p 8888 –cert=fakesite.pem
Note: You can use any available port number in place of 8888
To connect to the network use the same port in advance options setting of the wifi network and then connect
Now you would be able to see request data from the secured site as well using mitmproxy