search

sensepost / snoopy-ng

Snoopy v2.0 - modular digital terrestrial tracking framework
Other
429 stars 128 forks source link

RogueAP network crashing #29

Closed Wald01991 closed 9 years ago

Wald01991 commented 9 years ago

Running Raspberry Pi Kali and Alfa Awus036h. I can run rogueAP, with run_dhcp and local_nat, and connect if I have my eth0 interface down but, then my rogueAP has no internet access. If I have eth0 up when I start Snoopy and I connect to the rogue access point the network goes down and my mon0 interface disappears. If I start Snoopy with eth0 down I can connect to the access point without internet access but, the moment I bring up eth0 it shuts down the network and gets rid of mon0.

Wald01991 commented 9 years ago

If anyone could post their /etc/network/interfaces file as well as the results of iwconfig and ifconfig before and after running Snoopy with rogueAP I'd really appreciate it.

maximcherny commented 9 years ago

A bit more info on your topology and setup would be helpful.

For example, issues can arise when the the DHCP range offered via dnsmasq is the same as the one on your internal network.

Wald01991 commented 9 years ago

Edit: Sorry, my range is 192.168.1.100-192.168.1.149 I'm incredibly tired and wasn't thinking. Command I use for Snoopy: snoopy -v -m wifi:mon=True -m sysinfo -m heartbeat -m mitmproxy -m rogueAP:run_dhcp=True,local_nat=True,sslstrip=True

ifconfig before running Snoopy eth0 Link encap:Ethernet HWaddr b8:27:eb:ab:41:0c inet addr:192.168.1.117 Bcast:192.168.1.255 Mask:255.255.255.0 inet6 addr: fe80::ba27:ebff:feab:410c/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:720 errors:0 dropped:0 overruns:0 frame:0 TX packets:681 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:64643 (63.1 KiB) TX bytes:125186 (122.2 KiB)

lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:65536 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)

wlan0 Link encap:Ethernet HWaddr 00:c0:ca:75:a6:af UP BROADCAST MULTICAST MTU:1500 Metric:1 RX packets:138 errors:0 dropped:0 overruns:0 frame:0 TX packets:85 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:24810 (24.2 KiB) TX bytes:9260 (9.0 KiB)

I've changed the MAC of the wlan0 interface and it didn't help. I've tried all combinations of having different interfaces up and down.

iwconfig before running snoopy

wlan0 IEEE 802.11bg ESSID:off/any Mode:Managed Access Point: Not-Associated Tx-Power=20 dBm Retry long limit:7 RTS thr:off Fragment thr:off Encryption key:off Power Management:off

lo no wireless extensions.

eth0 no wireless extensions.

/etc/network/interfaces file

auto lo iface lo inet loopback iface eth0 inet dhcp

I've tried all different interface setups and it made no difference

routes before Snoopy

Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 eth0 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0

ifconfig during snoopy

at0 Link encap:Ethernet HWaddr 00:c0:ca:75:a6:af inet addr:10.0.0.1 Bcast:10.0.0.255 Mask:255.255.255.0 inet6 addr: fe80::2c0:caff:fe75:a6af/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:7 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:500 RX bytes:0 (0.0 B) TX bytes:578 (578.0 B)

eth0 Link encap:Ethernet HWaddr b8:27:eb:ab:41:0c inet addr:192.168.1.117 Bcast:192.168.1.255 Mask:255.255.255.0 inet6 addr: fe80::ba27:ebff:feab:410c/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:1143 errors:0 dropped:0 overruns:0 frame:0 TX packets:995 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:94873 (92.6 KiB) TX bytes:175206 (171.0 KiB)

lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:65536 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)

mon0 Link encap:UNSPEC HWaddr 00-C0-CA-75-A6-AF-00-00-00-00-00-00-00-00-00-00 UP BROADCAST NOTRAILERS RUNNING PROMISC ALLMULTI MTU:1800 Metric:1 RX packets:549 errors:0 dropped:2 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:142612 (139.2 KiB) TX bytes:0 (0.0 B)

If eth0 is up and I connect it disconnects after a few seconds and mon0 disappears. If eth0 is down I can connect and stay connected but without internet access. If I bring up eth0 while I'm connected it disconnects and mon0 disappears.

iwconfig snoopy running

wlan0 IEEE 802.11bg ESSID:off/any Mode:Managed Access Point: Not-Associated Tx-Power=20 dBm Retry long limit:7 RTS thr:off Fragment thr:off Encryption key:off Power Management:off

lo no wireless extensions.

mon0 IEEE 802.11bg Mode:Monitor Tx-Power=20 dBm Retry long limit:7 RTS thr:off Fragment thr:off Power Management:on

eth0 no wireless extensions.

at0 no wireless extensions.

routes while running Snoopy

Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 eth0 10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 at0 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0

When the network goes down I receive messages about the wifi usb device disconnecting and reconnecting.

I'm with my Pi for the next several hours, so if you need any more info I can get it immediately. Thanks so much for taking the time to help me, I really appreciate it. I'm to the point that no matter what I try in Google, every link has been visited.

maximcherny commented 9 years ago

There is nothing that jumps out at me based on what's provided.

Normally when I have to debug something like this I go back to the basics and the terminal to re-create what the script does manually step-by-step until I find the point of contention.

I did experience an issue similar to what you are describing, but in my case it was due to the fact that my internal network also was 10.0.0.x - the same as what is hardcoded into the dnsmasq conf.

I went through includes/rogee.py to extract the relevant commands to:

  1. Setup iptables and port forwarding
  2. Create the mon0 iface
  3. Create the at0 access point and bring up the relevant interface
  4. Fire up the DHCP server

I'd normally first run iptables without any interception to ensure that traffic can simply flow through and start experimenting with things like sslstrip etc.

Wald01991 commented 9 years ago

Great thanks, I'll give it a try. I gave it a go earlier and had airbase running fine but I never went as far as the iptables. Should my wlan0 interface be up or down when I start Snoopy?

Wald01991 commented 9 years ago

Well, it works fine with airbase and DHCP running. I can connect with no internet. After the iptables commands if I connect airbase gives the errors network down, channel -1 expected >0, and no such device.

Wald01991 commented 9 years ago

Turns out that because I was accessing my Pi through SSH I wasn't receiving all system messages and didn't see the message telling me my Alfa was being disconnected due to over current protection. Putting "max_usb_current=1" in the boot file solved my issue. Everything is working great now.

glennzw commented 9 years ago

The Pi does have power issues. My primary platform is a BeagleBoneBlack with a powered USB hub + 3A adapter. Glad you fixed it.