1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Messing with wifi stealers?

Discussion in 'Tomato Firmware' started by nate123, Jan 20, 2009.

  1. nate123

    nate123 Addicted to LI Member

    Messing with wifi stealers?(AKA upside-down-ternet)

    I know how to redirect untrusted MAC's to a website of my choice) using IP tables
    (look below, if you want to see that)

    So... I figured out how to run the URL_redirect_program (the script). Once I have overcome my other issues ( mentioned below) I will post a complete tutorial.


    here is the site
    http://ex-parrot.com/~pete/upside-down-ternet.html


    here is the site pasted here:

    Upside-Down-Ternet (hehehe)

    we set iptables to forward everything to a transparent squid proxy running on port 80 on the machine.

    iptables -A PREROUTING -s 192.168.0.0/255.255.255.0 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.1.101

    That machine runs squid with a trivial re director that downloads images, uses transmogrify to turn them upside down and serves them out of it's local web server.
    The redirection script

    The script below is my issue. I am running squidNT 2.7 stable 2. The squid.conf has been modified so that this script is a URL redirect script.

    Edit again: I now know how to "mogrify" the images. I am going to use imageMagick win2k, and will modify the script appropriately

    Edit again: I posted on the ActivePerl forum, because my modified script is a fail.

    It would seem that I need to rewrite the script... It requires Linux, and perl and some other things... I will keep trying

    #!/usr/bin/perl
    $|=1;
    $count = 0;
    $pid = $$;
    while (<>) {
    chomp $_;
    if ($_ =~ /(.*\.jpg)/i) {
    $url = $1;
    system("/usr/bin/wget", "-q", "-O","/space/WebPages/images/$pid-$count.jpg", "$url");
    system("/usr/bin/mogrify", "-flip","/space/WebPages/images/$pid-$count.jpg");
    print "http://127.0.0.1/images/$pid-$count.jpg\n";
    }
    elsif ($_ =~ /(.*\.gif)/i) {
    $url = $1;
    system("/usr/bin/wget", "-q", "-O","/space/WebPages/images/$pid-$count.gif", "$url");
    system("/usr/bin/mogrify", "-flip","/space/WebPages/images/$pid-$count.gif");
    print "http://127.0.0.1/images/$pid-$count.gif\n";

    }
    else {
    print "$_\n";;
    }
    $count++;
    }

    I saved the script above as redirect.pl - I have squid successfully running on my pc

    1 More thing to do: How do i get squid to save images to a separate folder?

    Modified Script for windows, thanks to ActivePerl Fourms: ( you need ImageMagick, ActivePerl, and Wget for windows)

    #C:/Perl/bin/perl
    $|=1;
    $count = 0;
    $pid = $$;
    while (<>) {
    chomp $_;
    if ($_ =~ /(.*\.jpg)/i) {
    $url = $1;
    system('C:\\wget\\wget', '-q', '-O','C:\\squid\\var\\WebPages\\images\\$pid-$count.jpg', '$url');
    system('C:\\squid\\vm\\bin\\mogrify', '-flip','C:\\squid\\var\\WebPages\\images\\$pid-$count.jpg');
    print 'http://127.0.0.1/images/$pid-$count.jpg\n';
    }
    elsif ($_ =~ /(.*\.gif)/i) {
    $url = $1;
    system('C:\\wget\\wget', '-q', '-O','C:\\squid\\var\\WebPages\\images\\$pid-$count.gif', '$url');
    system('C:\\squid\\vm\\bin\\mogrify', '-flip','C:\\squid\\var\\WebPages\\images\\$pid-$count.gif');
    print 'http://127.0.0.1/images/$pid-$count.gif\n';

    }
    else {
    print "$_\n";;
    }
    $count++;
    }
    ____________________________________________________________________
    To do a redirect for untrusted MAC's, follow the instruction:

    iptables -t nat -A PREROUTING -m mac --mac-source YY:YY:YY:YY:YY:YY -p tcp -j ACCEPT

    Where YY:YY:YY:YY:YY:YY is one of the MAC address. Repeat this with as many trusted MAC's that you have. Place each one on the Firewall script page (administration => scripts => firewall)

    then, Ping the site that you want the Untrusted MAC addresses to go (and test it, for example, icanhascheezburger.com, is hosted by wordpress, so if you use their IP, it will take the victim to Wordpress.org)

    iptables -t nat -A PREROUTING -p tcp -j DNAT --to-destination ZZZ.ZZZ.ZZZ.ZZZ

    Where ZZZ.ZZZ.ZZZ.ZZZ is the IP address you want to direct traffic to

    Paste that line into the firewall script page as well, and save it. then, reboot your router. I found that i had to reboot my router each time i changed or added anything, for the changes to take effect.
     
  2. szfong

    szfong Network Guru Member

    A simpler solution would be to redirect them to a random list of malware infector sites OR some foreign porn sites. You may get a knock on the door from the local authories, but if the website/pages are runned locally it'll be harder to locate you as long as your local wireless communications authority doesn't get involved using their rf location gear, your OK. ;-)
     
  3. travanx

    travanx Network Guru Member

    That is funny. This is why I am always worried when logging onto any wifi sites that aren't mine. Including being at starbucks. BTW how come you leave your wifi open if people are using it?
     
  4. nate123

    nate123 Addicted to LI Member

    people aren't stealing my wifi .... but it is fun to mess with friends and family who come over. Turn everything upside down on them.

    Also, i am sure other people will find it useful and funny.
     
  5. FRiC

    FRiC LI Guru Member

    That script involves more than just iptables. It forwards everything to a local squid proxy which flips the images and then serves out the images on its local web server.
     
  6. nate123

    nate123 Addicted to LI Member

    EDIT: see 1st post for how to do it...

    ok. If i wanted to redirect any unknown mac address's to a certain website, how would I do that?
     
  7. nate123

    nate123 Addicted to LI Member

    EDIT: still need help w/ squid... but figured out tomato side of things. (see 1st post)

    Ok, i have set up a squid proxy on my PC. 192.168.1.101:80
    (well, kinda still working on that... but still)
    how would i go about the Tomato side of things?
     
  8. nate123

    nate123 Addicted to LI Member

    Moved to main post for easier access...
     
  9. nate123

    nate123 Addicted to LI Member

    Bump- anyone have any knowledge about the Squid Proxy for windows (or for linux) and how to execute scripts, like the one above (1st post)
     
  10. Planiwa

    Planiwa LI Guru Member

    This is a reasonable question. For example, someone might have acquired a new computer (or smart-phone), and is trying to connect to the network, but doesn't know how to register it. It might be useful to show them a web page that explains it.

    (This would be easy with a netcat with ears ...)
     
  11. nate123

    nate123 Addicted to LI Member

    Thanks for the respones.... I figured out how to redirect them to any website, but what your saying is my 3rd step

    step 1- Put all trusted MAC's in this form: iptables -t nat -A PREROUTING -m mac --mac-source YY:YY:YY:YY:YY:YY -p tcp -j ACCEPT
    and then paste that into the firewall script section
    step 2-run and configure Squid, so that it flips images or blurs them- I am stuck here
    step 3- redirect traffic from untrusted MAC's to my PC(iptables -A PREROUTING -s 192.168.0.0/255.255.255.0 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.1.101), through the proxy, and then serve it out through the router again
     
  12. nate123

    nate123 Addicted to LI Member

    On a side note, what is the Measurement of CPU Load?

    Mine hits 2.3+ while torrenting at 500kbps+, and web browsing.
     
  13. Planiwa

    Planiwa LI Guru Member

    1. That's high.
    2. Your load has very little to do with throughput and very much to to with connection-storms. Connection storms are exactly like spam in the sense that almost all of the resources are overwhelmed in an effort that remains almost entirely futile.
    3. While connection storms may try to establish 100's or 1000's of (mostly uncompleted) connections in a few seconds, they are over just as fast, and you may never notice them.
    4. Most of the connections in your conntrack table are likely to be defunct and languishing until they time out.
     
  14. nate123

    nate123 Addicted to LI Member

    ok, CPU load is better after reboot.
     
  15. nate123

    nate123 Addicted to LI Member

    1 More thing to do: How do i get squid to save images to a separate folder?
     
  16. schnikies79

    schnikies79 LI Guru Member

    Does anyone know how to modify the iptables line to redirect a designated mac address instead of all unknown mac addys?

    As in all mac address pass-through just fine, except the one I specify, which gets redirected to the proxy?

    If it's easier, is it possible to send a LAN address (ie. 192.168.1.125) to the proxy, and everyone else not?
     
  17. nate123

    nate123 Addicted to LI Member

    my instructions are just for an specific MAC, not all unknowns, look at the bottom of the first post

    i gave up on the squid proxy, i just redirect to XKCD...

    if you have a linux box laying around, go for it! let me know how it goes!
     
  18. zedhead

    zedhead Addicted to LI Member

    So would it be possible to do something similar to this but make it IP specific and only dependent on 1 specific domain? For example what would I add to have IP#192.168.1.79 redirect all requests for facebook.com to go to kittenwars.com? But al other domain requests would be fine from the same machine?

    Thanks in advance for any help you can provide.

    cheers,

    Zed



     
  19. tomatofan

    tomatofan Addicted to LI Member

    I have an idea; enable encryption.
     
  20. TexasFlood

    TexasFlood Network Guru Member

    That's what I do.
     
  21. zedhead

    zedhead Addicted to LI Member

    My question isnt to keep unwanted people off my network...it was how to redirect a specific PC to a specific domain based on the DNS request they make.
     
  22. kroiz

    kroiz Networkin' Nut Member

    I would love to have something like this, did you managed to do it?
     

Share This Page