Sunday, June 5, 2011

Something's Not Quite Right...

Ok, so I've blogged about my fake attwifi hotspot using DD-WRT.  I've blogged about setting up a laptop in between that hotspot and the Internet for packet sniffing with Wireshark.  And I've mentioned doing other more interesting things like setting up the Upside-Down-Ternet.  I decided to put my money where my mouth is and build it out myself, potentially for demonstration purposes at our next security awareness presentation at the company I work for.  How many people in an audience of about 50 do you think I can get to auto-connect to my access point, just by virtue of them having their devices in their pockets?  We're about to find out in a couple of weeks.

After reading the main page for the Upside-Down-Ternet, I realized it was slightly more complicated than just running a script.  Turns out I needed to setup a squid proxy, a web server (likely apache), and some image manipulation tools on my laptop in order to automatically intercept Internet requests for linked images coming from my "victims", pull down those images myself for flipping, and rewrite the links to point to the flipped images on my own web server before delivering the web page to the client.  There is a pretty decent write-up about how to do this in a step-by-step fashion, but there are couple of differences/mistakes in certain sections:

  • Setting up the proxy - Good
  • Setting up the webserver - Instead of:
    • sudo chown www-data:www-data /var/www/images
      • it should be:
    • sudo chown proxy:proxy /var/www/images
      • Otherwise you'll end up with all sorts of permissions errors when squid tries to start manipulating and writing image files.
  • Image Script - Good
  • Networking Setup - Unnecessary, we're going to be taking care of this through our DD-WRT configuration
  • Cleaning Up - Unnecessary, you won't be running it for very long. *ahem*
Also, instead of doing all that sudo-ing, I prefer to just "sudo su" once to get a root shell, but maybe that's just me. Anyway, once you've got that all set up, you can go ahead and test it out locally on the laptop first. Open up Firefox and navigate to Edit --> Preferences --> Advanced --> Network --> Settings... --> Manual proxy configuration. Enter 127.0.0.1 Port 3128 for the HTTP Proxy, and check the box to "Use this proxy server for all protocols."
Click OK to accept everything, then try going to your favorite sites to see the effects! Here's a couple of screenshots showing the updated sites that the original creator used:
If you can't get it to connect properly, or it just seems to be hanging, try kicking the services like so:
  • service squid restart
  • service apache2 restart
and that should work. Now, remember that whole proof-of-concept from the last blog entry? Well, once the router is setup to get Internet access through the laptop, you need to configure it so that anybody that connects to the router, goes through your new proxy. How do we do that? You'll need to use another device to manage the router for this, or you can temporarily connect the wireless interface of your laptop to the router instead of your real Internet connection to create a bit of a circular mess. :) Just remember to disconnect from attwifi and back to your true Internet connection on the laptop before calling it a day. In my case I used my iPad connected to attwifi to perform these steps.
  • In the DD-WRT interface, navigate to Services --> Hotspot --> HTTP Redirect.
  • Click the radio button to Enable this functionality, then for the HTTP Destination IP, enter in the IP address of the router's assigned gateway, which is also the IP adddress of the laptop's Ethernet interface. You can find that out easily by doing "ifconfig" on the laptop and looking for the IP address assigned to the "eth0" interface.
  • For the HTTP Destination Port, enter 3128.
  • For the HTTP Source Network, enter the CIDR address without the /24 or whatever your subnet mask might be.
  • Click Save and then Apply Settings at the bottom of the page and wait for the router to come back up.
At this point, everything should be good to go! Try it out from any mobile device connected to your router, and voila:
Mogrify has a TON of image manipulation options, so play around and see which one you like the most. In the meantime, I think at this point you probably all want me to come up with a new line of topics to blog about already. Don't worry, have a bunch in draft, coming soon.

Cheers.
Posted by at
Labels: , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)