So this entire post is inspired by Joshua Wright @ willhackforsushi.com. If you dont know the story; basically his neighbours were stealing his wifi so he thought it wuld be a good idea to mess with them.

He created a VM that broadcasts an open SSID and performs MitM ‘attacks’ against the clients. The pdf of the slides is well worth a read as that is where this idea for the pi came from.

What’s important to note that his idea is based around a VM, all i’m doing here is porting his idea to the Raspberry Pi platform for a smaller, cheaper and low power solution….. so full props to Joshua Wright!

First off with any time you use a new raspbian image you should update it:

1
sudo apt-get update ; sudo apt-get -y upgrade

Install the required packages:

1
sudo apt-get install isc-dhcp-server apache2 squid3 hostapd php5 imagemagick ghostscript jp2a libwww-perl libwww-robotrules-perl

Update network details to match the following:

1
2
3
4
5
cat /etc/network/interfaces
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet dhcp

Configure DHCP server for wifi interface:

1
2
3
4
5
6
7
8
9
10
11
sudo cat /etc/dhcp/dhcpd.conf
authoritative;
default-lease-time 600;
max-lease-time 7200;
option subnet-mask 255.255.255.0;
option broadcast-address 10.0.0.255;
option routers 10.0.0.1;
option domain-name-servers 8.8.8.8, 8.8.4.4;
subnet 10.0.0.0 netmask 255.255.255.0 {
        range 10.0.0.10 10.0.0.254;
}

Configure squid with the following properties:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
sudo cat /etc/squid3/squid.conf
acl manager proto cache_object
acl localhost src 127.0.0.1/32 ::1
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1
acl localnet src 10.0.0.0/24
acl SSL_ports port 443
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443         # https
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access allow localnet
http_access deny all
http_port 3128 transparent
coredump_dir /var/spool/squid3
refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
refresh_pattern (Release|Packages(.gz)*)$      0       20%     2880
refresh_pattern .               0       20%     4320
url_rewrite_children 10
url_rewrite_program /etc/squid3/url_rewrite_program

Copy the contents of service to /opt/squid/sbin and change the perms(see end of post for the downloads):

1
sudo chmod +x /opt/squid/sbin/*.pl

Copy the contents of www to /var/www and change the perms of tmp(see end of post for the downloads):

1
sudo chmod -R 777 /var/www/tmp

Copy the following hostap details to /etc/hostapd/hostapd.conf:

1
2
3
4
interface=wlan0
driver=nl80211
ssid=HotelWiFi
channel=1

And finally copy the script written by Joshua Wright to /root/neightbours.sh:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
#!/bin/bash
SDIR=/opt/squid/sbin
function list_services {
        printf "%20s  %s\n" "Service Name" "Service Function"
        printf "%20s  %s\n" "------------" "----------------"
        for service in `ls $SDIR | grep -v not-working`; do
                desc=`grep DEF: $SDIR/$service | sed 's/.*DEF: //'`
                printf "%20s: %s\n" $service "$desc"
        done
        printf "\n"
}
if [ -z $1 ] || [ -z $2 ] || [ -z $3 ]; then
        list_services
        echo "Usage: $0 wifi_interface internet_interface service_name"
        echo
        exit
fi
if [ ! -f $SDIR/$3 ] ; then
        printf "\n!!! Invalid service name: %s\n\n" $3
        list_services
        exit
fi
echo "[+] Setting IP address on $1"
ifconfig $1 10.0.0.1/24

echo "[+] Starting DHCP server"
/etc/init.d/isc-dhcp-server stop >/dev/null
sleep 2
/etc/init.d/isc-dhcp-server start >/dev/null

echo "[+] Removing old temporary files"
rm -rf /var/www/tmp/* 2>/dev/null

echo "[+] Configuring Squid Proxy for $3"
rm /etc/squid3/url_rewrite_program
ln -s $SDIR/$3 /etc/squid3/url_rewrite_program
service squid3 restart

echo "[+] Setting firewall rules"
iptables --flush
iptables --table nat --flush
iptables --delete-chain
iptables --table nat --append POSTROUTING --out-interface $2 -j MASQUERADE
iptables --append FORWARD --in-interface $1 -j ACCEPT
iptables --table nat -A PREROUTING -i $1 -p tcp --destination-port 80 -j REDIRECT --to-port 3128

echo "[+] Setting up routing"
sysctl -w net.ipv4.ip_forward=1 >/dev/null

echo "[+] Starting wireless AP, press CTRL+C to end"
hostapd /etc/hostapd/hostapd.conf

And dont forget to make it executable!:

1
chmod +x /root/neighbours.sh

Maybe add a rule to prevent access to your uplink IP subnet:

1
iptables -A FORWARD -i $WIFI -o $LAN -d {192.168.0.0/16,172.16.0.0/12,10.0.0.0/8} -j DROP

Should you wish to download the image(for 8GB SD) you can do so from here:
https://github.com/phillips321/raspberrypi-joke-hotspot
Or just get the scripts and code via svn from here:
https://github.com/phillips321/raspberrypi-joke-hotspot

1
svn co https://github.com/phillips321/raspberrypi-joke-hotspot raspberrypi-joke-hotspot

Leave a Reply