CryptopartyForInstructors/NewsTweek
Intro
This is an implementation inspired by http://newstweek.com/howto . A laptop running an access point, using mitmproxy to replace content on mainstream news websites to illustrate the added value of ssl(https). This is a non-intrusive setup, running it's own access point instead of ARP poisoning an existing network.
Demo
Setup
Hardware
A laptop thinkpad X61 running Debian Testing. It requires a wireless network card that supports AP mode, we are using a Ralink RT5370.
# lsusb Bus 004 Device 003: ID 148f:5370 Ralink Technology, Corp. RT5370 Wireless Adapter # iw list Supported interface modes: * IBSS * managed * AP * AP/VLAN * WDS * monitor * mesh point
Access point
Hostapd (http://w1.fi/hostapd/) is used create the access point. In below example, wlan1 is the access point interface.
debian # vi /etc/hostapd/hostapd.conf interface=wlan1 driver=nl80211 ssid=NewsTweek channel=6 hw_mode=g auth_algs=1 # add below to enable WPA #wpa=2 #wpa_passphrase=addyourwpakeyhere #wpa_key_mgmt=WPA-PSK #wpa_pairwise=TKIP CCMP #rsn_pairwise=CCMP
debian # vi /etc/default/hostapd DAEMON_CONF="/etc/hostapd/hostapd.conf"
Set a static ip:
debian # ifconfig wlan1 192.168.42.1/24
Dnsmasq is used to run the dhcp server:
debian # vi /etc/dnsmasq.conf dhcp-range=192.168.42.50,192.168.42.150,12h
NAT
Setup NAT:
debian # echo "1" > /proc/sys/net/ipv4/ip_forward debian # iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE debian # iptables -A FORWARD -i wlan1 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT debian # iptables -A FORWARD -i wlan1 -o wlan0 -j ACCEPT
mitmproxy
mitmproxy - https://mitmproxy.org/ - is a nice project that provides most of the functionality needed for mitm (support for ssl as well). Check the verbose documentation on their website. The modify_response_body.py is used to replace the content (supports content-type gzip).
debian # iptables -t nat -A PREROUTING -i wlan0 -p tcp --dport 80 -j REDIRECT --to-port 8080 debian # iptables -t nat -A PREROUTING -i wlan0 -p tcp --dport 443 -j REDIRECT --to-port 8080 debian # ./mitmproxy -T --anticache -s "examples/modify_response_body.py Obama Poetin"