CryptopartyForInstructors/NewsTweek

From Hackerspace Brussels
Jump to: navigation, search

Intro

This is an implementation inspired by http://newstweek.com/howto . A laptop running an access point, using mitmproxy to replace content on mainstream news websites to illustrate the added value of ssl(https). This is a non-intrusive setup, running it's own access point instead of ARP poisoning an existing network.

Demo

Setup

Hardware

A laptop thinkpad X61 running Debian Testing. It requires a wireless network card that supports AP mode, we are using a Ralink RT5370.

# lsusb 
Bus 004 Device 003: ID 148f:5370 Ralink Technology, Corp. RT5370 Wireless Adapter
# iw list
        Supported interface modes:
                 * IBSS
                 * managed
                 * AP
                 * AP/VLAN
                 * WDS
                 * monitor
                 * mesh point

Access point

Hostapd (http://w1.fi/hostapd/) is used create the access point. In below example, wlan1 is the access point interface.

debian # vi /etc/hostapd/hostapd.conf 
interface=wlan1
driver=nl80211
ssid=NewsTweek
channel=6
hw_mode=g
auth_algs=1
# add below to enable WPA
#wpa=2
#wpa_passphrase=addyourwpakeyhere
#wpa_key_mgmt=WPA-PSK
#wpa_pairwise=TKIP CCMP
#rsn_pairwise=CCMP
debian # vi /etc/default/hostapd
DAEMON_CONF="/etc/hostapd/hostapd.conf"

Set a static ip:

debian # ifconfig wlan1 192.168.42.1/24

Dnsmasq is used to run the dhcp server:

debian # vi /etc/dnsmasq.conf
dhcp-range=192.168.42.50,192.168.42.150,12h

NAT

Setup NAT:

debian # echo "1" > /proc/sys/net/ipv4/ip_forward
debian # iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE
debian # iptables -A FORWARD -i wlan1 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT
debian # iptables -A FORWARD -i wlan1 -o wlan0 -j ACCEPT

mitmproxy

mitmproxy - https://mitmproxy.org/ - is a nice project that provides most of the functionality needed for mitm (support for ssl as well). Check the verbose documentation on their website. The modify_response_body.py is used to replace the content (supports content-type gzip).

debian # iptables -t nat -A PREROUTING -i wlan0 -p tcp --dport 80 -j REDIRECT --to-port 8080
debian # iptables -t nat -A PREROUTING -i wlan0 -p tcp --dport 443 -j REDIRECT --to-port 8080

debian # ./mitmproxy -T --anticache -s "examples/modify_response_body.py Obama Poetin"