Skip to content

An HTTP and HTTPS sniffing tool created using a Raspberry Pi

License

Notifications You must be signed in to change notification settings

zoracon/RaspberryPi-Packet-Sniffer

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

82 Commits
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Fork heavily differs by automating from the official RPi Documentation

📡 RaspberryPi-Packet-Sniffer

A simple HTTP and HTTPS sniffing tool created using Raspberry Pi (only for educational purposes)

Notes:

Setting up your Raspberry Pi

Prerequisites:

  • Ensure you have administrative access to your Raspberry Pi. The network setup will be modified as part of the installation: local access, with screen and keyboard connected to your Raspberry Pi, is recommended.

  • Connect your Raspberry Pi to the Ethernet network and boot the Raspberry Pi OS.

  • Ensure the Raspberry Pi OS on your Raspberry Pi is up-to-date and reboot if packages were installed in the process.

  • Take note of the IP configuration of the Ethernet network the Raspberry Pi is connected to:

    In this document, we assume IP network 10.10.0.0/24 is configured on the Ethernet LAN, and the Raspberry Pi is going to manage IP network 192.168.4.0/24 for wireless clients.

    Please select another IP network for wireless, e.g. 192.168.10.0/24, if IP network 192.168.4.0/24 is already in use by your Ethernet LAN.

  • Have a wireless client (laptop, smartphone, …) ready to test your new access point.

Getting the Operating System to install on the Pi

  1. You need to install the latest version of NOOBS or Raspbian on your Pi, and for that you need a bootable SD card with the OS installed on it.
  2. Format your SD card with Raspberry Pi Imager. You can also setup SSH and a user With the offical imager in the settings before you write to the sd card. This way you won't have to use the GUI and can just SSH into your Pi.
  3. Follow the instructions on the software and using a USB Micro SD card reader or an adapter.
  4. Now you have your OS on the SD card and you are ready to use it to boot your Pi.

Logging into your Raspberry Pi

  1. SSH in with the user you setup. ssh <user>@<RPi IP>.

  2. Once you are logged into you Pi, run:

    sudo apt-get update

    and

    sudo apt-get upgrade

    to update your Pi to the newest available updates

Create a Wifi-access Point

  1. If you have an ethernet cable plugged in into your Pi, you can start the web browser and see if the internet is working or not.

  2. Now type ifconfig in the terminal and note the IP address of your Pi in the eth0 interface(this would be the IP address of the Pi).

  3. You now want to create a wifi-hotspot using the wifi-card on the Pi. This can be achieved using a service called hostapd but you don't just want the hotspot, you also want the internet access through the wireless access point. You also install the dnsmasq service for this purpose which is an easy to configure DNS and DHCP server.

  4. ❗ Edit hostapd file to preferred ssid and wpa_passphrase ❗

  5. Use the following command and hit y when prompted to do so

    sudo ./setup.sh

Now you would be able to connect to the internet through the Pi's network!

Machine in the Middle Pi

  1. Now run the mitm.sh file using:

    sudo ./mitm.sh
  2. Now connect your phone to the Pi's hotspot and open your browser and browse some sites and you will see the data being generated in the console will all the http requests and responses.

  3. You can use the mitmproxy documentation for more information on how to use, look and store the data collected by mitmproxy.

  4. So we are set up as a man in the middle for the users connected to our Pi's network. But note here that we are only able to get information about the HTTP requests and not the HTTPS requests which are encrypted and need further hacking to break into which we do below.

Configuring mitmproxy for secure connections

  1. To get mitmproxy working for secure sites, you need to make a fake SSL certificate for the site you want to sniff and this would work even when the certificate is invalid because of the reasons given in Priyank's blog which you can go through.

  2. So now follow the steps given below to create your fake certificate:

    openssl genrsa -out myown.cert.key 8192
    openssl req -new -x509 -key myown.cert.key -out fakesite.cert

    Specify all values like Company, BU, Country etc, as they appear in real certificate

    cat myown.cert.key fakesite.cert > fakesite.pem
  3. Now you can run mitmproxy using this command:

    mitmproxy -p 8888 –cert=fakesite.pem

    Note: You can use any available port number in place of 8888.

  4. To connect to the network use the same port in advance options setting of the wifi network and then connect.

  5. Now you would be able to see request data from the secured site as well using mitmproxy

About

An HTTP and HTTPS sniffing tool created using a Raspberry Pi

Topics

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Languages

  • Shell 100.0%